Podcasts about generally

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedIn
Copy link to clipboard
  • 3,094PODCASTS
  • 4,941EPISODES
  • 33mAVG DURATION
  • 2DAILY NEW EPISODES
  • May 16, 2022LATEST

POPULARITY

20122013201420152016201720182019202020212022


Best podcasts about generally

Show all podcasts related to generally

Latest podcast episodes about generally

Rick & Bubba Show
May 16th, 2022 - Rick & Bubba Show

Rick & Bubba Show

Play Episode Listen Later May 16, 2022 195:34


Sponsor: RealEstateAgentsITrust.com Buying or selling a home is already one of the most stressful things you can do – and it can be ten times worse if you're not working with the right agent.  Generally speaking, our homes are our biggest investment – that's a lot of responsibility, and you need an agent who can take that seriously. That's why we recommend Real Estate Agents I Trust. We work with only the best agents in every market.  We do our homework, talking to every agent before inviting them to join our network – and here's a big one: we only work with full-time professionals…no part-time or inexperienced agents.  Our team makes the introduction, and then follows you through the buying or selling process to make sure that you're satisfied. The agents we work with have long track records, and are the best sellers in their field.  They're a part of this audience; they share your values, and they're almost anywhere you want to go! The process is simple: just go to https://RealEstateAgentsITrust.com today and provide us with some basic info. Our team will contact you to make an introduction to our preferred agent in your town. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Dating Den
Love is Blind: The Subtle Ways You May Be Sabotaging Your Love Life with Chris Gillis

The Dating Den

Play Episode Listen Later May 14, 2022 46:24


Marni and Chris recap Season Two of Love is Blind. Be warned, Marni binge-watched the season and this episode contains spoilers. Shayne and Sal didn't win at love but won plenty of female followers, Shaina is custom-made for The Bachelor, and Deepti deserves more than a man-child.   Key takeaways from this episode:   Overcoming mistakes in relationships Acceptance and forgiveness Why do people get wasted the night before their wedding? How to be rejection-proof   When You Make a Mistake in a Relationship [2:11]   Marni points out that several incidents must have happened off-camera that are integral to the show and the end of the season seemed a bit disjointed because of it. There are pivotal moments when the couples who got married were able to let things go, forgive, and move on.   The biggest shock was when Shayne got wasted the day before his wedding. He truly showed his warts. If you are dating someone and a huge mistake is made, you must be able to accept their apology. Natalie hears the I'm sorry but she couldn't seem to take in his love and his apology at her soul level. This may result in her building a wall and she may have a hard time opening up in the future. Shayne doesn't know how to say sorry any other way.   Shayne seemed to see beyond Natalie's flaws and to love and accept her for who she was. Natalie seemed like she had an idea of who Shayne was but when she figured out she couldn't control him, she wanted out of the relationship. Shayne told her he wasn't going to change who he was. He needed her to fight for them and it takes two.   Marni believes Natalie set a boundary to run if something like this ever happened. She was looking for reasons to rule Shayne out rather than in. Generally, when men are with someone like Natalie, they never feel good enough.   A lot of people need to make others wrong to feel good about themselves.   Sal & Mallory Breakup at the Altar [22:52]   Again, something must have happened behind the scenes with Sal and Mal that we didn't get to see. Chris thinks Mallory was never as into Sal as much as she should have been. The internet disagrees with her. The ladies of the web find Sal endearing and romantic. He gave Mallory space which is refreshing.   Marni reminds us that we are the common denominator in all of our relationships. It could be possible that people who offer us pure love and attention scare us because we don't know how to accept love and kindness.   Some women create drama where there doesn't need to be any because they don't feel worthy of love.   Shake & Deepti [29:43]   Shake did not feel worthy of Deepti, and he is probably right. Even his mother told him to do Deepti a favor and break it off. He is a real jerk on the reunion show. Marni thinks he is in the process of man-volving but isn't far enough along in his journey to get over the rejection without being childish about it. Deepti deserves a better man.   Make a Connection: Visit Our Website Plug Into Your Superpower Retreat — Apply at DatingwithDignity.com/pluginform Join Our Dating Den Facebook Community Here! Learn how to attract your perfect equal...watch our latest training here! Interested in working with us? Book a Breakthrough session at DWDVIP Get a Free Coaching Session with Marni on Our Podcast — Sign up Here to Be a Guest On Our Show Download a Complimentary Copy of our Book — How to Find a Quality Guy Without Going on 200 Dates

The Logistics of Logistics Podcast
The Smart Warehouse With Dan Gilmore

The Logistics of Logistics Podcast

Play Episode Listen Later May 13, 2022 64:35


Want to know how you can deploy a smart warehouse for your business? Today's guest is Dan Gilmore of Softeon, a company that provides a full suite of flexible and robust end-to-end supply chain software solutions to deliver success. He joins Joe Lynch to talk about the idea and technology behind their system. They discuss some of the big trends impacting warehouses, e-commerce, and retail. From labor shortages to automation, Dan enlightens on the benefits of WMS and WES for any business. Tune in to better understand the perks of this new smart technology for optimizing your business! The Smart Warehouse With Dan Gilmore Our topic is the smart warehouse with my friend Dan Gilmore. How's it going, Dan? It's great. I'm happy to be here. I'm glad I'm finally getting to interview you. Please introduce yourself, your company, and where you are calling from. I'm a Chief Marketing Officer of a supply chain software company called Softeon. Our company is headquartered in Reston, Virginia, outside of Dallas Airport. I happen to be in the Dayton/Cincinnati, Ohio area. What does Softeon do? It's a supply chain software company, primarily a supply chain execution. The company was founded in 1999. Our first customer all the way back then was the L'Oreal, and we proceeded to build out a suite of solutions that were brought in deep capability. That includes warehouse management systems, and all the stuff that goes around warehouse management systems including labor and resource management, slotting optimization, and yard management. A newer thing which we will get into because it's critical to what's happening in terms of the smart warehouse is something called warehouse execution systems, which have been around for a while but gained prominence in the last couple of years as a way to optimize and orchestrate order fulfillment level at a capability that's beyond even very good tier ones. This category of stuff is called distributed order management, which has to do with the optimal sourcing of products based on customer commitments as well as network capacities constraints in how do I get the lowest cost alternative that meets the customer needs? It's a very prominent in omnichannel commerce. It is almost essential in retail but we are having a lot of B2B type of successes in distributed order management as well. There are some other things that could give a flavor to what we do. You started well before eCommerce was a thing. Do you still support stores and that kind of warehousing? Traditional WMS type of capabilities for retailers, would largely be store replenishment. Now, we are moving into eCommerce fulfillment. Many retailers are also looking to have a lot of activity at the store level, whether that's buying online, pick up in-store, curbside pickup or store fulfillment. We've got some solutions there, both in terms of the distributed order management that I referenced. It is the tool going that says, “The best place to fulfill this order from based on the time commitments as well as inventory availability, labor availability, etc. is store 3, 4, 5, 6, 7,” and then have the ability to first identify where it's the right location. That could be obviously a DC, a third-party facility or something like that. The first word is the best place to source it from, and if it's a store, we have a store module that facilitates the inventory transactions, picking transactions, and shipping at a store level. That became a thing. Target is one of those companies that if you buy something online from them, they are more likely to ship from their stores these days. I have seen and the figure keeps rising. The whole market has changed. The more high-tech feel and touch, the less back-breaking work and less bending over and lifting heavy cases. It's like 80% or 90%. Let's say 90%. That's the number I had in my mind too. They are doing them from the store, which is incredible. Before we get into all that, tell us a little bit about you. Where did you grow up and go to school? Give us some career highlights and bullet points before you join Softeon. I'm an Ohio guy. My whole life, I grew up in Akron, Cleveland area, and then got a job with NCR after grad school. I got an MBA from the University of Akron. I got a job at NCR that was here in Dayton. I was a Product Manager in charge of barcode and data collection. The way serendipity works, I moved from barcode data collection systems to wireless systems and then got into WMS. I was into consulting for a while. I have done a lot of marketing in the space. I was also Chief Marketing Officer at the Red Prairie before it got acquired by JDA and became ultimately Blue Yonder. Earlier in my life, I spent a couple of years implementing WMS, a couple of major projects down here in the Cincinnati area that helped me learn a lot about how the technology works and what's good and less good. Notably, in 2003, I started a publication called Supply Chain Digest, which changed the face of online supply chain and logistics, news, and coverage. I still keep a light hand on it. I still write a column once a week still for Supply Chain Digest. I have read that. I wrote a lot of blog posts in the past. When you are a writer, I have joked that “My research is a little different than a professor's research, I Google.” You start to realize which publications have good content when you are a blogger. The bar is a little lower for a blogger than it is for somebody who is writing in a publication. I would say, “Supply Chain Digest always had good stuff.” When and why did you join Softeon? It has been a few years now. I had done a little bit of side consulting with Softeon before joining, and I was impressed with the breadth and depth of the software and the number of innovative capabilities, but as important as that is, lots of companies have good software. We think we've got leading-edge software but the approach to customers and success - I have never seen a company that consistently puts its own interests behind its customers on a regular basis. We are not going to let anything get in the way of a successful implementation. That's a direct record that's unequal in the marketplace. It's the care and concern for success at the customer level and not looking at everything through a lens of only professional services hours if I can sell or something like that. It was a different attitude. It intrigued me, and plus, the company needed some help in the marketing area to get that message out. The combination of those factors led me to join Softeon. Our topic is the smart warehouse. Obviously, things have changed quite a bit in this business. Talk about some of the big trends that are out there that are impacting warehousing, eCommerce, and retail. It impacts everybody. Most of the audience is going to say they are living this or these are big surprises but it's nice to still put it all in context, the growing distribution labor shortage and there's a shortage of manufacturing. It's very acute. Everywhere you go, that's what you hear about the turnover levels, retention, and even with the greatest rising substantially. That's everyone's concern. After about a decade of very flat wage growth in warehousing and distribution until a few years ago, now, all of a sudden, the costs are taken off. Amazon has over $20 an hour with attractive signing bonuses in many parts of the country. They now offer parental leave for twenty weeks. I saw it on TV. That would be a very attractive benefit. That's the advantage. Target announced that they were raising their wage in both stores and distribution centers, not all markets but in some markets, by $24 an hour. That's $48,000 a year, and assume there's probably some overtime in there, whatever husband and wife are making up, for example. They are working at a Target DC in those markets, you could be pulling in $100,000 a year for a family, which is not bad money. [caption id="attachment_7940" align="aligncenter" width="600"] The Smart Warehouse: With the e-commerce-driven cycle time pressure, it's unbelievable how fast you can get products these days.[/caption]   This has come up on my show a few times. I'm getting too old for that kind of work, and I can't walk 10 miles a day but if I had a choice, we need to make that job easier. We are going to get to that because this is what technology does. It also makes the job more attractive when they can say, “I go to that job, and I'm learning all this cool technology.” If you can bring somebody in, there's a different feeling when I get to wear all that high-tech gear and use high-tech systems and say, “I'm part of the supply chain,” as opposed to, “I'm a strong back, walk 5 miles a day and nobody gives a crap about me.” There are no questions about that. It's going to be both in terms of the shortage of labor and, second, building to attract people into this career. Now the whole market has changed, that more high-tech feel and touch, less back-breaking work, less bending over and lifting heavy cases, and all the kinds of things to go on and work for a long time. You are spot-on on that dynamic. If we have a shortage, that means the people we do have to be more efficient. The way they can be more efficient is with tech. That's one big trend going on. What's another big trend? There's a bunch in there that interrelated as well. Obviously, the eCommerce-driven cycle time pressure. If you look ay Amazon over your tablet, it's unbelievable how fast you can get products these days, even somewhat obscure products not that long ago, I need a new power cord for my HP computer. Somehow Amazon was able to deliver that the next day. I'm like, “Probably, they have this cable in someplace that they can get it to me one day.” Think of all the thousands of cables that are out there, and they've got mine. The cycle time pressure in that both are in terms of getting the order process from when it drops into the DC and out the door. Obviously, companies are also moving distribution facilities closer to the customer, so the transportation part of the journey is cut down as well. They will remember the specific numbers. It's Home Depot that is building 170 or 180 different local fulfillment centers that are being the largely cross-dock type of facilities that bring bulky items in and get them right to the customer in addition to the big giant warehouses that they already have. It's a fact of life. Eventually, we will teleport or whatever the product from the warehouse because it seems like we are reaching the Laws of Physics there that it can't be here any faster but maybe we will find a way. I remember, many years ago, I was working on a digital marketing project. I was helping this distribution center, nice, concise in Chicago land Peoria. They said we are one-day shipping to 65% of the population of the US. That was always what Indiana, Illinois, and there are so many DCs down in Ohio can always make that claim, and that was good enough. If you said, “I have a DC in the Midwest that can get me to the Eastern Coast, and I have one out West, that was good enough.” We are not seeing that anymore. We are going to get increasingly where same-day delivery becomes a fact of life rather incredible. Amazon and others talk about getting it down to 2 hours or 30 minutes. That's what Target is doing, not with those DCs. We think we will get to Walmart doing some of the same. What's another trend? Obviously, because we are calling the session, we are going to talk about the smart and also the future but it's largely here nowadays. We've got smart everything. We've got smart houses, cars, refrigerators, and toothbrushes even. I saw that a couple of years ago. I'm not sure if it's exactly taken off the map but to monitor how often you brush your teeth. What does it mean? Primarily, it's talked about internet connectivity and some analytics around that. The least examples are John Deere, Caterpillar or companies of that kind, putting sensors and other IoT types of devices on their equipment out in the field so they can get a sense of how people are actually using it. They can do predictive maintenance on it. They could say, “Your guys aren't using the equipment as effectively as they could if they changed their techniques.” It's certainly timely. If we are going to almost start things where it's time for the smart warehouse too but we will get into for the rest of the broadcast era left different than more internet connectivity, sensors, and things like that. That can be part of it but it is a small part of it. The bottom line of it is we are entering a new era of where all soccer technologies that are, in fact, much smarter than we have ever had before. I have argued publicly for a couple of years now that we had about twenty years of relatively incremental progress in WMS technology. I used this in speeches before but a few years ago, I was cleaning up my office and running the holidays as I often do when I found an RFP from a major food company for a WMS circuit in 2003. I looked through that and I thought, “This doesn't look all that different than the RFPs we are seeing in 2019, 2020 or whatever year we are looking at that.” I looked at it and said, “The big difference is not in the functionality being asked for. It's that now, a lot of that functionality is, in fact, core product, configurable product than maybe a lot of it had to be achieved through customizations.” That's probably true. Same-day delivery has just become a fact of life. The fundamental way of where WMS operates didn't change all that much give or take from 2000 to 2020 or somewhere in that range. Now, with the smart technologies that we are talking about, they are brought by the world's execution systems in working with WMS, I talked about before. This is a new ball game, and it was going to be fun for the rest of the people here to talk about this. You throw in a new term there. You said warehouse execution system. Those have been around for a while but they are now becoming the norm. It's becoming very prominent, and then the value is starting to be recognized. What is it? A couple of three companies had the belief and correctly, for most of the WMS systems did not care enough about equipment throughput and utilization. We wound up with big peaks and valleys, and anybody have been in a district distribution center, even a busy one. You have seen it where there are all kinds of activity at the beginning and the middle of the wave, then as the wave starts to dissipate even on a big, expensive, huge sortation system, you've got a relatively small number of boxes moving around, waiting for that wave and everything to close out. You said wave. Does that mean the orders come in waves? Yeah. The work is released in what is called pick waves. That's based on any number of different attributes. It could be the carrier schedule, value-added processing that needs to be done or workload balancing across the different pick areas of the company. You organize the work against various attributes that constitute a block of work that's typically referred to as a wave. I know I've got all these trucks that are going to show up and they are taking different orders, so maybe I'm working to that order that's going to fill up that truck. The problem, to your point, is we've got already may be a shortage of headcount in there. Now when we have waves, I'm not being efficient because I've got too much work at one moment and then not enough at another. The whole goal of WMS of what we're talking about with the smart warehouse is overcoming, I mean, obviously, you've got to plan and execute based on the workforce that you have here, and we will talk about that. Having a warehouse management system that gives me stuff was great in the past but you are saying, “I will help you with a WES or Warehouse Execution System. I'm going to help you manage the flow.” Manage the flow work and the resource utilization, and then new ways. Part of that still ties into that interest in level loading or making the flow of goods across an automation system more smooth and consistent because if you can do that, there are a couple of things. First off, the total throughput of the system is likely to be better. Second, if it's a new facility, you could probably get by with a smaller sorter because you are going to be able to utilize it more consistently over a block of time, a shift or over what you want to look at it there. The other breakthrough that Softeon said is that the WES tends its roots and level loading of the automation and better utilization there. The WES works extremely well, even in non-automated facilities or lightly automated facilities. [caption id="attachment_7941" align="aligncenter" width="600"] The Smart Warehouse: The fundamental way a warehouse operates didn't change all that much from 2000 to 2020. But now, with smart technologies, this is a new ball game.[/caption]   As a matter of fact, one of our leading customers did a press release a couple of years back that talked about 50% productivity gain from implementing WES or Warehouse Execution Systems on top of existing Softeon WMS, and doing that in a totally manual environment. Everything is part of a system. You can have a sortation system, goods to person system or put wall system or whatever. It's got a certain capacity, throughputs, inputs, and outputs. Twenty workers walked around on a three-level case pick module. There are systems too. They have inputs, outputs, throughput, and expectations. The one big difference is that with a more manual system, you can throw more bodies at it up to the point of diminishing returns and gain through the port from that area, whereas a heavily automated system is rate as its rating. You are not going to do a whole lot to affect that. Throughput is everything, whether you are a plant, a freight broker or a warehouse. The stuff that goes out the door and that we can charge for is what we want to do. Having a warehouse management system is great. I know there are certain warehouses. Probably the old ones still don't even have that. You are saying to be as efficient and effective as you need to be in the market, you need a warehouse execution system that gets me the flow and that throughput. It may not be for everybody, and there are certain things you can do. We could take your core WMS and add some select capabilities from a full-blown WES if a modest level of that kind of automation is necessary. It's not necessarily for one, and I don't want to position it that way but it's certainly something that you want to take a look at as you get to where you've got a significant number of workers. Even smaller operations, things like the automated release of work to the floor without the human being need needing to be involved, that's going to be attractive even for a mid-size operation. The first thing we need is we need to get into this. WMS is given. You said that there was an incremental improvement for many years. Now, you are starting to see big improvements that may be driven by the market that needed big improvements in recent years. Part of that is this WES. What else is there that's part of that smart warehouse? There's a whole bunch of stuff. First, as a reminder, the automation because automation is tied to the labor shortage. Even a couple of years ago, it was very common to talk to DC managers or logistics executives, and automation wasn't necessarily very high on the radar. Nowadays, almost close to 100% of the companies we talked to, even smaller companies, are looking at automation of some kind. That could be big automation where you've got traditional sortation systems but can be very large, goods to person systems, those kinds of things. There's also a lot of interest in lighter, more flexible, and less expensive technology things like what are called put walls. What's a put wall? In great simplicity, it is a technique or a structure, which is a module with a series of cubby holes or slots. In one of these modules, we have 1 customer that has 80 of these modules. What you do is you pick the orders, then when you come to the put wall, you distribute the order to the different orders that need that product. I batch pick the product. I bring it either mechanically or manually to the put wall. Typically, a series of lights says, “This company wall number 3 here and needs 1 of the skews. Put wall in. This one needs 2 that skew you put two in. This one needs 1 put 1 in.” That process repeats itself until all of the items for a given order are complete within that cubbyhole. That's called putting. That's why it's called a put wall because you are taking the order in back, and then you are putting it into the put wall. Around the backside, lights will turn on that indicate, “This cubbyhole is now complete.” The operator comes up and touches a button typically. That starts the printing of the label in any shipping documentation that's required in the orders packed, shipped, and off you go. It provides a tremendous amount of productivity. It's very flexible. You can start small. We had one customer that started with a 1-foot wall module, then added 8 or 9 more because they liked it, then they added 20 more because they really liked it, and did this all over a couple of three-year types of the period there. For any kind of piece picking, especially of soft goods but other types of products as well but often driven not only by eCommerce with any kind of heavy piece picking operation can be a great solution but you've got to have the right software to do it. You've got that big like almost a shelf you said like cubbies on that I'm putting a product through it. Maybe I walked over, and I got 10 different sweaters, 10 sweaters that are all the same, and this cubby gets one. As I do that, I'm scanning it or it recognizes that it's in there. It's informing the other side of the cubby when the order is complete. It needs two sweaters and a pair of shoes. That's just one more way. What do you call this? Technology is only part of it. The other piece of the cubby that walking up to that, I could be putting those in bins in the old days but this is putting that on steroids. The bottom line is we are entering a new era where all technologies are, in fact, much smarter than we've ever had before. It was just a new way of doing it. There are a lot of people who talk about this in terms of optimizing materials and handling systems because getting this right is not a trivial task. I don't want to steal all my thunder from later on but the ability to rapidly turn these put walls and cubbyholes are the whole key to the success. If it's taking you a long time to do that, you are not getting the throughput that you required and probably wasting your time and money but if you can rapidly turn those by making sure the inventory gets there on time and efficient execution on both sides of the wall, then you've got something that can drive a lot of productivity. I don't know what the number is. There are quite a few customers now that are using put walls. When we would go out to some new customers, we've got some videos to show them an operation, and they are interested in seeing how this works. It's the technology along with mobile robots that you are going to see, any eCommerce but any kind of piece picking as well, you are going to see a lot of adoption. I'm an automotive guy originally. When you used to go through a plant, you would see people doing lifting heavy things when I first started, crouching down and doing functions that were hard on the body. Maybe it's not hard on 1 day, 1 week or 1 month but over 1 year, you are going to have a bad back, shoulders or knees. The same thing happens in these DCS or the warehousing. This automation you are talking about is making it easier on the workers, which means, “Hopefully, I will be able to keep my workers healthy and make that job again more attractive.” One time, I talked to a VP of logistics at Sherwin-Williams, the paint company. He noted that on the manufacturing side of the operation, they were always having people retire, and during retirement, little parties were almost taken. He said, “There was no one that ever retired from the distribution side.” That's because the heavy worker is picking cases of paint as a young man's job. As people got older, they couldn't do that work anymore. People are obviously rethinking that for the aging factor, and then there's another factor, “How do I make the work easier so I can have somebody in their 50s and 60s continuing to do this at distribution center job?” If you gave me a choice to go work in an old school warehouse, go deliver food or deliver groceries, I'm going to do the grocery delivery. I can make decent money, sit in my car, and I don't have to hurt my back, or knees or walk 5 miles a day. We have to make these jobs more attractive or we are not going to be able to keep and get good people. This automation is of such interest to the jobs now that we become more technicians and less of an order pickers. Besides a put wall, what's some other automation you are seeing out there? The automated mobile robots, economists mobile robots or AMRs. There's a huge interest in that. One of the interesting things is that in both put walls and mobile robots, you are seeing a lot of adoption and interest by a third-party logistics companies. This makes the point. In the past, 3PLs were very reluctant to do any kind of heavy automation because they couldn't sync the return on investment with the contracts that they had from the shipper. If the shipper can pay off that equipment, it's going to take 5, 7 or whatever years, and the shippers only keep you where 2 or 3-year contract, the risk of automation is too great in these other kinds of systems. It includes things like voice, picks the lights, and smart cards. They are all connected in some ways. Those kinds of systems can be put in for much less expense, much lower risk, and be incrementally adapted. You can start with three mobile robots and see how you like it, then we have seven more later on or whatever until you get to the optimal point for your operation. The fact that 3PLs are making this kind of investment as a whole new phenomenon and it speaks to the way you can incrementally get into the technology and the high level of payback that they are seeing because we were very strong in the third-party logistics arena, as an aside, so we are seeing it very closely. The number of 3PLs that are interested in this mid-range of lighter picking systems, not heavy automation but it's often somewhat newer technologies. It speaks to the changes we are seeing out there in the marketplace. Those are robots. Depending on the facility, they are not necessarily always replacing people. I talked to the CEO or president of DHL. He says, “We thought we would be replacing people with robots. The more robots we add to a facility, the more work we end up getting for that facility. We ended up hiring more people.” Everyone has a shortage. Job is going unfilled. If the robots are taking some of that slack but very few case studies of people that are adopting these technologies, they are still looking for people who have been able to be on. [caption id="attachment_7942" align="aligncenter" width="600"] The Smart Warehouse: WES (Warehouse Execution System) will help manage the flow of work and resource utilization.[/caption]   What's another thing we need for that smart warehouse? Let's get into it in some more detail. We talked about some of the core software components, things like warehouse management systems and warehouse execution systems. A platform for integrating this automation with both heavy and/or traditional and newer age capabilities. There are some enabling technologies, things like rules engines, simulation and some other things. The core world's operations excellence is still the foundation. How do I get that right? That typically involves traditional WMS-type capabilities. What does that mean? What defines a warehouse management system versus an inventory system is the pervasive use of mobile terminals, barcode scanning, wireless RF devices or whatever term you want to use there, and then a lot of system directed activity, this whole notion of task management and task monitoring, where the system is orchestrating the different traditional paths of put away, receiving put away, picking replenishment, etc., and support for multiple strategies around that. We have lots of different picking method options, different replenishment strategies that I can use, and things that have been around for a while like slotting optimization, detailed labor management, labor reporting, and things like that. The foundation is core operations excellence. That's what everyone should strive to get to but nowadays, there's no ability to take that even further in terms of different types of capabilities that we think are defining what we are calling the smart warehouse. You used a term there that was an integration platform. What am I integrating? You were integrating primarily different materials handling technologies. That can be things we have had for a wall that conveyor transport and sortation. It can be some of these newer technologies like robots and put walls. The key is, “How do I optimize the flow so I don't have these islands of automation that are all doing their own thing.” I talked to somebody in the apparel industry. They have a very large and highly automated facility somewhere down in the Atlanta area. It's 1 million or 2 million square feet. They are seeing their throughput from that building after huge investments over the years and over time. They are seeing the throughput decline. What's happening, he believed, is that the business keeps changing. They keep having all these new requirements in terms of how an order needs to be processed. What they do is they keep building new wave types. We talked about wave planning before. Now they are up to like 70 or 80 different wave types. Every time there's another problem, wave fight number 82 if that solves our problem, it's not solving the problem. Part of the reason is that the system is not looking holistically across the facility and seeing how I can optimize the flow of work as a whole, not as an individual subsystem. That's part of what we are talking about here with the smart warehouse. That's the thing that traditional WMS has not done. That integration platform means I can connect all the tools and all the different systems I'm using all connect easily through that integration as opposed to the old way, which is a standalone $100,000 integration with expensive people who have to code. That's certainly part of it. It's managing the flow of work across that. I'm getting hit myself again but for example, you can have some scenarios where I have different paths for an order to be fulfilled. One of the paths and the most efficient for certain orders is maybe a group of put wall models. Let's say put wall area, for whatever reason, starts to be congested. All of a sudden, there's a big backup on the conveyor feeding into the put wall area. The system is going to automatically recognize that. For some time, route orders away from the put wall into manual cart picking, which takes them to the packing station, the same packing area where the put wall automotive leads. When the congestion is clear, then the system automatically reroutes that work back to the put walls again. Now you are looking at only the plain integration but in monitoring the flow of work that's happening and making real-time decisions accordingly. I'm an automotive guy, and we had all of those years. We used the term smart factories, and it was the same thing. How do we increase throughput? What can happen is you can end up with a local optimum where some guys are building a big stack of inventory and does nobody any good? What does all that excess inventory doing for me? What makes more sense is to say, “We are going to get this, so there's a flow to it. We are not building up too much inventory. There are no bottlenecks.” This is the same thing. What you are talking about here is, “How do I arrange my people so I don't have these guys sitting around because they already finished while these guys are in a congested area?” The core world's operations excellence is still the foundation. The term flow manufacturing came out of exactly what you are talking about there and was largely developed initially in the automotive industry. We are talking about the same thing. Now we are talking about flow distribution instead of flow manufacturing but the fundamental concepts, more of a pull-based system were being worked on capacities and constraints, more concerned with the total flow of goods and not what's happening in one individual area. All those are very consistent, whether you're looking at the principles that were established earlier in manufacturing or what's being applied here in distribution. I'm going to assume that at one time, the WMS, a big selling point would be, “We will tell you where your inventory is at,” That was probably a big step up. You go, “It does that. Now I'm going to tell you how that inventory moves off of your shelves and out the door and how you bring new inventory.” It's amazing. We still see quite a few every week, we see somebody that's a calling or emailing in, and then we talked to him. It turns out they don't have that real-time visibility of the inventory because they are using some kind of paper-based system or something, and sometimes these are even good size companies. In general, anybody that's implemented a tier-1 or tier-2 level, even WMS shouldn't have that real-time inventory visibility in doing that. It gets into that operations excellence and problem but that's the foundation, “I got to know what I got and where it is by lot, batch, serial number or whatever attribute is important for your operation or combination of attributes.” That's the foundation, but now, we are saying, “How do we optimize on top of that and get more product out the door and lower cost?” It requires investment. Having a WMS tell me, “Here is the information but it's not enough anymore.” To your point, we need all of this to get there. You asked me about some of the components of the smart warehouse, and I talked about it from a product category perspective, but now, I'm talking about it more from a philosophical or a functional view. One of the key foundations is constraining condition awareness, “What's happening in my building? What's happening with the flow of goods?” One of the things that first got me to understand WES in a deeper way is this notion that it's always-on listening and monitoring the environment. If you think about a traditional WMS, it's more sequential-oriented, “I receive the product. I put it away. I replenished pick sites. I do the picking. I take it to pack or evaluated services. I put it in this receiving staging. I get it shipping staging. I get it out the door all very good then the delivered.” A lot of companies don't have that. Organizing and automating all of that are big steps forward but we need to take it to the next level. If you think about this notion, the system is always on monitoring throughput and flow. There are certain rates and throughput that I'm expecting. I need to be able to have a flexible set of dashboards supported by event alerts and notifications. If there's a problem that says, “Here's what's happening across.” However, I wanted to find it in the area, I can define an area as a case picking module or as a whole three-level case pick module. I see that as one unit, and I want to know what the throughput is there. Maybe I want to see it at each level of that pick module. I can see it more gradually. What's nifty about this is that new level of visibility, the activity, throughput, bottlenecks, alerts, and corrective action automated, increasingly automated, if there are bottlenecks. That provides a nice set of real-time dashboards of looking stuff where people can see what's happening, “I have these many orders pending here that's already been completed. Here's how many are in picking,” or all of that level of detail. To understand what's going on here with the smart warehouse is, the system is using that same data that's being exposed to managers and supervisors that's what it's using to make decisions as well. I decided that example of being aware of the backup that's happening in the put wall and automatically, for some time, routing work around that until the congestion is cleared. That's what's different now about this visibility and activity monitoring. Being able to flexibly do that however you want to define a processing area could be evaluated services. It could be peace picking and all these things. Obviously, now the design is at these different flows throughout the facility are in sync. I'm not getting old backed up and packing, which is causing problems way back, picking and replenishment because I haven't automated the visibility and the flow, release in a way that's going to be cognizant and aware that I've got a problem here and, “Here's what I need to do about it for some time until we are adjusting. We are just taking action to solve the problem.” You sent me a PowerPoint and I have this here. It's got that real-time configurable dashboard. It's been a while since I have seen somebody had me a piece of paper but somebody handed me a piece of paper that had 40 columns. It was like an Excel spreadsheet or something, maybe a spin out of a system. It had so much, I looked at it and I was like, “What am I supposed to do with this?” I liked the idea of being able to configure it for those KPIs that I care about. [caption id="attachment_7943" align="aligncenter" width="600"] The Smart Warehouse: One of the things that got me to understand WES in a deeper way is this notion that it's always on, listening and monitoring the environment.[/caption]   I don't want to measure everything. That's just me. Tell me the 4, 5 or 7 things that matter that tells me my warehouse is moving in the right direction, and that things are working well. It says, “Orders with issues.” I also love the idea that I don't find out about the issues in next week's report. I find out about them in real-time. The point that you made is a nice transition to this notion of another component. We talked about the real-time visibility of capacities, constraints, the conditions up there, and the always-on nature of the WES. Now, we have talked about looking at a table of 40 rows of information or whatever. It's all in the past. It brings up a point there, which is even with higher-end WMS, this is one of the learnings and insights that we have. There's still a tremendous amount of decision-making that is being done by human beings. As the manager, whoever you were talking about there in your example, staring at a 40-row spreadsheet or whatever, you see the same thing nowadays of managers and supervisors staring at computer screens, trying to figure out what the right thing to do next. Here's the reality. Every time you do that, first off, you introduce some latency into the system because it takes time to look at those different screens, think about it, make decisions, and scribble some things down on a piece of paper to remind you this needs to be taken care of or whatever. In most cases, there's no way a human being can make the optimal decision in the same way that a computer can. Even if you are a smart guy or girl, there's just too much data and too much to try to process at one time. Part of the capabilities of the smart WMS is the much more advanced software-based decision-making. Things like order batch optimization, given block of orders, “What's the best way to most effectively execute that on the software floor?” What we think is absolutely huge is this notion of the autonomous warehouse, as a term of Gartner is used, and others have used it as well but it talks about being able to automatically release work without the need for a wave planner, inventory expediters or all the kind of people that you see often involved in these decisions about what work to do when. Work relation on a variety of attributes, things like the order of priority, the inventory and resource availability, what kind of optimization opportunities are there? The bigger the order pool and more optimization opportunities you have because they are more data or conditions to be optimized but you can't hold on so long. You are not getting the throughput out through your cutoff time. This is a huge one. It's sophisticated. Whereas now, at 4:00 or 5:00, when the UPS, FedEx or whatever truck is leaving, you often see, and we have made commitments to the eCommerce is going to ship, you see a certain amount of chaos going around, trying to figure out all the orders that need to go on that truck, have been on the trucking and what to do about it. What we are talking about here is we are saying, “This is the work. We know how long it's going to take to pick and transport those orders to the shipping dock.” The work is going to automatically release itself. At the beginning of the day, we are more concerned about optimization. We still got a lot of decent amount of time, so we can focus on doing it the most efficient we can but as you go throughout the day, that needle starts to change from the focus on efficiency and cost to efficiency on customer service and making sure that those items are on there. The system does that automatically. It's configured to take those into consideration. Now those orders are getting on the trucks automatically without the chaos and the difficulty that's going on out there. This is a step-change capability here. We are talking about a system that is self-learning and in optimal how releases work. This is another concept we have had in distribution software before, and this is what defines what works on the smart warehouse. I had a boss in the past when I was young, I remember I sent an Excel spreadsheet to him, and it told a story. He's pulled me into his office and said, “This is a great Excel spreadsheet. I have to go through here and come to the same conclusion you did.” I go, “It's easy.” He goes, “No. When you send me this Excel spreadsheet, send me a recommendation. I don't want to have to come to a conclusion. That's your job. Show me that you attach the data back up but give me a recommendation.” I feel the same take way about running a warehouse, “Don't make me figure it out myself. Give me an alert that says, ‘This is a problem. This is how many orders are at risk. This is how many orders need to get on that truck that isn't done yet.'” To show you a simple example. Still, a lot of people, especially for eCommerce, are doing manual cart picking. I may have a cart that's got a certain configuration 3x3 or 4x4. What I mean by a 3x3 would be 3 shelves that each have room for 3 cartons each. I have nine total orders that I'm working on there. Most companies that we see do that are doing it with paper picking or pick by label or something. There's some attempt to do that more efficiently but something as simple as cart picking. The smart warehouse can take it to a whole new level. First off, you've got to get this order pool that's out there and at any one period. I'm probably going to have done some cartonization logic there to determine what should go in what box, especially with a multi carton order. In most cases, there's no way a human being can make the optimal decision in the same way that a computer can. Even if you're really smart, there's just too much data to process at one time. If you are shipping, for example, you don't want to put perfume in the same carton as payroll because of the obvious contamination that can happen there. When a picker comes up and scans a barcode on that cart, the system is going to automatically know it's this configuration, 3x3, 4x4 or whatever. It will have done some optimization typically in terms of what's called cluster picking were, “I'm going to take that cart to one location. I will put as many orders as I can on the cart that is signed to that cart that has the same set of skews so I can minimize my travel distance. Hopefully, I'm being clear on what that means.” Now I get to that location that can be done with lights or it can be done with barcode scanning. It says, “Take one of these from this location, put it in the carton slot 3'1, which is the 3rd shelf and the first location. The next one is 3'2. 2'3, 2'1 or whatever that sequence. I'm doing that in a way that makes it very efficient but we can take it even still beyond that. What if a high-priority order comes on? The pickers walk along as long as there's a location on that cart, whether it's a carton or a tote they are picking into. If it hasn't been started, we can remove automatically a lower priority order and insert a higher priority order that has come down onto that card as long as we would typically do it. The picker doesn't have to turn around and go backward as long as it picks for the new order or ahead of that picker. We do that without the picker, even being aware that it happened. You can expedite automatically like, “I got a truck that's going to be here one hour. We haven't even started yet. Let's get this going.” We say, “If you get an order in by 2:00, we will ship it that day. If it's 1: 58, all of a sudden, an order drops. I got two minutes.” This isn't going to automatically insert a higher priority order possible. I like something you said in there that we talked about the labor problem with these guys walking around maybe 5 or 10 miles in a day. One of the reasons we are going to quit, especially if you are me, is I don't want that many steps. When I walk over there, all my orders are in the same area, then I walk over here, and all my orders are there, as opposed to one side of the warehouse, and another order on the other side or I'm walking and go, “What has my life become where I walk back and like this?” Order pool optimization as well because the bigger the batch that I'm working with, the more opportunities I have to gain those picks together. On a given card, I'm maybe walking a very few feet. To your point, and this is where you get into the whole notion of mobile robots because now, perhaps that, “I go to the pick location, I pick the order but I'm putting it on a pick card. I'm putting it on a mobile robot, and the mobile robots can move on to the next location or on the packing of the orders completed. I'm walking very little at that point or comparatively little, which is one of the attractiveness of mobile robot technology.” Hopefully, it's becoming clearer. The nature of the warehouse is changing, and a part of that's going to have to be to not only be more cost-efficient and get more out the door with the staff that I've got but it's making sure that people have a less miserable work experience and hence hopefully going to stay with this a lot longer. This is not your grandpa's warehouse anymore. To be competitive, it used to be like, “These guys are high tech because they have a WMS.” Now we are starting to spin out the automation, the warehouse execution, and the integration platform. This is all getting really high-tech. Do you think this is probably the lowest-tech business there was many years ago? House is all going to play out. It's going to be interesting to see but the lighter automation techniques, including the robots and the put walls, are so attractive in terms of their flexibility and expandability. There are machine learning, artificial intelligence, and all kinds of things going to be involved here. The warehouses are becoming technology centers. If you see the private equity money that's flowing into robotics firms, AI firms, and others, in a lot of the smart money, it's the work that they do. Companies, retailers, and other eCommerce companies are starting to realize the importance of a well-run warehouse. Was this guy's quiet logistics? They've got bought by American Eagle. That was American Eagle recognizing the traditional retailer, the same thing we're going to buy ourselves a warehousing company because that's how important this business is. The force behind what has become locus robots. We will move our vendors that happened because Amazon had bought key assist systems right before that and left a quiet without a partner for automation they were building the business on. They invented their own robot. [caption id="attachment_7944" align="aligncenter" width="600"] The Smart Warehouse: What's really different now about this kind of visibility and activity monitoring is being able to flexibly do that however you want to define a processing area.[/caption]   Bruce Welty was at my show. He's the Founder of Quiet. He said he got a phone call saying, “Are you guys using those Locus robots?” He says, “Yeah, how do you like them?” “We like them a lot. Can we come to visit?” “Sure.” It was Amazon. Amazon looked around and said, “We love this.” They bought Locus. A couple of other things I would like to bring up. First, broader use of some automation ideas or IoT type devices. RFID is starting to make something of a comeback years after Walmart tried back in 2003 or 2004. Generally, you are going to see many manual scanning activities that are going to disappear or if I need to move this way back now from being implemented at the store level by customers concerned with the eCommerce fulfillment for inventory equity purposes, you are going to see a move back up into the distribution operations. That will certainly be a big part of it. We were already doing things like, for example, we are a broker with a pick cart. Picker with a pick cart can walk up to a fixed zone. The IoT automatically recognizes that this person is on. It automatically turns on the pick lights that are on those four pick locations. It's a minor thing there but that's an advancement we are going to see. We have even done some stuff with congestion management and COVID, where we can tell exactly where somebody is in the I or using IoT and being able to assign work based on real-time visibility to who's closest to that work, but also when the COVID area being able to space people apart so that they don't get to say within 8 feet of each other, whatever that happens to be, whatever your metric you want to use, therefore that group constraint. There are some various things that can happen there. This is still slow going. It hasn't taken off as fast as many people think but you are going to see RFID and IoT start to make some mural inroads over the next years. We have this follow the notion of Gartner and what's considered to be called a conversational voice. The transactional voice is doing the picking, pallet build or something using voice technologies. Typically, reading in a location check digit and doing a hands-free pick, replenishment or whatever the task might be but we're starting to get now into more of a dialogue. We are all ready to the point now where we can have a supervisor take a smartphone and say, “Show me how I'm doing on wave number 235,” over a smartphone. That's going to bring back exactly what's happening now or, “Where's the replenishment for location on 3652?” We are still early in this game here but certainly, we will move to more of a dialogue going on with the WMS and WES than just playing transactional voice-type of technology. We ended with a very exciting where the future interface of the software is going to had. This is where that integration platform you talked about comes in handy. I can connect to all this stuff. The new killer app that comes out, I can get it. We have been left there. Automation and optimization of materials handling systems is certainly a key part of this. We refer to it, not just as a smart warehouse's the future but as the smart automated across to the future due to the interest in the technologies we have talked about several times already. We can directly connect with these picking assistance, like walls, pick the light or voice without the need for third-party software. Everyone else uses some kind of software from the put wall vendor, pixelate vendor or voice vendor, which adds another layer of integration and costs. It often results in people operating silos. We can directly control a lot of these materials handling technologies. It allows you to operate and optimize those in the context of everything that's happening in the world and all the information that's available, which provides you a lot of benefits over time because you are not just trying to operate in silos. I talked to somebody that was using a pick-to-light system. They talked about how at the end of every week, they've got to go in and clean up all these pics that some of them never were executed in the pick-to-light system. I'm not quite sure why that is but it wouldn't happen with the way we are approaching things because we would be aware of that. It probably has to wait on a real punishment. The problem is the pixelate vendor doesn't do replenishment the documents. You've got these silos going on here and there are a lot of opportunities. In terms of that integration platform, we think this is especially true for mobile robots, people are using the mobile software of the mobile robots. What that does is it limits the total optimization that can be achieved but more importantly, you are now totally dependent on that robot software. What if you want to add different robots or change horses three years from now? There's a better mousetrap that works faster or whatever that happens to be. Now you have become locked in. We refer to it not just as smart but the smart automated across to the future. We think the market needs a mobile robot and a broader automation integration platform. It's almost like an operating system for automation in the warehouse that's going to allow you to have visibility to optimization of robots of different kinds from the same manufacturer of different types for different manufacturers. You are not locked in. It's like a plug-and-play type of environment here three years from now. You can keep the robots or keep dependent you bought, but now, you want to add five more from a different vendor, plug them into this operating system, and have instant connectivity and the ability to optimize the performance. We think that's a much more low-risk approach going forward than locking yourself into a vendor that's coming to the software that's coming from the robot vendor. Get back to the idea of a smart warehouse. It's all about throughput. If I have different systems that are connecting, that are doing local optimums, that's a problem because it's not supporting throughput. I always need that one source of truth. That's the main system that says, “This is all about getting stuff out the door here.” I wanted to bring up one. Earlier, I talked about wanting to give an example of what the put wall. I referenced that as the cubbyholes in put walls. Here's the scenario we are seeing. Let's say there are three line items eCommerce order. Two of those line items in the order come from a carton flow rec area, that's very close to packing. I mean those orders are efficient to pick, in short distance to transport. The third line item is actually coming from a slow-moving mezzanine pick area that's farther away and is less efficient to pick. If you don't do anything, otherwise what's going to happen in those first two items from that order are going to show up rather quickly, then they are going to sit and wait for 10, 15, 20, 45 minutes or whatever it happens to be for that third item on the pick, the order to finally show up. The cubbyhole has been tied up that entire time. What's the smarter warehouse way of doing it? What's the WES way of doing it? Let's say it's 25% slower to go through the mezzanine or whatever the number you want to use it. We would release that third line item in effect 25% or 30% earlier. After the time it takes to pick and transport that as it's on its way to the pack station, now we release the other two orders line items in the carton flow rack. They show up at the put wall for processing at relatively the same time, and now I'm able to turn that wall without the latency that would occur if you didn't have smart software to do that. Hopefully, that's an example that makes it somewhat clearer as to how the optimization can affect operational performance. You would never be able to get that done manually. It doesn't happen. This is like drinking from a fire hose. There is so much going on in this. Put a bow on this. Give us your final thoughts on this. What do I need to get to have that smart warehouse? First of all, the benefit is it is going to reduce labor costs, have higher and more consistent DC throughput, you are going to reduce your need for automation in terms of things like the number of diverse or get more throughput out of the automation you have there. We didn't talk much about labor planning but that's a big part of it. We can dynamically assign workers throughout the course of a shift from 1 to 8 to 9, 9 to 10, or 10 to 11 hours where are they needed motion and in what quantities, improved automated decision-making. It's an assessment. Certainly, if you are heavily automated, there are a lot of opportunities for you. As I tried to make the point earlier, even if you're only modestly automated or not automated at all, these capabilities can have some real benefit for your operations there. The important thing to note with Softeon is these can be implemented very incrementally. I could implement a traditional WMS. Let's say I want the labor planning and allocation part of it. We can take that capability from WES and attach it to the WMS. To give you a solution, conversely, if you want to implement WES and leave your existing WMS in place, we didn't talk too much about that but that's a key dynamic. You need cartonization, which is a warehouse management function and even attach cartonization to that WES implementation. Flexibility is key. That's what we try to design. We call it a shirt component library, where the applications can borrow components, functionality, and services from each other. We are pretty confident that it gives us a chance to understand what you are trying to accomplish, what your operations are like or whatever that some combination of these technologies is going to have a pretty good fit and take your world to a whole new level than we have seen over the last many years. What's new over at Softeon?. What conferences do you go into? We have done with the motor show, and it was a big success for us. We not only showed the smart warehouse, we presented the smart warehouse capabilities. We had a lot of equipment pick the light, other packing stations, etc., right on our routes. At the bottom of every hour, we did a presentation. We had consistently good traffic the whole time. We did a bit of an educational track and a session on the smart warehouse of the future available on Softeon. It was very well attended. That was good. We will be at the Gartner Supply Chain Symposium down in Orlando and then break after that. [caption id="attachment_7945" align="aligncenter" width="600"] The Smart Warehouse: Even if you're just modestly automated, these capabilities can have some real benefits on your operations. These can be implemented very incrementally.[/caption]   We finished up a series of educational broadcasts called the WMS Bootcamp, six different sessions on everything from building the business case to how to implement it successfully. It was a huge success, but all of that's now available on-demand. If they go up to Softeon.com. You will be able to find some links to that. If you have any interest in WMS, they're not commercial, educational sessions. You will find they have a lot of value. The feedback we got on it was outstanding. I would like to watch myself because we went over this and it is gone from simple to more complex over time. I know you are simplifying it but to understand what's required requires a Bootcamp. We learned a lot of lessons. I brought in some consultants and people that I knew and knew what they were talking about in terms of building the business case. We had some folks from Invista that came on and did that. I had some experience or exposure. I knew they knew what they were talking about. Some of that applies to some other consultants as well. It's a real nice series. It's non-commercial. If you want to learn some tips about how to get WMS selection and implementation, you'll find the Bootcamp serves you well. How do we reach out and talk to you over at Softeon? The way to get me is via email. My email address is DGilmore@TheSofteon.com. You can also use Contact@Softeon.com for the general inquiry box. I love to hear from you. Hopefully, we came across, so at least you know a little bit about what I'm talking about and discuss your problems as well. Anyone who wants to reach out can reach out and talk to you about the smart warehouse. Thanks, Joe. I enjoyed it. It was a great conversation. Thank you so much, Dan. Thank all of you for reading. Your supports are very much appreciated, until next time and more network.   Important Links Softeon Supply Chain Digest WMS Bootcamp DGilmore@TheSofteon.com Contact@Softeon.com https://www.linkedin.com/company/softeon The Logistics of Logistics Podcast If you enjoy the podcast, please leave a positive review, subscribe, and share it with your friends and colleagues. The Logistics of Logistics Podcast: Google, Apple, Castbox, Spotify, Stitcher, PlayerFM, Tunein, Podbean, Owltail, Libsyn, Overcast Check out The Logistics of Logistics on Youtube

The Mountain Top For Men (formerly The Chick Whisperer):
Does The Right Woman Make You Live Longer? - MTP303

The Mountain Top For Men (formerly The Chick Whisperer):

Play Episode Listen Later May 13, 2022 33:36


Co-Hosts Dr. Michael and Dr. Barbara Grossman (https://mountaintoppodcast.com/grossman) You've probably heard that those who are in a long-term relationship live longer. Well, my guests are specialists in that area. In this episode, they reveal exactly what we can and should do to make sure that happens. Can you believe there was an 80 year study to find out the truth behind this? What are the baseline rules for making sure you're in the right relationship with the right woman to promote longevity? What if we're already in a relationship that is likely the opposite of that? Even though the premise of this episode isn't completely gender-specific, why is it especially pertinent to men?How do maturity and responsibility intersect with all of this? As we go through different life stages during a relationship, how does the dynamic change that keeps us thriving over the long haul? What is the medical science perspective on all of that? How do menopause--and yes andropause--affect the power of our relationship to increase our overall longevity? You know testosterone levels were going to come up in a conversation like this. What does Dr. Michael have to say about that? What are Dr. Barbara's ways to 'socially engineer' your relationship right now to propel you to a long, happy and healthy life ahead? How does the frequency of sexual activity affect longevity, especially for us as men? Who lives longer, parents or childless couples? And...the most tantalizing question of all: Generally, we do our best to be healthy and look good during our dating days, and yet even though the stereotype is we 'let ourselves go' after marriage, why is it 'old married couples' STILL tend to live longer? Ready for that once-in-a-lifetime relationship that isn't going to kill you? Then perhaps it's time to get on the phone with me for 25 minutes to put a plan together. https://mountaintoppodcast.com === HELP US SEND THE MESSAGE TO GREAT MEN EVERYWHERE === We'll keep the solid, actionable content coming...all for free. If you love what you hear, please give us a 'thumbs up' by rating the show (takes one second) and leaving us a review. As we say here in Texas, we appreciate you!

Rick & Bubba Show
Regions Recap & Biden Screams About Problems He Caused | Daily Best of May 12 | Rick & Bubba

Rick & Bubba Show

Play Episode Listen Later May 12, 2022 74:21


We review footage of Bubba getting stuck in a sand trap at the Regions Tradition Celebrity Pro-Am. Biden screams incoherently about food shortages and inflation that he actually caused. Good Morning America admits that endless boosters are not the way to fight COVID. And actor James Cromwell glues himself to a Starbucks counter in the name of animal rights. Sponsors: Birch Gold - Inflation is already running hot…right at the highs of the last couple decades. And now the Dems are pushing through ANOTHER MASSIVE SPENDING PLAN! 3.5 trillion dollars! So here's the deal… if you think money grows on trees, like our government does, then just keep living in ignorance. If you're freaked out about the impact this additional spending is going to have on already high inflation, then protect your savings…NOW! Diversify your savings into physical Gold and Silver with Birch Gold Group. Birch Gold Group is the company that we recommend for precious metals. They have an A+ rating with the Better Business Bureau, countless 5-star reviews and THOUSANDS of satisfied customers. And they can help YOU protect your hard-earned savings. Thanks to a little-known section of IRS Tax Code, you can legally move your I-R-A or 401(k) into precious metals – with no tax implications or penalties. To get started on protecting your savings with gold in a TAX SHLETERED account, request a free info kit from Birch Gold by texting the word "RICKBUBBA" to 9-8-9-8-9-8. This comprehensive, 20-page kit reveals how gold and silver can protect your savings, and how you can move your I-R-A or 401(k) out of volatile stocks and bonds and into a Precious Metals IRA. Text RICKBUBBA" to the number 9-8-9-8-9-8. RealEstateAgentsITrust.com Buying or selling a home is already one of the most stressful things you can do – and it can be ten times worse if you're not working with the right agent.  Generally speaking, our homes are our biggest investment – that's a lot of responsibility, and you need an agent who can take that seriously. That's why we recommend Real Estate Agents I Trust. We work with only the best agents in every market.  We do our homework, talking to every agent before inviting them to join our network – and here's a big one: we only work with full-time professionals…no part-time or inexperienced agents.  Our team makes the introduction, and then follows you through the buying or selling process to make sure that you're satisfied. The agents we work with have long track records, and are the best sellers in their field.  They're a part of this audience; they share your values, and they're almost anywhere you want to go! The process is simple: just go to https://RealEstateAgentsITrust.com today and provide us with some basic info. Our team will contact you to make an introduction to our preferred agent in your town. Learn more about your ad choices. Visit megaphone.fm/adchoices

MADE FOR MORE
If You're Juggling Hundreds of Ideas, Forever Starting Things and not Finishing Them, And Generally Struggling to FOCUS...This is for you!

MADE FOR MORE

Play Episode Listen Later May 12, 2022 22:56


The biggest challenge we face in business today is the vast amount of available information and the distractions everywhere we look. So it's no wonder so many entrepreneurs are struggling to stay focused and actually FINISH the things they start. If you keep starting something new before you've even got the last thing off the ground you're going to end up completely burnt out...and not moving forward at all.If you're a multi-passionate entrepreneur like me, then you'll know how overwhelming it is when you just have SO many ideas, and you want to do them ALL...RIGHT NOW!Honestly, it's exhausting.Luckily for you, I'm a recovered professional 'starter' and in this episode I share my top 5 tips to help you stay focused.Link and Resources:Watch my free training 'Build Your List' https://www.carlymeyers.com/buildyourlistJoin 'The Ambitious Female Entrepreneur Club' FB Group https://www.facebook.com/groups/powerfulwomeninbusiness/Trial KAJABI for free for 30 days https://app.kajabi.com/r/BVPdzMW5/t/r6juznxiCheck out all 'MY FAVES' on my website https://www.carlymeyers.com/myfavesFollow me on Instagram: @madeformorepod @carlymeyerslifeAnd, if you enjoyed this episode, please leave me a rating and a review. Thank you so much! Love alwaysCarly xx

Rick & Bubba Show
May 12th, 2022 - Rick & Bubba Show

Rick & Bubba Show

Play Episode Listen Later May 12, 2022 195:43


Sponsors: Birch Gold - Inflation is already running hot…right at the highs of the last couple decades. And now the Dems are pushing through ANOTHER MASSIVE SPENDING PLAN! 3.5 trillion dollars! So here's the deal… if you think money grows on trees, like our government does, then just keep living in ignorance. If you're freaked out about the impact this additional spending is going to have on already high inflation, then protect your savings…NOW! Diversify your savings into physical Gold and Silver with Birch Gold Group. Birch Gold Group is the company that we recommend for precious metals. They have an A+ rating with the Better Business Bureau, countless 5-star reviews and THOUSANDS of satisfied customers. And they can help YOU protect your hard-earned savings. Thanks to a little-known section of IRS Tax Code, you can legally move your I-R-A or 401(k) into precious metals – with no tax implications or penalties. To get started on protecting your savings with gold in a TAX SHLETERED account, request a free info kit from Birch Gold by texting the word "RICKBUBBA" to 9-8-9-8-9-8. This comprehensive, 20-page kit reveals how gold and silver can protect your savings, and how you can move your I-R-A or 401(k) out of volatile stocks and bonds and into a Precious Metals IRA. Text RICKBUBBA" to the number 9-8-9-8-9-8. RealEstateAgentsITrust.com Buying or selling a home is already one of the most stressful things you can do – and it can be ten times worse if you're not working with the right agent.  Generally speaking, our homes are our biggest investment – that's a lot of responsibility, and you need an agent who can take that seriously. That's why we recommend Real Estate Agents I Trust. We work with only the best agents in every market.  We do our homework, talking to every agent before inviting them to join our network – and here's a big one: we only work with full-time professionals…no part-time or inexperienced agents.  Our team makes the introduction, and then follows you through the buying or selling process to make sure that you're satisfied. The agents we work with have long track records, and are the best sellers in their field.  They're a part of this audience; they share your values, and they're almost anywhere you want to go! The process is simple: just go to https://RealEstateAgentsITrust.com today and provide us with some basic info. Our team will contact you to make an introduction to our preferred agent in your town. Learn more about your ad choices. Visit megaphone.fm/adchoices

Giant Robots Smashing Into Other Giant Robots
422: Verge HealthTech Fund with Joseph Mocanu

Giant Robots Smashing Into Other Giant Robots

Play Episode Listen Later May 12, 2022 36:52


Joseph Mocanu is Co-founder and Managing Director of Verge HealthTech Fund, which invests globally in seed-stage healthcare technology startups relevant to emerging Asia that focus on disease prevention and management, digital therapies, and health system efficiency. Chad talks with Joseph about the healthcare landscape in different places of the world, funding criteria for companies, and how the pandemic has changed prospects for the fund and the market in general. Verge HealthTech Fund (https://www.vergehc.com/) Follow Verge HealthTech Fund on LinkedIn (https://www.linkedin.com/company/verge-healthtech-fund-i/). Follow Joseph on Twitter (https://twitter.com/jmocanu) or LinkedIn (https://www.linkedin.com/in/jmocanu/). Follow thoughtbot on Twitter (https://twitter.com/thoughtbot) or LinkedIn (https://www.linkedin.com/company/150727/). Become a Sponsor (https://thoughtbot.com/sponsorship) of Giant Robots! Transcript: CHAD: This is the Giant Robots Smashing Into Other Giant Robots Podcast, where we explore the design, development, and business of great products. I'm your host, Chad Pytel, and with me today is Joseph Mocanu, Co-founder and Managing Director of Verge HealthTech Fund, which invests globally in seed-stage healthcare technology startups relevant to emerging Asia that focus on disease prevention and management, digital therapies, and health system efficiency. Joseph, thank you for joining me. JOSEPH: Thanks so much, Chad, for having me. CHAD: So you have been focused on emerging Asia healthtech for a little while both at Verge HealthTech Fund, and prior to that, how did you get involved in this space? JOSEPH: I wish I had a really cool, deliberate story that made it sound like it was a smooth transition from point A to point B. But I simply have to owe it to an opportunity to transfer to the region through my old employer which is Oliver Wyman, a global management consultancy. So I joined this consultancy in 2011 after doing my Ph.D. and MBA really to understand how to be a better investor, which, again, sounds a little bit backwards. But I had worked at a hedge fund in China just after my MBA, and I learned that they use management consulting techniques to add value to their portfolio companies. And I thought that's a great skill to learn. And it'd be great to even learn it in English and doing it in healthcare 100% of the time. So I had joined Oliver Wyman in 2011 in Toronto office back home, where I spent a lot of my life. And they asked me one day if I wanted to transfer to the Singapore office to help start healthcare over there. And when I went to Singapore, of course, it's this futuristic city, really well planned. It's got a lot of fine names and a reputation globally of being a modern cosmopolitan place to do business. Some people refer to it as Asia-lite. But the surrounding areas have a lot of issues when it comes to their health systems. I knew this from an academic perspective, having studied about the region before moving to Singapore but seeing it firsthand was a completely different experience. At the time, I was working for primarily pharmaceutical clients, helping them with market access and other commercially relevant activities. And they were faced with a fundamental challenge of trying to sell their product, which was usually placed in the premium category to markets that had difficulty affording this. And not only did it have difficulty affording this, it had difficulty in delivering it as well as in using the product appropriately, making sure it gets to the patients when it's needed at the right time, at the right dose. And so they were looking for partners. They were looking for partners on the ground that could assist with this delivery education, the technology, and the financing around it as well. Now, there was a real shortage of said partners on the ground. At the same time, there were also insurance companies that wanted to expand their business. They also realized that the policies tended to be a bit simple, and they tended to resemble one another across competitors. And also, to manage increasing claims, they had a tendency to increase the premium that they charged. This was not possible to do indefinitely. And at some point, they needed to actually manage the medical conditions, which you're probably seeing more and more of in the U.S. and in Western markets, less so of in this part of the world. And then lastly, you had conglomerates and investors who said, "Hey, we hear healthcare is going to be a pretty hot field. How do we get started? How do we invest?" And all of this basically set me on a mission of target hunting. And during the course of this, well, I met a lot of interesting companies, a lot of them really, really early in their journey and really too small for any of my clients to find a meaningful way to engage with them. And unfortunately, they couldn't get to the point where they are relevant and large enough to engage with without a lot of capital. This is where, you know, you'd have a nice investment ecosystem coming in to fill in the gaps. This, unfortunately, did not really exist at the time. And I had the hubris of thinking that I could do something about it by being an angel investor and starting to support these founders directly, which, thankfully, seemed to work to a certain degree. It worked to the point where one day, I woke up, and I realized I had 13 angel investments, 9 of which were in healthcare technology, and not a lot of money left in my bank account to do other things with. CHAD: Uh-oh. [laughs] JOSEPH: Yeah. And at the same time, I also realized that the work that those founders are doing is a whole lot more impactful than me sitting up until 3:00 o'clock in the morning every night writing PowerPoint slides or begging analysts to write the PowerPoint slides that would more or less sit and collect dust on my clients' shelves for various reasons. So I came to the realization that I need to do this full time. I didn't have, you know, $10 million in my pocket as reference to spending all my money on angel investments. So I realized that I have to use other people's money, and the way to do that is to join a fund. Now, the problem with that idea is that there weren't any funds that were doing this, like really, really early investing in healthtech companies in the region that was really geared to helping solve some of these really big access challenges. So then I realized I had to start a VC fund that did this and only this. So that's really kind of a long-winded introduction as to how I got started with this. CHAD: Yeah, I want to come back to the process of actually starting a VC fund in a bit. But I'm curious, were the companies that you were doing angel investment in and now doing seed-stage investment in do they tend to be local companies, or do they tend to be international companies that are planning to solve a problem locally? JOSEPH: It's funny you ask that. At the beginning, they were local. Well, actually, if I really were to take a step back, the very first angel investment I made was for a mentee, and she was based in Toronto. But I'd say that the first true angel investment I made, you know, it was in Singapore, first and foremost, because I was there. And then I started branching out. I started making investments in the Philippines. I started looking at companies in Taiwan and other parts. And actually, that opened my eyes to the fact that there may be other companies around the world that are trying to solve a problem that may not necessarily be in my own backyard. So I started to, you know, cheekily, I sent my wife to tech conferences around the world. And she herself is an entrepreneur from the tech industry; hardware was her specialty. And we started identifying companies from all over the world. And the second angel investment where I was the very first investor was actually from a company in South Africa with similar challenges. So the things that we saw as major health system deficiencies or maybe shortages in infrastructure and human capital were very much true not just in Southeast Asia but in a lot of parts of the world. And we noticed that while there were different reasons for why they ended up in that position, the outcome was similar. CHAD: I'm not sure that everyone listening has a good sense of what the healthcare landscape actually looks like in these different places of the world. So let's take insurance, for example; what is the insurance landscape, generally speaking, in Southeast Asian countries? JOSEPH: So, in Southeast Asia, we do have insurers. I mean, private insurance is certainly there. But it's just not -- CHAD: Do most companies have public insurance, too, like universal healthcare? JOSEPH: That depends on which country you're in. Now, the one interesting thing about our entire region is that they've all committed to universal healthcare coverage. I would say that the implementation thereof has been heterogeneous; let's put it that way. Out of Southeast Asian countries that are not Singapore, I'd say that Thailand probably has the strongest public healthcare system. And in fact, they even do health technology assessments, which is really looking at the true cost-effectiveness of a new intervention versus what's currently done in practice to make decisions as to whether they're going to pay for it. And they cover a pretty high percentage of their population with this. And then there are other places where the financing mechanisms are in place, but you don't necessarily have the doctors or the hospitals where they need to be to address the needs of the population. Still, we are dealing with places that are not fully urbanized. And in fact, a good deal of the population is still working on the pharm, basically. One of the other complexities of our region is that just between the Philippines and Indonesia, which together has a combined population of 380 million at least, maybe it's 390 now, you've got 25,000 islands, and not all of those islands tend to hold major tier-one cities, even though they can hold a lot of people. And if there is one thing about healthcare that seems to be a universal truth is that highly skilled workers like to live in the rich cities. CHAD: And so what I'm hearing is that on an individual island, if there's not a major city there, the access to the actual healthcare might be really limited. JOSEPH: That is exactly it. CHAD: In these economies in these countries, it's typical to have private insurance layered on top. But the pharmas probably aren't doing that, right? JOSEPH: Oh, no, no, unfortunately not. There are some pilots of trying to do co-ops or collective insurance or micro-insurance policies. But again, when you look at the amount of premium that they could pay in, the kind of coverage they get is pretty basic. CHAD: So, how does that landscape influence the solutions that startups are creating? JOSEPH: Well, first and foremost, you've got to try to get some sort of mechanism by which you can seek care without having to travel too much. And I think that concept is extremely familiar to all of us thanks to the global pandemic that I hope we're coming out of right now, although there's always a new strain surprising us. The idea of basic telemedicine is one that can have a great deal of impact in these populations. But even before that, just understanding the importance of healthcare, like, what the concept of healthcare is, what the concept of the modern medical system is, is something that a fair number of people never really had awareness of. And I'll call out an example country, and I try not to call out too many examples. But Indonesia did a really good job of educating people about the concept of healthcare when they promoted their universal healthcare coverage. Even if they didn't have the ability to deliver it as well as they wanted to or as widespread as they wanted to, at least they got people paying attention to this concept called health. So awareness is really the first step. The second challenge is all right, so you know health exists. When do you know when you need it? Where are you going to find a doctor? How do you know if a doctor is even good? And how do you know that the products that you're going to get are appropriate? So there are so many challenges that you have to face when you are in a lack of access situation. CHAD: I assume you're getting pitched on a lot of ideas coming to your fund, a lot of startups. Correct me if that's wrong. [laughs] JOSEPH: No, no, that's absolutely true. So one of the blessings and curses of being one of the very few super early-stage healthtech venture funds out there is that there aren't many of us out there. And when we started...let's just put it this way, if I could find a fund that was doing what I wanted to do, I would have sent my CV in, and I couldn't. And starting a fund was basically the last thing I wanted to do, having never worked at a VC before or ever raised money in my life before. So I still think that we are the only truly global impact-oriented seed - I hate the term pre-seed, but I'll use it because of the audience's familiarity with it- investment fund out there right now for healthtech. So by virtue of that, we do see a lot of companies. CHAD: So what are some of the criteria? JOSEPH: So I'd say some of the criteria that we look for is number one, are you solving a real problem? And we define a real problem by the breadth of the problem, like, how many people are suffering from it or how systemic is this problem if it's an infrastructural one? And depth being how severe is this problem: is it life or death, or is it a minor inconvenience? So first and foremost, it's got to be solving a real problem. Second, it's really around the team. You need a lot of clinical, technical, and commercial experience in order to pull off a healthtech startup successfully. And even before that, we want to understand why are you doing this? Because this is not easy. I'd say on a scale of 1 to 10, doing a startup is like an eight, and then doing a healthtech startup is like an 11. It's slow; it's technical, it's regulated, it's super risky. And health systems are very pathway-dependent in the intent to not have many things in common with one another. So it is really, really hard. So we want to know the motivation. Are you going to stick through the thick and thin, or are you doing this healthtech startup because you think healthtech is cool or hot this particular period in the market cycle? So that's another criterion. Another criterion is, well, what's your edge? I mean, okay, you can have a great team, and I think that is definitely a prerequisite. You can solve a problem. But do you have something that could make sure that you are going to be competitive and remain competitive? CHAD: Given the barriers to market entry that you just outlined, do most of the companies that you're investing in have any sort of traction already in the market, or where are they in the product development or business development cycle? JOSEPH: I'm going to give the ultimate cop-out answer of it depends. CHAD: [laughs] Yeah. JOSEPH: But I will qualify that by saying it depends on whether it's hardware or software, and it depends whether it's regulated or non-regulated. So if you are a software company that's unregulated so, what does this mean? It could be like a marketplace. It could be health education. It could be some telemedicine in a loosely regulated market. We'd really like to see user traction. We'd really like to see revenue even. However, if you're a device company and you need to get FDA before you can earn a single dollar, we're okay with it being a science experiment or a prototype on the table as long as the science part of it has been de-risked. So if we know that the fundamental scientific principles are sound, then we're willing to take the productization and regulatory risk because we've been through this journey ourselves. CHAD: And also, you said a team is really important, so if it's a team that has never gone through that before, that's less attractive than a team that has done it before, I assume. JOSEPH: Yeah, absolutely. However, one of the challenges is that outside of the U.S., certain European markets in Israel, it's really difficult to find a team that's gone through the entire medical device development process before. So you are going to rely heavily on your professional service providers, consultants, advisors, other investors who've done this before. And as long as you have at least a path to getting to a point where you can unlock and utilize that expertise, that's okay. But if you don't, then that's a really, really big risk. Mid-Roll Ad I wanted to tell you all about something I've been working on quietly for the past year or so, and that's AgencyU. AgencyU is a membership-based program where I work one-on-one with a small group of agency founders and leaders toward their business goals. We do one-on-one coaching sessions and also monthly group meetings. We start with goal setting, advice, and problem-solving based on my experiences over the last 18 years of running thoughtbot. As we progress as a group, we all get to know each other more. And many of the AgencyU members are now working on client projects together and even referring work to each other. Whether you're struggling to grow an agency, taking it to the next level and having growing pains, or a solo founder who just needs someone to talk to, in my 18 years of leading and growing thoughtbot, I've seen and learned from a lot of different situations, and I'd be happy to work with you. Learn more and sign up today at thoughtbot.com/agencyu. That's A-G-E-N-C-Y, the letter U. CHAD: Earlier, you said FDA. FDA is a United States thing. Do most countries in Southeast Asia have a local regulatory agency like the FDA that things need to be approved through? JOSEPH: Yep, every single one. The question is, what's the process to go through that? Generally speaking, the FDA, as well as the European equivalent, which is the CE Mark, are used as predicates in order to kind of shortcut the process, make it go a little bit faster. Because then you don't have to create a bunch of new work or get the local regulator to really try to do things that they're unfamiliar with. CHAD: You said it's fairly rare for teams to have concrete experience doing that in the local market. Does that mean that most of these markets have been served by, I don't know, large companies previously? JOSEPH: Yeah, and still are. A fair number of emerging markets don't even have the manufacturing capability to even do local production, so they require a lot of importation. I'd say that this is a different case when it comes to generic pharmaceuticals and maybe vaccines and some consumables. But complex devices and biologics are generally manufactured in more developed markets or larger economies. CHAD: Yeah. Well, you mentioned the pandemic, and I'm curious how the pandemic has changed either your prospects for the fund but also the market in general. JOSEPH: I would say, again, it's both a blessing and a curse. So during the start of the pandemic, there was a great deal of societal and economic uncertainty around where are we going to be as a species in six months? And I remember early 2020; it was kind of these Hollywood movies that would paint this kind of semi-apocalyptic picture of where we're going to end up. And as a consequence, people really puckered up and stopped investing in things. I would say that the other side of it is now much of the world understands what it's like to not have access to quality healthcare or even access to healthcare. You see people not going to the hospital for things that they ought to and then suffering the consequences at home, like, let's say, not going for that heart checkup, and then you having a heart attack at home and passing when you otherwise wouldn't have. Or even cancer patients having to delay their therapy because the hospital is just too full. So this concept of telemedicine which has always been resisted by both the payers and providers for being infeasible, or inaccurate, or impossible to fund properly, suddenly had to be done. And the concept of telemedicine is fairly old. I mean, how else would you treat your astronauts in space in the '60s if they got sick? So this is something that NASA thought of and invented and implemented, you know, decades and decades ago. And finally, this came forward. And I was pleasantly surprised to see...and again, I'll quote the U.S. here where The Center for Medicare & Medicaid Services or CMS actually reimbursed a bunch of remote procedure codes, which is pretty amazing. And I think that was opening Pandora's Box. There's no going back from that. So I think telemedicine is absolutely here to stay. And the real challenge now is really how to make it more user-friendly, how to improve it, how to improve the decisions that come from it. I really don't think it's going back. And as a consequence of this, it's really benefited a lot of our startups that were trying to build this remote-connected future anyway. CHAD: Has there also been an influx of those kinds of startups? JOSEPH: Absolutely. I would say that there has been a veritable Cambrian explosion of startups where everyone and their uncle is starting a healthtech startup as well as a healthtech fund. I see a lot of new funds coming up promising to invest in this space. So I think it's good in that there's going to be a lot of really new ideas, and hopefully, it's going to improve the standard of care for everyone around the world. But at the same time, it is creating a lot of noise, and it's becoming increasingly difficult to filter through that. CHAD: Do the solutions tend to be local? I guess the nature of my question was, you know, like messaging apps. [laughs] Different countries have different popular messaging apps. What do you see as the penetration of different telemedicine solutions in the different countries? Do you think it's going to be, oh, you know, this is popular in this country? Or do you think it's possible for one company to come in and really have a significant impact in the market across multiple markets? JOSEPH: Yeah, I think it's eventually going to be the latter. So at the start, you do see that you have your national champions. And like instant messaging apps, it's kind of like a 90-10 rule where the number 1 player takes 90% of the market, number 2 takes most of what's left, and then number 3 player caters to some niche or another. And I see two competing forces here; one is, yes, there may be a big player like Babylon or Crew who comes in and rolls up everything backed by heaps of capital. But the other thing could also be that all the health systems start saying, "You know what? Why are we working with an external company? Why don't we just develop all these capabilities ourselves and then keep the patient captive?" And you are starting to see middleware providers who are basically providing that telemedicine layer, white-labeling it, or giving API access to the providers themselves, the legacy providers themselves, and then allowing them to do that. And I actually saw this statistic...I don't know how accurate it was, but I saw a chart in the U.S. that white-labeled or internal telemedicine consults exceeded the number of Teladoc consultations, which is the largest platform in the U.S., at some point last year. CHAD: I'm wondering, do you know if Teladoc uses Twilio? JOSEPH: I really should know the answer to that question, but unfortunately, I do not. CHAD: Because my sense is the real winner in this game might be companies like Twilio because I think everyone is using them. [laughs] JOSEPH: That makes a ton of sense. So when we do look at some investments, we actually want to invest in middleware because why duke it out to be the platform when you're the utility provider? CHAD: So let's turn our attention to the actual creation of the fund. And I know you just opened your second fund last month, right? JOSEPH: Actually, this month. I mean, last month was the paperwork, but it takes time for stuff to get approved. CHAD: Yeah, fair enough. So you already said actually starting a fund was, I think you said, the last thing on earth that you wanted to do. Why was that the last thing you wanted to do? JOSEPH: Frankly, it was a whole lot more uncertainty than I was prepared to handle at the time. And I was either blessed or cursed with this momentary clarity of purpose where I knew with all my being that this is what I wanted to do with myself for, if not the rest of my life, a very long time. And the only alternative, or rather the only choice to pursue this at the time, was really starting a fund. So that's what I had to do, right? CHAD: And how large was the first fund? JOSEPH: It was pretty small; it was $7.6 million, which in local currency equates to a nice number of just above 10 million sings. CHAD: And where did you...I'm going to ask where that ended up coming from. But in terms of the mechanics of actually starting a fund, what did that look like? JOSEPH: Well, it depends on each market. But typically, what happens is you need to first have permission from the regulator in order to actually start and run a fund. So in Singapore, you need to apply for a venture capital fund management license from the Monetary Authority of Singapore. That's what had to be done first, and we got that approved in a pretty good time, actually. I think we might have captured a lull period because now, with all the funds coming out, I've heard the queue is months long in some cases. And then came the business of incorporating the fund itself and then starting to draft all the legal paperwork, the conditions, the private memorandum or prospectus, depending on which geography and how regulated you are, that you show around to investors once they've expressed interest in learning substantially more details about your fund beyond what a simple PowerPoint deck or a casual coffee conversation can yield. And then you start collecting commitments, and then you start collecting the money. And at some point, you have enough money to say, all right, we'll do a close or first close, and that then gives you permission to start deploying that money into investments. And some funds they'll only do one close, some funds will do a first close, and then a final close when they get the rest of the money in or some money committed and then calling the rest of it to come in. Or some will do multiple closes just so that they have the ability to keep deploying continuously while they're doing this fundraising process. And in our case, we were doing rolling closes. So we would close every few months, and we'd continue to deploy. And by the time we finished fundraising, we actually already had nine companies out of the 15 that we have in our portfolio done. So it really depends on all sorts of different factors, which we probably don't have that much time to get into. And I risk perhaps putting my foot in my mouth and misspeaking if I give too many examples. CHAD: [laughs] When it comes to starting a fund, how cookie-cutter is it? Or do you find yourself having to create everything from scratch, all the legal documents, whatever platform you might be...or access you might be giving to the people who are contributing to the fund? JOSEPH: I'd say, again, it depends where you are. I think in the U.S. and especially with the advent of great service providers platforms like AngelList and Assure, it is super cookie-cutter. In our part of the world, I still think it's somewhat cookie-cutter, but we got a little too cute. CHAD: [chuckles] JOSEPH: We thought, okay, it's our first time doing a fund. I've been an LP in other funds. What did I wish I had as an LP? And as a consequence, we introduced some hurdle rates of tiered carry, and even zero carry if we don't hit a certain return. And all that really did was just create more questions from the investors. So we should have probably done it as cookie-cutter as possible in hindsight. CHAD: So I often hear from founders who talk about how it's important to have a VC fund behind you that you agree with, and want to work with, and are excited about, and that can be value additive. Do you need, as someone raising a fund, do you need to consider things like that or other things when it comes to the people you're taking money from the fund? JOSEPH: Absolutely. Maybe knock on wood here, but our relative inexperience when starting a fund probably selected out all the folks who might not have gotten along with us anyway. And the fact that we're pretty straightforward and direct with what we want to do in our objectives probably helped with that selection process as well on the positive side. But I absolutely, absolutely can recommend having that alignment of values and mission with those who are on the journey with you for a good decade. It's like getting married, right? CHAD: Yeah. Well, so when you're planning a fund and thinking about time horizons, is a decade what you're thinking about? JOSEPH: Yeah, all things considered. So our fund lifetime was eight years from final close. But still, it takes time to raise the fund and plan the fund, and you have people that are on board even before the fund begins. So it is a decade-long relationship, at least. And then some of the larger funds because they want to have a longer investment period, will push that out even further where they're going to be a 10-year fund from final close. And if you have enough of your portfolio that hasn't exited yet but still has some value to be uncovered, you may ask your investors to extend the fund life even further. So this is a supremely long relationship that you have. And aside from evergreen funds that don't have a fund lifetime, I think this is about as long as it gets, although I have seen some people float the idea of a 20-year fund or a 50-year fund, but that's really not widely practiced. I think five years is the fastest I've seen, and ten seems to be the average. CHAD: Where did that first fund come from? How did you drum up the interest and decide who would be a part of it? JOSEPH: It's really the folks who have known me the longest or worked with me. So you know how they say when you're raising money for a startup, you get it from the three F's, Friends, Family, and Fools? For funds and for first-time fund managers, I think it's a pretty analogous group of people, although I don't think we have any fools. CHAD: [laughs] JOSEPH: And, unfortunately, don't have family either. So it's really all friends, old co-workers, old clients, and then the people that they introduced us to. There were some serendipitous moments where people liked what I said at a conference, or we asked a tough question. And people asked, "Well, how can you ask such a tough question?" Then they got to know us and then decide to invest from there. But majority of it was just introductions, warm introductions. We never did any cold emails. CHAD: Have there been any exits in the first fund? JOSEPH: Not just yet. We do come in as either the first or second investor in these companies. So there is quite a long journey that we expect before we, you know, see some exits. There may be some this year. But if I look back at my angel investments, there was only real serious talk of an exit at the six-year mark for one of the companies that's doing really well. And even that exit turned out to be just another, you know, the investor changed their mind, and instead of buying the company, they decided to just invest more money into it. So this is a long journey. CHAD: Yeah, definitely. Did that make putting together the second fund any harder, or is that what everyone expects? JOSEPH: I am cautiously optimistic because we're still so early in our journey that the only folks we've really spoken with are the ones who invested in our first fund or passed on our first fund because they don't back first-time fund managers. They come to expect that your second fund is built on the momentum of the first fund. And it's really your third fund that's built on the exit and actual realized track record of your first fund. CHAD: That makes sense. What do you think is next for Verge HealthTech? JOSEPH: Well, first things first, we got to get started with the second fund and see if we can build something to scale. I mean, the first fund was an experiment. It was a small fund, you know. Could we build the world's seed-stage global impact healthtech fund on basically a shoestring? And the second fund is now let's take everything that we wish we had for the first fund and scale it up so bigger initial ticket sizes because we want to own more, the ability to follow on properly, the ability to do more deals, which requires a much bigger team which we now have. As well as to go back and support the winners of our first fund as well as some of the companies that maybe we made a mistake on and passed but still have a strong enough relationship to revisit and get them on the next round or the round after that, or just new companies that the market has moved. You know, the area that we might have been really interested in at the seed stage is now a pre-A stage or an A stage. So that's really what we want to do with the second one. And it would be amazing to see where this goes. I'm thrilled that we actually have, well, I think, one of the best healthtech investment teams in the world; maybe I'm slightly biased with this. CHAD: [laughs] JOSEPH: And I'm excited to see what we can do together. CHAD: That's great. Well, I wish you the best. And I really appreciate you for stopping by and sharing with us. If folks want to follow along with you or get in touch with you, where are the best places for them to do that? JOSEPH: Probably LinkedIn is the best way to do it. Also, I have a blog on Medium, which I'm sure can be linked in the show notes. I've been really bad...I've been traveling intensely in the past half-year. But I promise my next blog post will be interesting. CHAD: [laughs] JOSEPH: Because I just got back from Rwanda and Saudi Arabia, which are two very, very different countries, however, with a great emphasis on improving healthcare, especially on the digital side. CHAD: Well, that's exciting. So folks definitely can find the links for that in the notes, which you can find the notes; you can subscribe to the show and a full transcript of the episode at giantrobots.fm. If you have questions or comments, email us at hosts@giantrobots.fm. And you can find me on Twitter at @cpytel. This podcast is brought to you by thoughtbot and produced and edited by Mandy Moore. Thanks for listening, and see you next time. ANNOUNCER: This podcast was brought to you by thoughtbot. thoughtbot is your expert design and development partner. Let's make your product and team a success. Special Guest: Joseph Mocanu.

Market Talk
Midday Commentary- 5/11/22- Arlan Suderman

Market Talk

Play Episode Listen Later May 11, 2022 4:15


Grain markets remain firm at midday as we found buying shortly after the open. Generally, most ag markets and energies are higher as money rotates into food and fuel based commodities today. Arlan Suderman of StoneX joins us to discuss Wednesday's trade.

The Zandbergen Report
Bart Zandbergen Interviews Ex- SEAL and CIA Operative David Rutherford

The Zandbergen Report

Play Episode Listen Later May 11, 2022 45:34


Host Bart Zandbergen was joined in the studio by David Rutherford. David is an internationally known motivational speaker, best-selling author, world championship performance coach, and award-winning podcast host. David spent 8 years in the Naval Special Warfare community. He was a SEAL Operator, combat paramedic, and instructor during his time on the teams. Since his honorable discharge as a Navy SEAL, he continued to hone his skill sets as an international training and curriculum specialist for Blackwater. David was eventually recruited by the CIA, where he served as a training and security specialist, deploying many times overseas in high-threat environments.   Since his departure from serving our nation in the highest manner, David has gone on to become one of the most sought-after motivational speakers in the country, averaging over 50 events a year. He has written several training books for kids and adults. In recent years, David has expanded his behavioral training and performance coaching to individuals and teams, which include the collegiate 2018 World Series Champion Oregon State Beavers, and, most notably, the 2018 World Series Champion Boston Red Sox. David has reached over 50 million people around the world with his Froglogic message, which Bart discusses with him in-depth in this very special episode.   In this episode learn: - The #1 mistake people make under pressure and how to avoid it - How to navigate safety by first getting a grasp on reality - How Froglogic helps people restructure their perception of pain - Why mental preparation is key for successfully managing any stressful situation *** The Zandbergen Report, where wealth strategies and investment wisdom collide, is led by host Bart Zandbergen. The show is also available on Apple Podcasts, Google Play Store, Podbean and Spotify. Interested in being a guest on The Zandbergen Report? Email podcast@bartzandbergen.com. Learn more about Bart by visiting www.BartZandbergen.com *** NO OFFER OR SOLICITATION: The contents of this podcast episode: (i) do not constitute an offer of securities or a solicitation of an offer to buy securities, and (ii) may not be relied upon in making an investment decision related to any investment offering Axxcess Wealth Management, LLC, an SEC Registered Investment Advisor. Axxcess does not warrant the accuracy or completeness of the information contained herein. Opinions are our current opinions and are subject to change without notice. Prices, quotes, rates are subject to change without notice. Generally, investments are NOT FDIC INSURED, NOT BANK GUARANTEED and MAY LOSE VALUE.

Champion's Mojo
Awaken & Own Your Adult Athlete, Episode 147, 05-10-2022

Champion's Mojo

Play Episode Listen Later May 10, 2022 23:06


Why do we rarely hear the words adult and athlete used together? What is a masters athlete? Generally, we think of being an athlete for the young or being a masters athlete for the elite. But Kelly and Maria talk about their own mindset when it comes to being adult athletes, masters athletes and how keeping it fun and/or competitive. Whether you are a weekend warrior exercise who wants to get back into being an athlete or already an elite masters this episode will inspire you to new heights. Catch up on EVERY episode at ChampionsMojo.com.6 Ways to Own Your Adult AthleteStop saying “I'm retired from my sport” or “I used to be a swimmer” or runner, etc. Your relationship may change with the sport or exercise, but you can always do it. Use future thinking and do what you can WHILE you can.Surround yourself with other adult athletes, join a team and hire a coach. Change your mindset and OWN the title of athlete.Try something new and fun to keep movement enjoyable.Start with small goals and build from there.Episode Topics and MentionsMasters athletesMasters swimmingMindsetQuote of the Week“You don't run a marathon by running 26 miles; you run a marathon by putting on your running clothes and going out the door for a training run, and then another.” -- Maria ParkerSubscribe to the Champion's Mojo podcast on Apple Podcasts, Spotify and Google Play.Have something you want to share with us? Email it to hello@championsmojo.com.Support the show

Daily Halacha Podcast - Daily Halacha By Rabbi Eli J. Mansour
If One Forgets or Doesn't Remember If He Counted The Omer

Daily Halacha Podcast - Daily Halacha By Rabbi Eli J. Mansour

Play Episode Listen Later May 9, 2022 6:50


The Terumat Ha'deshen (Rabbi Yisrael Isserlin, Austria, 1390-1460), in his responsa, addresses the situation of a person who cannot remember whether or not he counted the Omer on one of the days of the Omer period. It is well-known that if a person missed a day of counting, then on the subsequent nights of the Omer he counts without a Beracha. The question addressed by the Terumat Ha'deshen is whether or not this applies also to a person who is unsure whether or not he counted one day. Must he now count without a Beracha, in case he actually missed a day of counting, or do we treat this case differently, since the individual is not certain that he missed a day?The Terumat Ha'deshen ruled in such a case, the individual continues counting with a Beracha. He explains that this situation is one of "Sefek Sefeka," or a "double doubt." The first doubt is whether or not he indeed missed a day of counting. But even if he did miss a day, there is still a question as to whether or not this affects his counting on the subsequent nights. There are some authorities who maintain that each night's counting constitutes an independent Misva and is unaffected by the counting on previous nights. Normally, because of the different views that exist in this regard, one who missed a day of counting continues counting without a Beracha. But if a person does not know for certain that he missed a day, then we have two points of uncertainty, and therefore, the Terumat Ha'deshen rules, since there are two possible reasons for him to continue counting, he may count with a Beracha.This Halacha also applies in a case where one does not remember whether he counted correctly. For example, a person thought in his mind that it was the twenty-fifth night of the Omer, but then he heard the Hazan count twenty-six days. After leaving the synagogue, the person could not remember whether he counted the number that he had in his mind, or the correct number that he heard from the Hazan. (Ideally, of course, he should then count again, without a Beracha. The question we address here is if he did not count again that night or the next day.) This instance, too, is a situation of "Sefek Sefeka": he may have counted correctly, and even if he did not count correctly, it is possible that Halacha follows the view that the Misva on each night is independent of the Misva on the previous nights. Therefore, he continues counting with a Beracha.A third situation of "Sefek Sefeka" relevant to the Sefirat Ha'omer involves a person who forgot to count the Omer one evening, and he wakes up in the middle of the night and remembers that he forgot to count. He cannot determine, however, whether it is already Alot Ha'shahar (daybreak). Halacha allows counting with a Beracha until Alot Ha'shahar, but if one did not count the Omer before that point, then he counts without a Beracha (but the following night he resumes counting with a Beracha). If one is unsure whether Alot Ha'shahar has arrived, then he counts with a Beracha, because of the rule of "Sefek Sefeka." It is possible that it is still nighttime, such that he may count with a Beracha, and even if Alot Ha'shahar has already passed, it is possible that Halacha follows the view that one may count the Omer with a Beracha even during the day. Therefore, in such a case, one may count the Omer with a Beracha. This is the ruling of Hacham Ovadia Yosef, as recorded in Yalkut Yosef (listen to audio recording for precise citation).The Beracha over Sefirat Ha'omer differs in this regard from other Berachot. Normally, we do not recite a Beracha in situations where it is uncertain whether the Beracha is warranted, even in cases of "Sefek Sefeka," where there are two possibilities that warrant the recitation. This point is made by Rav David Pardo (1718-1792), in his work Michtam Le'David, where he discusses the principle of "Safek Berachot Le'hakel" – which means that we do not recite Berachot in situations of uncertainty. Rav David Pardo notes that at first glance, this rule is superfluous. After all, nearly all Berachot are required only Mi'de'rabbanan (on the level of Rabbinic enactment, as opposed to Torah law), and there is already a famous rule of "Safek De'Rabbanan Le'kula," which means that with regard to obligations required Mi'de'rabbanan, we may assume the lenient possibility in situations of uncertainty. Seemingly, then, there was no need for the Sages to establish the rule of "Safek Berachot Le'hakel," since in any event most Berachot are required Mi'de'rabbanan, and Rabbinic obligations are treated leniently in situations of doubt. One answer to this question is that the rule of "Safek Berachot Le'hakel" establishes that one may not recite a Beracha in situations of uncertainty, even if he wishes to do so, as opposed to other Rabbinic obligations, where it is permissible and even praiseworthy to act stringently. Additionally, however, Rabbi David Pardo explains that the rule of "Safek De'Rabbanan Le'kula" applies only when there is a single point of uncertainty. If there are two points of uncertainty, such that there are two possible reasons for the obligation to apply, then one must act stringently and full the obligation, even though it is Rabbinic in origin. In the case of Berachot, however, we refrain from reciting a Beracha even if there are two possible factors warranting its recitation.Generally speaking, then, we do not recite a Beracha in any situation of uncertainty, even in cases of "Sefek Sefeka" where there are two points of uncertainty, each of which presents the possibility that the Beracha is required.When it comes to Sefirat Ha'omer, however, one recites the Beracha in situations of "Sefek Sefeka." This distinction is due to the position of the Rambam (Rabbi Moshe Maimonides, Spain-Egypt, 1135-1204), who was of the opinion that Sefirat Ha'omer constitutes a Torah obligation even nowadays, in the absence of the Bet Ha'mikdash. Although Halacha does not accept this view, and we generally treat Sefirat Ha'omer as a Rabbinically-ordained obligation nowadays, nevertheless, the possibility that it applies on the level of Torah obligation changes the way we handle situations of uncertainty. As Sefirat Ha'omer may entail a Torah obligation, we treat it as a bona fide requirement in situations of Sefek Sefeka and thus one recites a Beracha in such cases.Summary: One who missed an entire day of counting during the Omer does not recite a Beracha when he counts on subsequent nights. If one is uncertain whether he counted on a certain day, or whether he counted correctly on a certain day, then he continues counting with a Beracha. A person who did not count at night but remembers during the next day, he counts without a Beracha and then resumes counting with a Beracha that night. If a person wakes up in the middle of the night and realizes that he had not counted the Omer, and he cannot ascertain whether Alot Ha'shahar (daybreak) has passed, he counts with a Beracha.

SQL Server Radio
Episode 140 - Migration Challenges

SQL Server Radio

Play Episode Listen Later May 9, 2022 38:42


Guy and Eitan discuss interesting challenges and news about migrations in SQL Server. Also, we talk about performance considerations of partitioning in SQL Server, a blog post series about how to tune performance, and new scripts in our Madeira Toolbox on GitHub. Relevant links: Data-tier Applications (DACPAC and BACPAC) About: Snapshot Replication Generally available: Azure Virtual Machines increase storage throughput by up to 300% Generally available: Announcing Azure SQL Migration extension for Azure Data Studio Public preview: Reverse Migration of Azure SQL Database Hyperscale tier to General Purpose tier Limitations for Reverse Migration SQL SERVER – Table Partitioning for Slow Performance | Pinal Dave How To Tune Performance - Chapter 4: Common Problems | Sagi Amichai Find Redundant Indexes with Recommendations for all Databases | Madeira Toolbox

Stoney Baloney | A Narrated Cannabis Column

The brain needs oxygen so the body yawns. And upon rising from the pillow one overcast morn, there was a gurgled effect and a peculiar pitch out of the mouth that seeded my core with suspicion. Oddly, it resembled an anxious Chewbacca sending a ‘let's get the fuck outta here' to his not so trusted friend Han Solo who invariably induces motion sickness from the erratic movement of dodging asteroids to the smell of burnt Wookie dingleberries from laser beam near misses. I panicked. Had some strange transformation occurred whilst asleep? There was no extraneous fur growing on my body, no foul breath that resembled the remnants of fried Grantaloupe innards, or any other traits of a Chewbacca for which I should be deeply concerned. There must have been in a crazy dream before lucidity resurfaced, so the anxiety began to fade.  Nightmare averted. But there is another species of Wookie—sort of the human version of that Sasquatch's buzzin' cousin from another mother. Generally unclean, extremely hairy, and housing silver dollar sized earlobe gauges, their look is that of having stolen tapestries from an eastern European gypsy bordello and fashioned the material into pants. You see and smell them at heady Cannabis events toting their wares in a pelican case. I sniffed the underarms, and it was not good. Had I transformed? Was it Freaky Friday? Jumping out of bed, I immediately made a terror run for the mirror where a thorough inspection was in order. The hair was studied for any new emerging dreads, the mouth for any new sores, and the face for any remnants of crumbs in the patchy facial hair. Nope, it was the same dude that passed out drunk the previous night in the middle of the original Star Wars trilogy.  So, I relaxed and took a dab, clutching my stuffed Princess Kneesaa Ewok toy that brings me comfort in moments of reality. 

The Azure Podcast
Episode 423 - Azure Cache for Redis

The Azure Podcast

Play Episode Listen Later May 7, 2022


Kyle Teegarden, a Senior PM in the DevDiv group, gets us re-acquainted with the Redis offering on Azure and discusses all the latest features including the Enterprise tier. Media File: https://azpodcast.blob.core.windows.net/episodes/Episode423.mp3 YouTube: https://youtu.be/xKA-w7Icn00 Resources: Azure Cache for Redis | Microsoft Azure How to Improve Your Azure SQL Performance by up to 800% - Microsoft Tech Community Cache-Aside pattern - Azure Architecture Center Implement Redis Pub/Sub and Streams in Azure Cache for Redis - Learn Optimize your web applications by caching read-only data with Redis - Learn  Quickstart: Use Azure Cache for Redis in .NET Core Updates: Generally available: Node pool snapshot Generally available: Scale-down mode in AKS Public preview: Static Web Apps now supports Gitlab and Bitbucket for CI/CD Public preview: Azure Storage as share in Windows Code in App Service  Intelligent application protection from edge to cloud with Azure Web Application Firewall Customize your secure VM session experience with native client support on Azure Bastion  

The Blockchain Debate Podcast
Motion: We should always reduce MEV on blockchains (Ed Felten vs. Tushar Jain)

The Blockchain Debate Podcast

Play Episode Listen Later May 6, 2022 69:38


Guests:Ed Felten (twitter.com/edfelten)Tushar Jain (twitter.com/TusharJain_)Host:Richard Yan (twitter.com/gentso09)Today's motion is “We should always reduce MEV on blockchains."Generally speaking, MEV or Miner Extractable Value is a way for miners to derive additional revenue by executing transactions based on information in the mem pool. For instance, say a miner notices a transaction in the mem pool waiting to be included in a block. Maybe this is a transaction to buy up some cheap Ethereum. The miner can execute that purchase themselves, at the expense of the trader that placed the original order. And of course, this means value got extracted by the miner, transferred from the original trader. This behavior pattern, of course, applies to both miners and validators. Or to all block producers, to be generic.The question is, is MEV an inevitability of blockchain systems? Are there ways to reduce it? Are our resources better spent creating systems that reduce as much MEV as possible, or should we acknowledge their existence and try to distribute that MEV more fairly, or at least transparently?Our two guests today include a layer-2 founder and a VC well-versed in this area. It will be a great discussion.If you're into crypto and like to hear two sides of the story, be sure to also check out our previous episodes. We've featured some of the best known thinkers in the crypto space.If you would like to debate or want to nominate someone, please DM me at @blockdebate on Twitter.Please note that nothing in our podcast should be construed as financial advice.Source of select items discussed in the debate (and supplemental material):https://pdaian.com/blog/mev-wat-do/https://multicoin.capital/2021/09/08/tokenizing-mev/https://medium.com/offchainlabs/meva-what-is-it-good-for-de8a96c0e67chttps://docs.flashbots.net/flashbots-protect/overviewGuest bios:Ed Felten is co-founder and chief scientist at Offchain Labs, the inventor of Arbitrum, a layer-2 scaling solution for Ethereum. He was previously a professor of Computer Science at Princeton, and before that the Chief Technologist for the Federal Trade Commission as well as Deputy U.S. Chief Technology Officer at the White House.Tushar Jain is co-founder and Managing Partner of Multicoin Capital, one of the most successful crypto funds in the last cycle.

Screaming in the Cloud
The Magic of Tailscale with Avery Pennarun

Screaming in the Cloud

Play Episode Listen Later May 4, 2022 41:29


About Averywvdial, bup, sshuttle, netselect, popularity-contest, redo, gfblip, GFiber, and now @Tailscale doing WireGuard mesh. Top search result for "epic treatise."Links Referenced: Webpage: https://tailscale.com Tailscale Twitter: https://twitter.com/tailscale Personal Twitter: https://twitter.com/apenwarr TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by LaunchDarkly. Take a look at what it takes to get your code into production. I'm going to just guess that it's awful because it's always awful. No one loves their deployment process. What if launching new features didn't require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren't what you expect? LaunchDarkly does exactly this. To learn more, visit launchdarkly.com and tell them Corey sent you, and watch for the wince.Corey: This episode is sponsored by our friends at Revelo. Revelo is the Spanish word of the day, and its spelled R-E-V-E-L-O. It means “I reveal.” Now, have you tried to hire an engineer lately? I assure you it is significantly harder than it sounds. One of the things that Revelo has recognized is something I've been talking about for a while, specifically that while talent is evenly distributed, opportunity is absolutely not. They're exposing a new talent pool to, basically, those of us without a presence in Latin America via their platform. It's the largest tech talent marketplace in Latin America with over a million engineers in their network, which includes—but isn't limited to—talent in Mexico, Costa Rica, Brazil, and Argentina. Now, not only do they wind up spreading all of their talent on English ability, as well as you know, their engineering skills, but they go significantly beyond that. Some of the folks on their platform are hands down the most talented engineers that I've ever spoken to. Let's also not forget that Latin America has high time zone overlap with what we have here in the United States, so you can hire full-time remote engineers who share most of the workday as your team. It's an end-to-end talent service, so you can find and hire engineers in Central and South America without having to worry about, frankly, the colossal pain of cross-border payroll and benefits and compliance because Revelo handles all of it. If you're hiring engineers, check out revelo.io/screaming to get 20% off your first three months. That's R-E-V-E-L-O dot I-O slash screaming.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Generally, at the start of these shows, I mention something about money. When I have a promoted guest, which means that they are sponsoring this episode, I talk about that. This is not that moment. There's no money changing hands here.And in fact, I'm about to talk about a product that I am a huge fan of, but I'm, also as of this recording, not paying for. So, one might think I'm the product, but no. Let's actually start by talking about money. My guest today is Avery Pennarun, the CEO of Tailscale, and as of today, being the day that this goes out, you folks have just raised $100 million in a Series B. First, thank you for joining me, followed immediately by congratulations.Avery: It's great to be here, and thank you. It's an exciting announcement that I hope we don't end up spending too much time talking about because money is a lot more boring than technology. But yeah, we are very happy, both to be here and to be making the announcement.Corey: Yeah. CRV and Insight Partners are the lead investors on the round. And it's great to see because I've been using Tailscale for a while now. And it is a transformative experience for the way that I think about these things. A while back, I wrote a Lambda layer that lets Lambda functions take advantage of it, but in fairness, I did write it, so anyone looking at that should—“Haha, that's why you're not a developer full-time. You're bad at it.” Yes, I am.But I can't stop raving about how useful Tailscale is, with the counterpoint that it's also very difficult to explain to people who are not—at least in my experience—broken in a very particular way, as I am. What is Tailscale? And what does it do?Avery: Right. Well, I mean, first of all, one of the things I really like about Tailscale and what we built is that, you know, even if you're not a super great developer—like you just described yourself—you can get excited about it, you can use it for things, you can build on top of it, and contribute back without having to understand every single little detail of what it does, right? Tailscale is something that a lot of people get excited about without having to know how it works; they just know what it gives them, right? The answer to what Tailscale is, is sort of… it can be hard to explain to people who don't know about the kinds of problems that it solves, but the super short answer is it connects all of your devices and virtual machines and containers to each other, wherever they are, without going through an intermediary, right? So, it minimizes latency and it maximizes throughput, and it minimizes pain. And it sounds like that should be hard, but you can get it all done in, like, five minutes.Corey: I have been using it for a while now. Originally, I was using it and federating through it I believe, via Google. I rebuilt and tore down the entire network in about five minutes, instead started federating through GitHub. Nowadays, you apparently changed your position on that identity and you use third-party SSL sources, as well as retaining user information and login stuff yourselves, which is just, it's almost starved for choice, on some level. But I am such a fan of the product that if you'll forgive me if I talk for about a minute or so on how I use it and my experience of it.Avery: Go for it.Corey: So, I wind up firing up Tailscale, and I have a network that from any of my devices, I can talk to any other. I have a couple of EC2 machines hanging out in AWS, I have a Raspberry Pi that I use as a DNS server sitting in the other room, I have my iPad, I have my iPhone, I have my laptop, I have my desktop, I have a VM sitting over in Google Cloud, I have a different VM sitting over an Oracle Cloud. And all of these things can talk to each other directly over a secured network. I can override DNS and talk to these things just by the machine name, I can talk to them via the address that winds up being passed out to them through this. It is transformative. It works on IPv4, IPv6, if I'm on a network without IPv6 access using Tailscale, suddenly I can.I can emerge from almost any other node on this network. And adding a new device to this is effectively opening a link in a browser on either that device or a different one, clicking approve once I log in, and it's done. That is my experience of it, so far. Is that directionally correct as far as how you think about the product? Because again, I use DNS TXT records as a database for God's sake. I am probably not the world's foremost technical authority on the proper use of things.Avery: Right. Yeah. I mean, that's a good description of what it does. I think it actually—it's weird, right? It's hard to get across in words just how simple it is, right?That one-minute description used a bunch of technical-sounding terminology that probably the listeners to your podcast will understand. But, like, the average tech person doesn't need to know any of those things in order to use Tailscale, right? You download it from the app store on your phone and your laptop. And you install Tailscale on both from the App Store. You log into your Google account or your GitHub account, and that's it. Those two devices are tied together in time and space; they can see each other. You can access a web server that you're running on your laptop from your phone without doing anything else, right?And then you can start a VM in AWS and you load Tailscale in there, and now that's part of your network. And so, there's—you don't need to know what IPv4 and IPv6 even are. You don't need to know what DNS even is. It just, you know, the magic sort of comes together. We do a ton of stuff behind the scenes to make that magic work. But it's this —one thing that one customer said to us one time is, like, “It makes the internet work the way you thought the internet worked until you learned how the internet worked.” If that makes sense.Corey: Right. It basically works on duct tape and toothpicks all spit together, and it's amazing that it works at all. I mean, this is going to sound relatively banal, but the way that I've used Tailscale the most is on my phone or on my iPad or on my Mac. I will connect to the Tailscale network by default, and when that is done, it passes out my pi-hole's IP address as the custom DNS server for the entire network. So, I don't see a whole bunch of ads, not just in browser, but in apps and the rest.And every once in a while when something is broken because an ad server is apparently critical to something, great, I turn off the VPN on that device, use the natural stuff. My experience of the internet gets worse as a result and the thing starts working again, then I turn it back on. It is more or less the thing that I use as a very strange-looking ad blocker, in some respects, that I can toggle on and off with the click of a button. But it's magic, it is effectively magic. From the device side, it's open up an app and toggle a switch, or it is grab from the menu bar on a Mac, there's an application that runs and just click the connect button or the disconnect button.There is no MFA every time you connect. There is no type in a username and password. There is no lengthy handshake. I hit connect and it is connected by the time I have moved the mouse back from the menu bar to the application I was working in. Whenever I show this to someone who uses a corporate VPN, they don't believe me.Avery: Right. Yeah, exactly. It's hard to believe. It's like, “Hey, did anything actually happen here?” Because we removed you know, for example, it doesn't by default catch all your traffic, it only catches the traffic to your private network, so it's safe to leave it on all the time because it's not interfering with what you're doing.What you're describing is using Pi-Hole, which is a Raspberry Pi-based DNS server that is an ad blocker, most people using Pi-Hole have one at home, so when they're at home they get ads blocked, but when they leave home they don't get their ads blocked. If you add Tailscale to that, you can use your Pi-Hole even when you're not at home, and it sort of makes it that much more useful. I think an important difference from, say, other services that you can use an adblocker or a privacy VPN is that we never see your traffic, right? Tailscale creates a private network between you and all your personal devices, and that private network is private even from us, right? We help you connect the devices to each other, but when your traffic goes to Pi-Hole, it's your Pi-Hole. It's not our adblocker. It's your adblocker, right, so we never see what traffic you're going to, we never see what DNS names you're looking up because it was just never made available to us, right?Corey: Right. But did you do—the level of visibility you have into my network is fascinating in a variety of different ways, but it is also equally fascinating—one of those ways—is that how limited it is. You know what devices I have, the last time they've connected, the version of Tailscale they're running, an IP address on it, and you also wind up seeing what services are advertised and available on those networks if I decide to enable that. Which is great for things like development; I'm going to be doing development in a local dev sense on an EC2 instance somewhere. And well, I don't want to set up a tunnel with SSH to wind up having to proxy traffic over there just so I can wind up hitting some high port that I bound to, and I certainly don't want to expose that to the general internet; that is a worst practice for all these things.And Tailscale magically makes this go away. I haven't done this in much depth yet with a variety of my team members, but when you start working on this with teams who are doing development work, someone can have something running on their laptop and just seamlessly share it with their colleagues. It's transformative, especially in an area where very often that colleague is not sitting in the same room getting the greasy fingerprints on your laptop screen.Avery: Yep. Yeah, exactly. So, you mentioned the services list which you have to specifically opt into, and the reason we did that is that, you know, the list of devices and hostnames and IP addresses, we have to collect because that's how the service works, right? You send us the information about your devices, and then we send the public keys for those devices to the other devices. We can't get out of collecting that, whereas the services list is purely an interesting add-on feature, and we decided that we didn't want to collect that by default because it would make people nervous about their privacy.So, if you want that feature, you click it on; if you don't want it, don't turn it on, you can still share services with people inside your network; they just need to know that those services exist. You send them the URL or whatever and it'll work, but it doesn't show up as a list of things that we can see in that case. But yeah, sharing stuff between your coworkers is definitely… is a major use case for Tailscale and dev and infrastructure teams in particular. Like, you can—designers, for example, run a test version of the website on their laptop, and then they say, “Hey, visit this URL on my laptop.” And you don't have to be in the same office, you can both be sitting in different cafes in different cities. Tailscale will make it so that the connection between those two computers still works, even if they're both behind firewalls, even if they're both behind different NATs, and so on.Corey: One of the things that astounded me the most; I am reluctant to completely trust things that are new that touch the network. Early on in my career, I made network engineering mistake 101, which is making a change to the firewall in your data center without having another way in. And the drive across town or calling remote hands to get them to let you back in and when you locked things out. Because you folks are building these things on a pretty consistent clip; there are a lot of updates and releases across all of the platforms. And invariably, I find myself on some devices version behind or so, just because of the pace of innovation. “Oh, great. We're updating the VPN client. Cool. So, I'm going to expect this thing to drop and I'm going to have to go in and jigger it to get it working again.”That has never happened. I have finally given in to, I guess, the iron test of this, and I have closed SSH from the internet to most of these nodes. In fact, some of them sit —the Pi-Hole sitting at home, if you're not on my home network, there is no outside way in without breaking in. It is absolutely one of those things that disappears into the background in a way that I was extraordinarily surprised to find.Avery: Right. Well, that is something—I mean, I'm old and grumpy, I guess, is sort of the beginning part of all this, right? I've seen all this annoying stuff that happens with software. And, you know, and many of us, in fact, at Tailscale are old and grumpy, and we just didn't want to repeat those same things. So, first of all, network stuff to an even stronger degree than virtually any other kind of product, if your network stops working, everything stops working, right, so it's number one priority that Tailscale has to not mess up your network.Because if it does, you instantly lose faith. There's kind of like—Tailscale gives you this magical feeling when you first install it, but that feeling of magic goes away very quickly the first time it screws something up and you can't connect when you really need to. So, we put a huge amount of work into making sure that you can connect when you really need to. We have a lot of automated tests. One of our policies that I think is almost unheard of is that we intend to never deprecate support for older versions of the Tailscale client.And to this day, we're about three years into Tailscale, we've never deprecated an old client that anybody is using. So eventually, people—though in fact hard to believe, but eventually, people do stop using some old versions, so those ones don't work anymore, necessarily. But any version of Tailscale that is in use today is going to keep working as long as anybody is using it. We have a very, very, very strong backwards compatibility policy. Because the worst thing that I can imagine is having some Raspberry Pi sitting out in the void somewhere that I haven't looked at for two years, that whoops, Tailscale broke it, and now I can't connect to it, and now I have to go drive down there and fix it, right? It would be just insultingly terrible for that to happen.And we just make sure that doesn't happen. Another thing that people get excited about is, like, on a Debian system or whatever, if you've got the Debian package installed, you can do an apt-get upgrade. Tailscale upgrades and even your SSH session doesn't drop. Every now and then people [comment and was like 00:14:13] —Corey: That was the weirdest part. I was expecting it to go away or hang for a long period of time. And sure, I guess it might drop a packet or so, I've never bothered to look because it is so seamless.Avery: Right. Yeah, exactly. It's just, like, “Wait. Did anything even happen?” It's like, “Yes”—Corey: Right—Avery: —“Something happened. We upgraded it out from underneath you.”Corey: —my next thing is [crosstalk 00:14:28]—yeah, I grep Tailscale on the process table. Like, okay, is this just a stale thing that's existing [unintelligible 00:14:34] to bounce it? No, it has just been started. It was so seamless under the hood that it was amazing. There is something that is—a lot of things have been very deeply right on this.Something else that I think is worth pointing out is that if any company had the brainpower there to roll their own crypto, it would be you folks, but you don't. You're riding on top of WireGuard, an open-source project that does full-mesh VPNs with terrible user interfaces.Avery: Yep. So, you know, I guess disclosure. Back in 1997 when I started my first startup, I was not smart enough to not roll my own crypto. And therefore the VPN I wrote at the time definitely had giant security holes. It was also not that popular, so nobody found them. But I, you know eventually I found [crosstalk 00:15:21]—Corey: “Except a bank, which I really shouldn't disclose.” Kidding, I'm kidding. But yeah.Avery: [laugh]. No, no, no. The bank never used that software. [laugh]. But yeah. Nowadays, I've been through a lot, and I… I would not describe myself as a security expert. Although people often describe me as a security expert. I don't know what that means. But I am enough of an expert to know that I should not be rolling my own crypto. And the people who invented WireGuard, it's one of the—I feel like I'm overstating things, but I'm not—it's one of the biggest leaps forward in cryptography, in probably the history of computing. Now, it builds on a series of things that are part of the same leap forward, right? It's built on the protocol that Signal uses called the Noise Protocol, right? Signal and Noise are built on the Ed25519 curve, made by —or popularized by Dan Bernstein who's a major cryptographer in this area. Sometimes popular, sometimes—Corey: Oh, djb.Avery: —not popular. Yeah, exactly.Corey: He also, near and dear to my heart, wrote djbdns, which was a well-known, widely deployed DNS server, by which I of course mean database. Please, continue.Avery: Yep. [laugh]. I've been a huge fan of basically everything djb has ever made in the history of—Corey: Oh, you're a qmail person. I am on the postfix side of [unintelligible 00:16:37].Avery: Yep. Well, my first startup back in 1997, we made Linux-based server appliances for small businesses. And we use qmail, we use djbdns, we used a couple of other djb products. And you know, for the history of that product—you know, leaving aside my VPN that was a security hole—the djb stuff never had a single problem. That company was eventually acquired by IBM.One of the first things IBM did is, like, “Whoa, djb has a super-weird software license. We can't be doing this. Let's replace it with software that has a decent license.” So, they dropped out djbdns and started using BIND. Within a week, there was a security hole in BIND that affected all of these appliances that they now controlled, right?So, djb is a very big-brained, super genius in security, whatever you might think of his personality. And it's sort of like was the basis for this revolution in cryptography that WireGuard has sort of brought to the networking world. And it's hard to overstate. Just, like, the number of lines of code, there's something like 100 times less code to implement WireGuard than to implement IPsec. Like, that is very hard to believe, but it is actually the case.And that made it something really powerful to build on top of. Like, it's super hard for somebody like me to screw up the security of a WireGuard deployment, where it's very easy to screw up the security of an IPsec deployment.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of “Hello, World” demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking, databases, observability, management, and security. And—let me be clear here—it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself, all while gaining the networking, load balancing, and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build. With Always Free, you can do things like run small-scale applications or do proof-of-concept testing without spending a dime. You know that I always like to put asterisks next to the word free? This is actually free, no asterisk. Start now. Visit snark.cloud/oci-free that's snark.cloud/oci-free.Corey: I just want to call something out as well, that when I say that you folks definitely have the intellectual firepower to roll your own crypto should you choose to do so, but you chose not to, if anything, I'm understating it. To be clear, one of the blog posts you had somewhat recently out was how you are maintaining what is effectively your own fork of the Go programming language. Which is one of those things when someone hears that it's like, “I'm sorry, can you say that again? Because I am almost certain I misunderstood something.” What is the high-level version of that?Avery: Well, there's, I think, two important points there. One of them is that yes, we did fork the Go programming language; it's supposed to be a temporary fork because it allows us to do some experiments with the go back-end. And the primary reason we were able to do that is because we employ a couple of people who used to be on the core Go team. And that was not because we went out looking for people who used to be on the core Go team, that's just how it worked out. But because we do, it's easier for them to fork Go than it would be for the average person, and in many ways, it's easier for them to get their job done by just continuing to work on the codebase they've already worked on.But the second point is actually, as compilers go, the Go compiler is probably the very easiest one I've ever seen to be able to fork and edit. Like it's super-clear code, you're just editing Go code, which is already pretty easy. But they really put a ton of work into making it readable and understandable. So, like, average people actually can fork the Go compiler and not be completely bamboozled by how difficult everything is, right? Compared to, like, GCC where just building the thing is something that takes you weeks to learn how to do, right, Go is just, like, you run this script and build your compiler [unintelligible 00:19:35]—Corey: Yeah. Let me clear this quarter on my schedule so I can go ahead and do that. Yeah, no, thank you.Avery: Yeah. I've built copies of GCC and it's absolutely nightmarish, right? And built people's forks of GCC for special embedded processors and stuff. And this is, like, a f—this is a career that you can specialize in, building GCC, right? There are people that do this, right? And the Go compiler, it's really—Corey: Well, it's 40 years of load-bearing technical debt.Avery: Yeah. Yeah. But the Go compiler. It's very nice; it's just a program that's written in Go, that compiles under Go, and then you end up with one binary, right? And as long as you have that binary, everything just works, right? And so, it's actually surprisingly easy to fork Go. I don't want to—you know, I wouldn't put that on the same level of difficulty as, like, not screwing up cryptography, if you're trying to do it yourself. [crosstalk 00:20:16]Corey: [crosstalk 00:20:16] their own crypto algorithm that they themselves can't defeat. Yeah, it turns out that basically, breaking crypto is a team sport. Who knew?Avery: Yeah. Exactly. Generally, with security, you have this problem a lot, right? It's a lot harder to build a system that nobody can break into, than it is to break into a random system, right? Because you know, the job of securing something against everybody is much harder than the job of finding something you can break into.Corey: So, I did have a question about something you said earlier, where one of the use cases—one of the design goals—is not to have a breaking change to a point where an old device cannot still connect to the private network. But you do have a key expiry for devices where a device needs to relog in, and it can be anywhere between 3 and 180 as I look at it. I don't know if some of the more enterprise-y options have longer options that they can set, but what happen—how do you not have to drive out to the back of beyond to re-authenticate that Raspberry Pi every six months?Avery: Ah. So, this is something, it's at the policy layer, and we have not finished refining this to perfection, I would say, right now. What we do have though, if your key does expire, there's a button in the admin panel to say, like, boost this device for a little bit longer. Sort of unexpire it for another 30 minutes—I don't remember what the—how much time it is—then you can SSH into the device and do a proper key refresh on it without actually having to drive out there. Now, we did for one version, accidentally break the key reactivation feature so that if the client noticed it's key is expired, it actually disconnected from the Tailscale network altogether and then didn't receive the message to, like, “Hey, could you please increase the length of your key?” That was fixable by power cycling it, which you could often get somebody to do without driving all the way out there. But we fixed that, so now that—Corey: “Have you tried turning it off and back on again,” is still a surprisingly effective way of troubleshooting something.Avery: Yeah, exactly. So, that wasn't—I mean, it was kind of annoying for some people. But yeah, the reason we use, by default, every key always expires is because unlimited time credentials are one of the worst security holes that people don't really acknowledge. Because technically, it'll never be the, like—you know, it'll never show up as the highest severity security hole that you have an unlimited time credential sitting in your home directory, but it is something that—well, I can tell a story. There is a company that I heard about that had you know—SSH keys are typically unlimited time credentials; the easiest way to do it is you run ssh-keygen, it puts something in your home directory, you copy the public key to all the devices you want to be able to log into, and then you never think about it again.So, this is a company that, of course, every developer in their company had done this; they had a production network with a bunch of SSH keys in it. Some not very ethical employee worked there, had keys in their production systems, and eventually got fired. Now, of course, this company had good processes in place, they went through all the devices and took out this person's public key from all the devices. What they didn't know is that during lunch one day, this person had gone around to all their coworkers' workstations that hadn't been locked, downloaded the private keys for those people on his—Corey: Oh no.Avery: —computer before he got fired. And so, shortly after he got fired, their entire production network got wiped out. Now, they didn't have enough forensics at the time to know how it all got wiped out, so they spent some time putting it all back in place, this time with forensics. About a month later—they rebuilt everything from scratch, all new public keys and everything. You couldn't possibly have any backdoors in this system, right?And then a month later, it all got wiped out again. This time, the forensics revealed and, like, it was one of the existing employees, coming from a different country, that had gotten into their private production network and wiped everything out. How did that happen? It was because this person had years earlier, downloaded all their public—or private keys when he wandered around through the office. You can fix this problem instantly, by just expiring your keys and forcing your rotation periodically, right?SSH doesn't make that very easy. You can with SSH setup, SSH certificate authentication, which is a huge ordeal to get configured, but once it's working, it solves this particular problem, right? Tailscale [crosstalk 00:24:19]—Corey: On Mac and iOS, there is a slight improvement to this that I'm a big fan of because I agree with you. I am lousy at rotating my keys, but there's an open-source project called Secretive that I use on the Mac that stores the private key in the Secure Enclave, which the Mac will not let out of it. And I have to use Touch ID to authenticate every time I want to connect to something. Which can get annoying from time to time, but there is no way for someone to copy that off. Historically, I would—Avery: That's true.Corey: Have a passphrase that was also tied to the key so if someone grabbed it off the disk, it still theoretically would not be usable. And that was—but again, that is an absolute vector that needs to be addressed and thought about. Key rotation is huge.Avery: And you have to go through this effort to sort it all out, right? So Tailscale, we just have this policy: We don't do unlimited length credentials; we do key rotation for everything, and we just sort of set different time limits for this rotation depending on how picky you want to be about it. But any key expiry is much, much better than no key expiry. Even if you set it to a six-month key expiry, you still have at least it's only the six-month window that somebody could theoretically reuse your keys. And we can also rotate keys behind the scenes and so on.So, in the SSH case, the way people use Tailscale, you stopped opening the SSH port to the world. You're only SSH when you're connected over Tailscale. The fact that your Tailscale keys rotate and expire over time is what protects your SSH session. So, you could keep using static SSH keys that never expire—don't try to figure out all this other complicated stuff, right—and you're still protected from these private SSH, like, unlimited length keys. Now, that said, for servers, Tailscale does have a button where you can say, like, “Please stop expiring the key.” This is a server, nobody's ever going to get physical access to the machine.The only thing we could do with the private key for this machine is allow other people to SSH into it, which is not very dangerous, right? It's pretty much, like, somebody stealing your SSH authorized keys file; like, it doesn't really matter. And for that case, you turn off the expiry altogether. But expiring keys is intended for use by, like, devices that employees are actually holding in their hands where if it expires, it's no big deal, you push the login button and it refreshes.Corey: There's something that is very nice about dealing with something that is just so sensible. I mean, we've all—at least in the olden days of running sysadmin stuff, we had this problem we would generate—or purchase back in those days—SSL certificates and, great, they expire to a year or so at the end of the year, people forget, and then it would expire you to run around fixing this. And the default knee-jerk response was that was awful. Let's get the next one for five years so we didn't have to think about it that long.And it's always a wildcard and so it gets put all over the place, and you wind up with these problems. One of the things that Let's Encrypt has done super well is forcing a rotation every 90 days so you know where it is. It's just often enough you want to automate it. And ACM, the AWS certificate manager that they use, takes a slightly different approach. It doesn't give you the private key; it embeds it in other places so they can handle the rotation themselves.And they start screaming in your email if they can't verify that it's time for renewal long before it hits. It's different approaches to the problem, but yeah, five years out, how should I know all the places the certificate has wound up in that intervening time? Most of the people who did it aren't there anymore. And one day, surprise, a website breaks, either because its SSL cert isn't working, or one of the back-end services it depends on suddenly doesn't have that working. It's become a mess, so having a forced modernity to these things is important.Avery: Right. It's forced modernity, and it's just basically, it's all behind the scenes. Like, you don't even think about the fact that Tailscale gave you a key because that is not relevant to your day-to-day life, right? You logged in, something happened, all these devices ended up on your network. What actually happened is that public and private keys—you know, a private key was generated, the public keys were distributed properly, things are getting rotated, but you don't have to care about all that stuff.So, it's fun that Tailscale is what we call secure by default, right? People love to use it because it's easier, it makes their life easier, but security teams like it because actually, it changes the default security posture from, like, “Ugh, I'm going to have to tell everybody to please stop doing these five things because it always creates security holes,” to like, “Whoa, the thing that they're going to do most naturally is actually going to be safe.” Right? I really like that about it. You're not thinking about certificates, but their certificates are getting rotated exactly as they should be.Corey: There's just something so nice about computers doing the heavy lifting for us. It's one of the weird things about Tailscale is it falls into a very strange spot where there is effectively zero maintenance burden on me, but I still use it to toggle it on or off in scenarios often enough to remember that it's there and that I'm using it. It is the perfect sweet spot of being somewhat close to top of mind, but never in a sense that is, “Oh, I got to deal with this freaking thing again.” It never feels that way. Logging into it, it has long-lived sessions at the browser, so it isn't one of those, ah, you have to go back to GitHub and re-authenticate and do all these other dog-and-pony show things. It just works. It is damn near a consumer-level of ease-of-use, start to finish. The hard part, of course, is how on earth you explain this to someone [laugh] without a background in this space.Avery: Yeah, exactly. It's something we ask ourselves sometimes is, like, well, you know, Tailscale is great for developers right now. It is easy enough to use, even for consumers, but, like, how would you explain it to consumers and find a good use case for consumers? And it's something that I think we are going to do eventually, but it hasn't been, up until now, a super high priority for us just because developers are this sort of like the core audience that we haven't even finished building a great product that does everything that they want, yet. There is one little feature in Tailscale that's the beginning of something that's consumer-friendly; it's called Taildrop.I don't know if you've seen this one. You can turn it on, and basically, it acts like AirDrop in Apple products, except you don't need to care about physical proximity and it works with every kind of device, not just Apple devices, right? So, you can add it as—it shows up in the share pane on your Mac OS or Windows or iOS device. You can use it from Linux, you just use it to send files of any type, and it sends them point to point not through a cloud provider so that we never see a copy of the file. It only goes between your devices over your encrypted network. So, that's something that consumers kind of like.Corey: Feels like Tailprint for Bonjour could wind up being another aspect of this as well. And I'm still hoping for something almost Ansible-like where run the following command, whether it's pre-approved or not, on a following subset of things. In my case, for example, it's, I would love it if it would just automatically, when I press the button, update Tailscale across all of the nodes that support it, namely the Linux boxes. I don't think you can trigger an App Store update from within a sandboxed app on iOS, but I've been—Avery: Right.Corey: Surprised before. Yeah. But it's nice to be able to do some things.Avery: Yeah. This is one of those—yeah, we get that request a lot for, like, can you push a button to auto-update Tailscale? It makes me really sad that we get this request because the need for this is a sign that all of the OS vendors have completely botched software updates, right? Like, the OS should be the thing, updating your software on a good schedule based on a set of rules, and it shouldn't be the job of every single application to provide their own software update. It's actually a massive, embarrassing, security hole that software can even update itself, right?Because if it can update itself, then you know, imagine someone breaks into the production services of a company that is offering a particular program. They put malware into a version of the software, they put it into the software update server, and then they trigger everything in the network to push the software update to those devices. Now, you've got malware installed on all your devices, right? It's very strange that people asked for this as a feature. [laugh].Tailscale currently does not have that feature; it doesn't push software updates on its own. But it's such a popular feature that I think we're going to have to implement it because everybody wants this because Windows, for example, is simply just never going to automatically update your software for you. We have to have these weird-super admin rights on your machine so that we can push software updates because nobody else will. I feel really weird about that. You know, the security world should be protesting this more.But instead, they're like, asking, can you please put this feature in because I've got a checklist in my compliance thing that says, “Is all your software up-to-date?” I don't have a checklist item that says, “Does any of my software have super-admin rights that they shouldn't have?” Right? It's sort of, I guess, the next level of supply-chain management is the big word. Nobody—there is no supply chain management for software.Corey: There isn't, for better or worse. I wish there were, but there simply is not. Ugh. Next year, maybe. We hope.Avery: Yep. So, you have to trust your vendors, fundamentally, which I guess will always be true. That's true for Tailscale as well, right? Whether or not we include the software update pushing. If you're installing a VPN product provided by a vendor, you have to trust that we're going to put the right stuff into the software.And the best—the only thing I can really do is just be honest about these issues and say, “Well, look, we try our best. We definitely try not to implement features that are going to turn into security holes for you.” And I think we do a lot better than most vendors do in that area. But it's very hard to be perfect because nobody knows how to do software supply chain well.Corey: Ugh. I hear you. I that's the nice thing, too. Honestly, the big reason I know I need to update these things and the reason I want to do it's actually you. Because whenever I log in and look at my devices in the Tailscale thing, there's a little icon next to the one that there's an update available here.And you have fixed a lot of the niceties on this, like, ah, there's an update available for the iOS version. It's, “Really? Because it's not available in the Apple Store yet,” as I sit there spamming the thing. That stopped happening. There's a lot of just very nice quality-of-life improvements that are easy to miss.Avery: Yep, yeah, that's kind of weird. We actually went a little overboard on the update available notifications for a while because there's always this trade-off, right? Like I said, we have a policy of never breaking old versions, so when people see the update available notification, they kind of panic. It's, like, “Oh no, I better install the update, before Talescale cuts me off.” And, like, well, we're not actually ever going to cut you off, so you shouldn't have to worry about that stuff.But on the other hand, you're not going to get the latest features and bug fixes unless you're running the latest version, so when people email us saying, “Hey, I'm using Tailscale from six months ago, and I have this problem,” the first thing our support team does is say, “Well, can you please try the latest one, and does the problem go away?” Because it's kind of inefficient debugging six-month-old software. So, one way we were trying to, like, minimize that cost is, like, hey, we could just tell people there's a new version available and then maybe they'll update it themselves. But that resulted in people panicking. Like, oh, no, I need to install the software really, really soon because I can't afford to break my network.Corey: Right.Avery: And because our system is based on WireGuard and this is —you know, I'll probably jinx it by saying this but, like, we've never had an actual security hole that we've had to issue a Tailscale update to resolve, right? People see the update available thing and, like, “Oh, no, I bet there's a whole bunch of vulnerabilities that they fixed.” It's like, “Well, no.” WireGuard has also never had a vulnerability, right? [laugh] it's… yeah, it's, you know, sooner or later there probably will be one, and when there is one, we'll probably have to make the, you know, update notification in red or something instead of just the little icon on the admin panel. But yeah, it's—Corey: [laugh].Avery: —we try [crosstalk 00:35:23]—Corey: Nice job on jinxing it, by the way, I appreciate that.Avery: Yeah I know. I mean, I try to try my best. [laugh]. But I've actually been surprised. It's very much like my experience with all the djb stuff we used in the past.Like, when we were using qmail and djbdns for years, there was never once a security hole, right? It's very interesting that it is possible to design software that never once has a security hole. And nobody does that, right? I mean, I would say I'm not as smart as djb; our software is probably, you know, not going to be as one hundred percent perfect as that, but we try really, really hard to aim for that as a goal.Corey: Yeah. I really want to thank you for taking the time to speak with me about everything Tailscale is up to. And again, congratulations on your Series B. If people want to learn more, where should they go?Avery: I guess, tailscale.com is the place. We also have @tailscale in Twitter. My own personal Twitter is @apenwarr, which you probably won't be able to spell unless you Google for me or something—Corey: But it's in the [show notes 00:36:19], which makes this even easier.Avery: It is? Ah, there you go. So yeah, there's lots of information. But the number one thing I tell people is, like, look, it is a lot easier to get started than you think it is. Even after you've heard it 100 times, nobody ever believes how easy it is to get started. Just go to the App Store, download the app, log into your account, and you're already done, right? Try that and you don't even have to read anything.Corey: I would tear you apart for that statement if it weren't—if it were slightly less true than it is, but it is transformative. Give it a try. It's a strong endorsement from me. Thank you so much for your time. I appreciate it.Avery: Thank you, too. Great talking to you, and talk next time.Corey: Indeed. Avery Pennarun, CEO of Tailscale. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this show, please leave a five-star review on your podcast platform of choice, and smash the like and subscribe buttons, whereas if you've hated it, same thing—five-star review, smash the buttons—and also leave an angry bitter comment about how you are smart enough to roll your own crypto, so you don't understand why other people wouldn't do it.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Hashtag Authentic - for small businesses, bloggers and online creatives
Why niching on Instagram is (generally) bad advice

Hashtag Authentic - for small businesses, bloggers and online creatives

Play Episode Listen Later May 4, 2022 28:48


Where to find Sara:Sara's website: meandorla.co.ukSara on Instagram: @me_and_orlaSara on Twitter: @meandorlaSara on SubstackThe Insta RetreatSell Your Sh*tOne to one business coaching with Sara

Fitness Marketing Mastery
20 Tips to More Midlife Fitness Clients Post Pandemic | #319

Fitness Marketing Mastery

Play Episode Listen Later May 4, 2022 37:44


If you're working with midlife women and love solving the problems of insomnia, weight gain, and belly fat with exercise modifications made for menopause, and want more midlife fitness clients… or health coaching clients… this is for you.   00:00 You already realize that the time of day a woman exercises may determine how her hormones respond. She can improve or devastate her hormone status by the time of day she exercises.    You're probably already advising women about the difference between lifting weights and lifting them according to bone building and metabolism-boosting methods for women.   But… you aren't as certain about how to help more women. You wonder how to market more effectively so that you can make a bigger difference. Buckle that seat belt, lace up your shoes, and let's go.    1)  04:02  Become the expert – education above and beyond  Nothing comes before this. You've got to have the goods as much for yourself as anyone. When you know you know and you have something to say, your voice is strong. If your voice is soft, you lack confidence because of what someone will think, double down on education. But not to a fault. Here's where trainers get stuck in overcompensating for some feeling they aren't enough by taking more and more courses and certifications. That isn't going to fill up a confidence hole. If you need a coach, get a coach. Work on you and your personal sense of self. Know which kind of education and training you need before you go investing in something that will never help you over the real problem. 2)    06:10 Create relationships with experts  The doctors, dentists in your community, and coaches and authors online that serve your audience are golden resources for you (and you are for them). Connect with them, serve them. Like and comment and share their posts if you agree with them. That puts you on their radar. Ask to do a “live” with them on social and answer audience questions. (There's a way to do this that sets you up for success).  Once you connect by serving and giving, you can explore opportunities for referrals or affiliate promotions.  3)   07:16  Leverage social media (don't waste it) When you have a message they need and are looking for, use it! Avoid common mistakes like incorrect use of hashtags, failure to warm up your feed before posting, and more. Are you aware of platform secrets for engagement?    4)   07:51  Avoid pitching on social media The fastest way to kill your social media success is share programs, use it like an “ad” for your webinar when it's not an ad. (Paid ads are fine). Your organic reach is going to be stifled by that.  5)   08:54 Build your email list If you aren't working on this daily with a juicy freebie you should be. Here's how.    There's both the science of knowing how to help when you get them. There's the art of knowing who you work best with and who you repel. I gladly give client leads to our Flipping50 Fitness Specialists when I know they aren't the right match for me. There is an abundance of midlife fitness clients who need help. Be open to the idea you're not for everyone and that acknowledging that will bring you more business in the end.    6)    11:18 Send consistently valuable emails Once a week is minimum. If you just called your best friend once a week, would that be a little weird? Consider bumping it up to two and see what happens. Valuable means, though, not a sales pitch every time. If that's all it is, most of us will say no thanks and hit delete or at least never read really fast.  7)    12:44 Get media exposure  Every local news station needs news to fill their programming every day. If you have news, and it's not your book or program or business, but real news you can talk about, and it's timely and relevant, they're interested.  What recent research study is relevant to your work and their audience. By the way, women in midlife are often still watching the news on TV, so go for it. It's not actually the appearance on the news, it's what you do with it after that matters.  8)    Write or present for the industry There are a dozen industry conferences that you can apply to speak at and share your expertise. If you have something special you've done and can teach other trainers and health coaches to do: a special workout, grown your social media, made X $ with a specific marketing strategy… it's worthy of an application. If you've formed great relationships with physical therapists and have a unique referral process, that's something other professionals can benefit from. I started teaching trainers the difference between coaching boundaries vs personal training back in 2000 and I've been presenting at major associations like IDEA, CanfitPro, NSCA, MedFit, FILEX, SCW and Club Industry, and Fitness Fest, ever since. It just takes one good idea and one conference to get started. 9)    Make one call every day This is the easiest way on earth to gain clients. Few trainers or health coaches will do it. Recently a coach said to me, “How will I get to  [$$$$  amount she wanted]?” and I said, “Are you still making the daily calls?” No. It had been less than 2 weeks. When you ask for help, you're given help, you have a choice. Fewer than 2% follow through. Nine out of 10 fitness businesses still go out of business or it's still a hobby taking a loss at tax time 5 years later.  10) Be your brand  Work on your personal presentation in public. Look, I lived in a relatively small town before college, then moved to a college town that after 30 years had become pretty small. Everyone knew me everywhere I went. Then I moved to Boulder and then Scottsdale.  I loved the anonymity… until… I'm in line at Walgreens (and again at the airport to board) and a woman says, “Do you have a website?” or “You look just like someone I follow online.” I can't make this up. In both cases, also can't make this up… it had been a busy day in business and I slapped on a visor and had not yet showered. No make-up, just getting done what I had to do. My point? I was not “representing” either of those times. In fact, was hoping to fly under the radar and not be recognized. But you don't get to choose. So, make sure you are comfortable if it happens. (I've decided I am. I go on camera that way too. The message for me is more important than me getting made up and pretending I'm perfect. But you may not be. So, if you are the spokesperson for your business, decide).      One of the best organic sources of traffic for me was YouTube videos for 8 years. Until, that is the pandemic and everyone is on YouTube because there wasn't another best choice. However, the foundation you lay there will support your efforts. While consistency isn't a fast game it is always the best game. Call someone daily… no one does. Do videos 2 or 3 times a week… and keep doing it. No one does. You will win.      11) Talk About the Pandemic Listen, this is stupid. Few trainers and health coaches are using this in marketing strategies and it's ridiculous. Get on it. The problems today are not the same as problems pre-pandemic. Acknowledge it and offer a solution.  12) Offer free presentations to women's groups Every women's group has a presentation almost as often as they have a meeting. Generally, it's a monthly occurrence and often it's during nine months of the year excluding summer. There may be holiday months off, but that's 8 opportunities for you to let it be known that you can talk about exercise motivation, benefits of [your type of training], or bone density, for example.  13) Team up with organizations (for charity) Charity events are held annually in every town and city and online. Find ones that resonate with your midlife fitness clients. Alzheimer's, Parkinson's, American Heart or Cancer related events are a good start. Your local hospital and auxiliary are others. Be present to demonstrate how exercise or wellness reduces risk or improves outcomes. You can get in front of an audience who care about health and about community.  14) Get on video  On social media, on your website pages and anywhere you can do it, video is the easiest way to do what you do best. You teach, explain, and design exercise programs that are effective. Or as a coach you provide clarity and support to clients making changes. Capture it on video and then share it (market it). 15) Write a book  Anyone can write a book today. The barrier to self-publishing is low. Once you write it, it's about marketing it shamelessly to get it in as many hands as possible. A book (well done) immediately builds credibility. That includes references, expert interviews, story, and reviewers. The complete process is not a quick fix but you can flesh out your outline for a home run book quickly if you really know your customer.  Link to 5 Day Flip: https://www.flippingfifty.com/midlife-clients More midlife fitness clients (or health coaching clients) come from the trail that leads them to you. When they get there, it's about your voice. Are you speaking the same rate as they are, making them feel more relaxed and confident they've found the answer? Test your voice, your literal voice. If it sounds childlike or is hard to listen to, you can change it with practice.   16) Trademark your system You should have a unique method, system or protocol that is proven to work. You want to have clients who can give testimonials that it's worked for them. You want to create video about why you created it. You want to talk about a single step in a presentation and mention this is just one of 5 (or 3 or 4) that you have.  17) Define your niche and stick to it The mistake most trainers make is thinking they can serve anybody and that getting specific will narrow their reach. The opposite is true. You won't attract anybody with “everybody” messages. If a reader, viewer, or listener doesn't see themselves in you and your message, they aren't going to take the next step.  18) Make it easy to start Reduce the barrier. That might be free something or a money-back guarantee. 19) Go beyond “free trial” or “free consultation.” Do a free class for a charity. Meet clients where they are with a less intimidating first contact. The ones that really need you are not ask likely to register for a free consultation as you might think. That's a big step for them. But a small challenge or a video or ebook that solves a problem for them is an easier, more convenient way to learn whether they trust you.  20) Always market.  Whether it's paid ads you keep rolling on Facebook or it's a partnership with someone in town, you'll always want and need new leads. The most successful keep the lead sources always nurtured and never stop. If you had too many clients and couldn't service them, wouldn't that be a fun problem? Then you'll need, 10 Ways to Serve More Clients in Less Time, right? You just tell me when you're ready. And I'll tell you, if you can serve 10 you can serve 100, and 1000, and if you dream and you have the vision you can serve 10,000 or 100,000. You first have to see it.    The best way to attract midlife fitness clients that you know you can help is to grow your support of them first. Gain confidence and strength in your voice. Gain the knowledge you need to do that without getting stuck thinking what you need is one more certification or degree.  Resources Mentioned in this Episode:  5 Day Flip: https://www.flippingfifty.com/midlife-clients Best Freebies for Best Customer Attraction: https://www.flippingfifty.com/5-day-fmm-specialist-challenge-opt/ Flipping 50's Menopause Fitness Specialist: https://www.fitnessmarketingmastery.com/menopause-fitness-specialist Additional Podcasts You Might Like: Training Women in Menopause | Flipping 50 Menopause Fitness Specialist: https://www.fitnessmarketingmastery.com/training-women-in-menopause/ Women's Fitness, Health, & Hormones | Training Menopause: https://www.fitnessmarketingmastery.com/hormone-course/

Good Risings
50.3. Level Up Latte: Three Tips to Show Self Love

Good Risings

Play Episode Listen Later May 4, 2022 5:01


Today we will give three tips to showing self love that are important to me.  First, is listening to high vibrational music. This is any type of music that is above four hundred and thirty-two hertz. Generally this is going to be orchestra music.  Second, get moving and dance. This gets the body moving and this also raises your vibration that goes along with listening to high vibrational music. Third, It sounds simple but, Laugh. Watching a funny movie, or a comedian doing stand up.    Good Risings is a mindset. Adrianne Nina  for a daily dose of Motivation. Presented By: Cavalry Audio.  Producers: Jason Seagraves & Margot Carmichael.   Audio Editing: Revision Sound. Music: Gramoscope Music.  Show Notes by: Brett Burris Executive Producers: Nichelle Hines, Dana Brunetti & Keegan Rosenberger.  Learn more about your ad-choices at https://www.iheartpodcastnetwork.com You can now search all of the Good Risings episodes on Fathom.fm/GoodRisings! See omnystudio.com/listener for privacy information.

The tastytrade network
Crypto Concepts - May 3, 2022 - Crypto Wallets

The tastytrade network

Play Episode Listen Later May 3, 2022 14:46


Wallets are digital address where crypto is stored. There are different types of wallets that trade off liquidity and security. Generally speaking, the higher the liquidity of your crypto, the lower the security and ownership level, and vice versa.

The tastytrade network
Crypto Concepts - May 3, 2022 - Crypto Wallets

The tastytrade network

Play Episode Listen Later May 3, 2022 13:55


Wallets are digital address where crypto is stored. There are different types of wallets that trade off liquidity and security. Generally speaking, the higher the liquidity of your crypto, the lower the security and ownership level, and vice versa.

Art · The Creative Process
Donald Sultan · Artist

Art · The Creative Process

Play Episode Listen Later May 3, 2022


Artist Donald Sultan rose to prominence in the late 1970s as part of the “New Image” movement. Sultan has challenged the boundaries between painting and sculpture throughout his career. Using industrial materials such as roofing tar, aluminum, linoleum and enamel, Sultan layers, gouges, sands and constructs his paintings—sumptuous, richly textured compositions often made of the same materials as the rooms in which they are displayed. He lives and works in New York City.“I always feel that you can never fail if you don't know what you're doing. The best work is what you do when you don't know what you're doing…A lot of the images that have struck me, that I get drawn to, a lot of them were from painting. Some of them were from early movies. Some of them were from places I visited, but mostly gardens or wild gardens that had things in them I'd never seen before, and then learning what that was when I'd been working on it. Generally speaking most of what I do had to do with my feelings about other artists work that I admired. A lot of the industrial materials that are use, floor tiling and things like that came from site specific artists, sculptors, people who built into the buildings, Arte Povera. Using works that were just found, the poor materials, that kind of thing. Tar I kind of got from working in my fathers tire shop with the grinding of the rubber and so on. Things come together and I wasn't even aware of it until people start asking me about it. I remember telling them about this man, being in black room with all this rubber, smoking Camels. It was a very cool image. I'll never forget the guy, but when I was doing it myself, that's not what I was thinking. I was really thinking about the materials I was using and inverting them.”· donaldsultanstudio.com· ryanleegallery.com · www.creativeprocess.info · www.oneplanetpodcast.org

Journey To Your Soul's Home Podcast
Should You Move Into Your Spouse's House When You Get Married?

Journey To Your Soul's Home Podcast

Play Episode Listen Later May 3, 2022 3:22


Should you move into your spouse's house when you get married?  Now that you've found your soul mate, it's time to find your Soul's Home®. But can your Soul's Home® be a house your spouse already owns? That depends.  Presumably, you're getting married because you feed each other's souls. Since that's the case, start with the premise that your relationship is more important than where you live. You could live in the most perfect house but if you're not in harmony with your spouse, that perfect house will not be your Soul's Home®. On the other hand, you could live in a terrible house but if you are in harmony with your spouse you will feel like your Soul is Home®.  When you marry, you're both going from “me” to “we”. Generally, it's better to approach finding your marital home as a “we” rather than adapting a home that was found as a “me” or worse yet a previous “we.” But sometimes, finances, a unique house or location, children or other life circumstances may make a home that one of you owns your Soul's Home® too.    There are three steps to hearing whether your souls are calling you to find a new house together or use one of your existing homes: – First, tune into your soul's purposes as individuals and as a couple.  – Second, prioritize each of the Soul's Home® ingredients by what you need most to feed your souls.  – Third, determine if the existing house can meet those priorities for now.  If it can, agree on what changes you'll make to transform it from a “me” house to your “we” house, how you'll share expenses, if you'll both be on the title and when it might be time to consider moving. If an existing house can't meet your “we” priorities, it's time to let go and find a new house together. I hope you two soul mates find your Soul's Home®.  If you need help, I'd love to speak with you. Just click Contact Me to schedule a free 30-minute call. Next week, we'll talk about moving in together when you're not married by asking, “Is shacking up soulful?”.  Until next time, I wish you well on your journey.

Screaming in the Cloud
Leading the Cloud Security Pack with Yoav Alon

Screaming in the Cloud

Play Episode Listen Later May 3, 2022 34:13


About YoavYoav is a security veteran recognized on Microsoft Security Response Center's Most Valuable Research List (BlackHat 2019). Prior to joining Orca Security, he was a Unit 8200 researcher and team leader, a chief architect at Hyperwise Security, and a security architect at Check Point Software Technologies. Yoav enjoys hunting for Linux and Windows vulnerabilities in his spare time.Links Referenced: Orca Security: https://orca.security Twitter: https://twitter.com/yoavalon TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Vultr. Optimized cloud compute plans have landed at Vultr to deliver lightning fast processing power, courtesy of third gen AMD EPYC processors without the IO, or hardware limitations, of a traditional multi-tenant cloud server. Starting at just 28 bucks a month, users can deploy general purpose, CPU, memory, or storage optimized cloud instances in more than 20 locations across five continents. Without looking, I know that once again, Antarctica has gotten the short end of the stick. Launch your Vultr optimized compute instance in 60 seconds or less on your choice of included operating systems, or bring your own. It's time to ditch convoluted and unpredictable giant tech company billing practices, and say goodbye to noisy neighbors and egregious egress forever. Vultr delivers the power of the cloud with none of the bloat. "Screaming in the Cloud" listeners can try Vultr for free today with a $150 in credit when they visit getvultr.com/screaming. That's G E T V U L T R.com/screaming. My thanks to them for sponsoring this ridiculous podcast.Corey: Finding skilled DevOps engineers is a pain in the neck! And if you need to deploy a secure and compliant application to AWS, forgettaboutit! But that's where DuploCloud can help. Their comprehensive no-code/low-code software platform guarantees a secure and compliant infrastructure in as little as two weeks, while automating the full DevSecOps lifestyle. Get started with DevOps-as-a-Service from DuploCloud so that your cloud configurations are done right the first time. Tell them I sent you and your first two months are free. To learn more visit: snark.cloud/duplocloud. Thats's snark.cloud/D-U-P-L-O-C-L-O-U-D. Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Periodically, I would say that I enjoy dealing with cloud platform security issues, except I really don't. It's sort of forced upon me to deal with much like a dead dog is cast into their neighbor's yard for someone else to have to worry about. Well, invariably, it seems like it's my yard.And I'm only on the periphery of these things. Someone who's much more in the trenches in the wide world of cloud security is joining me today. Yoav Alon is the CTO at Orca Security. Yoav, thank you for taking the time to join me today and suffer the slings and arrows I'll no doubt be hurling your way.Yoav: Thank you, Corey, for having me. I've been a longtime listener, and it's an honor to be here.Corey: I still am periodically surprised that anyone listens to these things. Because it's unlike a newsletter where everyone will hit reply and give me a piece of their mind. People generally don't wind up sending me letters about things that they hear on the podcast, so whenever I talk to somebody listens to it as, “Oh. Oh, right, I did turn the microphone on. Awesome.” So, it's always just a little on the surreal side.But we're not here to talk necessarily about podcasting, or the modern version of an AM radio show. Let's start at the very beginning. What is Orca Security, and why would folks potentially care about what it is you do?Yoav: So, Orca Security is a cloud security company, and our vision is very simple. Given a customer's cloud environment, we want to detect all the risks in it and implement mechanisms to prevent it from occurring. And while it sounds trivial, before Orca, it wasn't really possible. You will have to install multiple tools and aggregate them and do a lot of manual work, and it was messy. And we wanted to change that, so we had, like, three guiding principles.We call it seamless, so I want to detect all the risks in your environment without friction, which is our speak for fighting with your peers. We also want to detect everything so you don't have to install, like, a tool for each issue: A tool for vulnerabilities, a tool for misconfigurations, and for sensitive data, IAM roles, and such. And we put a very high priority on context, which means telling you what's important, what's not. So, for example, S3 bucket open to the internet is important if it has sensitive data, not if it's a, I don't know, static website.Corey: Exactly. I have a few that I'd like to get screamed at in my AWS account, like, “This is an open S3 bucket and it's terrible.” I look at it the name is assets.lastweekinaws.com. Gee, I wonder if that's something that's designed to be a static hosted website.Increasingly, I've been slapping CloudFront in front of those things just to make the broken warning light go away. I feel like it's an underhanded way of driving CloudFront adoption some days, but not may not be the most charitable interpretation thereof. Orca has been top-of-mind for a lot of folks in the security community lately because let's be clear here, dealing with security problems in cloud providers from a vendor perspective is an increasingly crowded—and clouded—space. Just because there's so much—there's investment pouring into it, everyone has a slightly different take on the problem, and it becomes somewhat challenging to stand out from the pack. You didn't really stand out from the pack so much as leaped to the front of it and more or less have become the de facto name in a very short period of time, specifically—at least from my world—when you wound up having some very interesting announcements about vulnerabilities within AWS itself. You will almost certainly do a better job of relating the story, so please, what did you folks find?Yoav: So, back in September of 2021, two of my researchers, Yanir Tsarimi and Tzah Pahima, each one of them within a relatively short span of time from each other, found a vulnerability in AWS. Tzah found a vulnerability in CloudFormation which we named BreakingFormation and Yanir found a vulnerability in AWS Glue, which we named SuperGlue. We're not the best copywriters, but anyway—Corey: No naming things is hard. Ask any Amazonian.Yoav: Yes. [laugh]. So, I'll start with BreakingFormation which caught the eyes of many. It was an XXE SSRF, which is jargon to say that we were able to read files and execute HTTP requests and read potentially sensitive data from CloudFormation servers. This one was mitigated within 26 hours by AWS, so—Corey: That was mitigated globally.Yoav: Yes, globally, which I've never seen such quick turnaround anywhere. It was an amazing security feat to see.Corey: Particularly in light of the fact that AWS does a lot of things very right when it comes to, you know, designing cloud infrastructure. Imagine that, they've had 15 years of experience and basically built the idea of cloud, in some respects, at the scale that hyperscalers operate at. And one of their core tenets has always been that there's a hard separation between regions. There are remarkably few global services, and those are treated with the utmost of care and delicacy. To the point where when something like that breaks as an issue that spans more than one region, it is headline-making news in many cases.So it's, they almost never wind up deploying things to all regions at the same time. That can be irksome when we're talking about things like I want a feature that solves a problem that I have, and I have to wait months for it to hit a region that I have resources living within, but for security, stuff like this, I am surprised that going from, “This is the problem,” to, “It has been mitigated,” took place within 26 hours. I know it sounds like a long time to folks who are not deep in the space, but that is superhero speed.Yoav: A small correction, it's 26 hours for, like, the main regions. And it took three to four days to propagate to all regions. But still, it's speed of lighting in for security space.Corey: When this came out, I was speaking to a number of journalists on background about trying to wrap their head around this, and they said that, “Oh yeah, and security is always, like, the top priority for AWS, second only to uptime and reliability.” And… and I understand the perception, but I disagree with it in the sense of the nightmare scenario—that every time I mention to a security person watching the blood drain from their face is awesome—but the idea that take IAM, which as Werner said in his keynote, processes—was it 500 million or was it 500 billion requests a second, some ludicrous number—imagine fails open where everything suddenly becomes permitted. I have to imagine in that scenario, they would physically rip the power cables out of the data centers in order to stop things from going out. And that is the right move. Fortunately, I am extremely optimistic that will remain a hypothetical because that is nightmare fuel right there.But Amazon says that security is job zero. And my cynical interpretation is that well, it wasn't, but they forgot security, decided to bolt it on to the end, like everyone else does, and they just didn't want to renumber all their slides, so instead of making it point one, they just put another slide in front of it and called the job zero. I'm sure that isn't how it worked, but for those of us who procrastinate and building slide decks for talks, it has a certain resonance to it. That was one issue. The other seemed a little bit more pernicious focusing on Glue, which is their ETL-as-a-Service… service. One of them I suppose. Tell me more about it.Yoav: So, one of the things that we found when we found the BreakingFormation when we reported the vulnerability, it led us to do a quick Google search, which led us back to the Glue service. It had references to Glue, and we started looking around it. And what we were able to do with the vulnerability is given a specific feature in Glue, which we don't disclose at the moment, we were able to effectively take control over the account which hosts the Glue service in us-east-1. And having this control allowed us to essentially be able to impersonate the Glue service. So, every role in AWS that has a trust to the Glue service, we were able to effectively assume a role into it in any account in AWS. So, this was more critical a vulnerability in its effect.Corey: I think on some level, the game of security has changed because for a lot of us who basically don't have much in the way of sensitive data living in AWS—and let's be clear, I take confidentiality extremely seriously. Our clients on the consulting side view their AWS bills themselves as extremely confidential information that Amazon stuffs into a PDF and emails every month. But still. If there's going to be a leak, we absolutely do not want it to come from us, and that is something that we take extraordinarily seriously. But compared to other jobs I've had in the past, no one will die if that information gets out.It is not the sort of thing that is going to ruin people's lives, which is very often something that can happen in some data breaches. But in my world, one of the bad cases of a breach of someone getting access to my account is they could spin up a bunch of containers on the 17 different services that AWS offers that can run containers and mine cryptocurrency with it. And the damage to me then becomes a surprise bill. Okay, great. I can live with that.Something that's a lot scarier to a lot of companies with, you know, serious problems is, yep, fine, cost us money, whatever, but our access to our data is the one thing that is going to absolutely be the thing that cannot happen. So, from that perspective alone, something like Glue being able to do that is a lot more terrifying than subverting CloudFormation and being able to spin up additional resources or potentially take resources down. Is that how you folks see it too, or is—I'm sure there's nuance I'm missing.Yoav: So yeah, the access to data is top-of-mind for everyone. It's a bit scary to think about it. I have to mention, again, the quick turnaround time for AWS, which almost immediately issued a patch. It was a very fast one and they mitigated, again, the issue completely within days. About your comment about data.Data is king these days, there is nothing like data, and it has all the properties of everything that we care about. It's expensive to store, it's expensive to move, and it's very expensive if it leaks. So, I think a lot of people were more alarmed about the Glue vulnerability than the CloudFormation vulnerability. And they're right in doing so.Corey: I do want to call out that AWS did a lot of things right in this area. Their security posture is very clearly built around defense-in-depth. The fact that they were able to disclose—after some prodding—that they checked the CloudTrail logs for the service itself, dating back to the time the service launched, and verified that there had never been an exploit of this, that is phenomenal, as opposed to the usual milquetoast statements that companies have. We have no evidence of it, which can mean that we did the same thing and we looked through all the logs in it's great, but it can also mean that, “Oh, yeah, we probably should have logs, shouldn't we? But let's take a backlog item for that.” And that's just terrifying on some level.It becomes a clear example—a shining beacon for some of us in some cases—of doing things right from that perspective. There are other sides to it, though. As a customer, it was frustrating in the extreme to—and I mean, no offense by this—to learn about this from you rather than from the provider themselves. They wound up putting up a security notification many hours after your blog post went up, which I would also just like to point out—and we spoke about it at the time and it was a pure coincidence—but there was something that was just chef's-kiss perfect about you announcing this on Andy Jassy's birthday. That was just very well done.Yoav: So, we didn't know about Andy's birthday. And it was—Corey: Well, I see only one of us has a company calendar with notable executive birthdays splattered all over it.Yoav: Yes. And it was also published around the time that AWS CISO was announced, which was also a coincidence because the date was chosen a lot of time in advance. So, we genuinely didn't know.Corey: Communicating around these things is always challenging because on the one hand, I can absolutely understand the cloud providers' position on this. We had a vulnerability disclosed to us. We did our diligence and our research because we do an awful lot of things correctly and everyone is going to have vulnerabilities, let's be serious here. I'm not sitting here shaking my fist, angry at AWS's security model. It works, and I am very much a fan of what they do.And I can definitely understand then, going through all of that there was no customer impact, they've proven it. What value is there to them telling anyone about it, I get that. Conversely, you're a security company attempting to stand out in a very crowded market, and it is very clear that announcing things like this demonstrates a familiarity with cloud that goes beyond the common. I radically changed my position on how I thought about Orca based upon these discoveries. It went from, “Orca who,” other than the fact that you folks have sponsored various publications in the past—thanks for that—but okay, a security company. Great to, “Oh, that's Orca. We should absolutely talk to them about a thing that we're seeing.” It has been transformative for what I perceive to be your public reputation in the cloud security space.So, those two things are at odds: The cloud provider doesn't want to talk about anything and the security company absolutely wants to demonstrate a conversational fluency with what is going on in the world of cloud. And that feels like it's got to be a very delicate balancing act to wind up coming up with answers that satisfy all parties.Yoav: So, I just want to underline something. We don't do what we do in order to make a marketing stand. It's a byproduct of our work, but it's not the goal. For the Orca Security Research Pod, which it's the team at Orca which does this kind of research, our mission statement is to make cloud security better for everyone. Not just Orca customers; for everyone.And you get to hear about the more shiny things like big headline vulnerabilities, but we also have very sensible blog posts explaining how to do things, how to configure things and give you more in-depth understanding into security features that the cloud providers themselves provide, which are great, and advance the state of the cloud security. I would say that having a cloud vulnerability is sort of one of those things, which makes me happy to be a cloud customer. On the one side, we had a very big vulnerability with very big impact, and the ability to access a lot of customers' data is conceptually terrifying. The flip side is that everything was mitigated by the cloud providers in warp speed compared to everything else we've seen in all other elements of security. And you get to sleep better knowing that it happened—so no platform is infallible—but still the cloud provider do work for you, and you'll get a lot of added value from that.Corey: You've made a few points when this first came out, and I want to address them. The first is, when I reached out to you with a, “Wow, great work.” You effectively instantly came back with, “Oh, it wasn't me. It was members of my team.” So, let's start there. Who was it that found these things? I'm a huge believer giving people credit for the things that they do.The joy of being in a leadership position is if the company screws up, yeah, you take responsibility for that, whether the company does something great, yeah, you want to pass praise onto the people who actually—please don't take this the wrong way—did the work. And not that leadership is not work, it absolutely is, but it's a different kind of work.Yoav: So, I am a security researcher, and I am very mindful for the effort and skill it requires to find vulnerabilities and actually do a full circle on them. And the first thing I'll mention is Tzah Pahima, which found the BreakingFormation vulnerability and the vulnerability in CloudFormation, and Yanir Tsarimi, which found the AutoWarp vulnerability, which is the Azure vulnerability that we have not mentioned, and the Glue vulnerability, dubbed SuperGlue. Both of them are phenomenal researcher, world-class, and I'm very honored to work with them every day. It's one of my joys.Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured and fully managed with built in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: make your data sing.Corey: It's very clear that you have built an extraordinary team for people who are able to focus on vulnerability research. Which, on some level, is very interesting because you are not branded as it were as a vulnerability research company. This is not something that is your core competency; it's not a thing that you wind up selling directly that I'm aware of. You are selling a security platform offering. So, on the one hand, it makes perfect sense that you would have a division internally that works on this, but it's also very noteworthy, I think, that is not the core description of what it is that you do.It is a means by which you get to the outcome you deliver for customers, not the thing that you are selling directly to them. I just find that an interesting nuance.Yoav: Yes, it is. And I would elaborate and say that research informs the product, and the product informs research. And we get to have this fun dance where we learn new things by doing research. We [unintelligible 00:18:08] the product, and we use the customers to teach us things that we didn't know. So, it's one of those happy synergies.Corey: I want to also highlight a second thing that you have mentioned and been very, I guess, on message about since news of this stuff first broke. And because it's easy to look at this and sensationalize aspects of it, where, “See? The cloud providers security model is terrible. You shouldn't use them. Back to data centers we go.” Is basically the line taken by an awful lot of folks trying to sell data center things.That is not particularly helpful for the way that the world is going. And you've said, “Yeah, you should absolutely continue to be in cloud. Do not disrupt your cloud plan as a result.” And let's be clear, none of the rest of us are going to find and mitigate these things with anything near the rigor or rapidity that the cloud providers can and do demonstrate.Yoav: I totally agree. And I would say that the AWS security folks are doing a phenomenal job. I can name a few, but they're all great. And I think that the cloud is by far a much safer alternative than on-prem. I've never seen issues in my on-prem environment which were critical and fixed in such a high velocity and such a massive scale.And you always get the incremental improvements of someone really thinking about all the ins and outs of how to do security, how to do security in the cloud, how to make it faster, more reliable, without a business interruptions. It's just phenomenal to see and phenomenal to witness how far we've come in such a relatively short time as an industry.Corey: AWS in particular, has a reputation for being very good at security. I would argue that, from my perspective, Google is almost certainly slightly better at their security approach than AWS is, but to be clear, both of them are significantly further along the path than I am going to be. So great, fantastic. You also have found something interesting over in the world of Azure, and that honestly feels like a different class of vulnerability. To my understanding, the Azure vulnerability that you recently found was you could get credential material for other customers simply by asking for it on a random high port. Which is one of those—I'm almost positive I'm misunderstanding something here. I hope. Please?Yoav: I'm not sure you're misunderstanding. So, I would just emphasize that the vulnerability again, was found by Yanir Tsarimi. And what he found was, he used a service called Azure Automation which enables you essentially to run a Python script on various events and schedules. And he opened the python script and he tried different ports. And one of the high ports he found, essentially gave him his credentials. And he said, “Oh, wait. That's a really odd port for an HTTP server. Let's try, I don't know, a few ports on either way.” And he started getting credentials from other customers. Which was very surprising to us.Corey: That is understating it by a couple orders of magnitude. Yes, like, “Huh. That seems sub-optimal,” is sort of like the corporate messaging approved thing. At the time you discover that—I'm certain it was a three-minute-long blistering string of profanity in no fewer than four languages.Yoav: I said to him that this is, like, a dishonorable bug because he worked very little to find it. So it was, from start to finish, the entire research took less than two hours, which, in my mind, is not enough for this kind of vulnerability. You have to work a lot harder to get it. So.Corey: Yeah, exactly. My perception is that when there are security issues that I have stumbled over—for example, I gave a talk at re:Invent about it in the before times, one of them was an overly broad permission in a managed IAM policy for SageMaker. Okay, great. That was something that obviously was not good, but it also was more of a privilege escalation style of approach. It wasn't, “Oh, by the way, here's the keys to everything.”That is the type of vulnerability I have come to expect, by and large, from cloud providers. We're just going to give you access credentials for other customers is one of those areas that… it bugs me on a visceral level, not because I'm necessarily exposed personally, but because it more or less shores up so many of the arguments that I have spent the last eight years having with folks are like, “Oh, you can't go to cloud. Your data should live on your own stuff. It's more secure that way.” And we were finally it feels like starting to turn a cultural corner on these things.And then something like that happens, and it—almost have those naysayers become vindicated for it. And it's… it almost feels, on some level, and I don't mean to be overly unkind on this, but it's like, you are absolutely going to be in a better security position with the cloud providers. Except to Azure. And perhaps that is unfair, but it seems like Azure's level of security rigor is nowhere near that of the other two. Is that generally how you're seeing things?Yoav: I would say that they have seen more security issues than most other cloud providers. And they also have a very strong culture of report things to us, and we're very streamlined into patching those and giving credit where credit's due. And they give out bounties, which is an incentives for more research to happen on those platforms. So, I wouldn't say this categorically, but I would say that the optics are not very good. Generally, the cloud providers are much safer than on-prem because you only hear very seldom on security issues in the cloud.You hear literally every other day on issues happening to on-prem environments all over the place. And people just say they expect it to be this way. Most of the time, it's not even a headline. Like, “Company X affected with cryptocurrency or whatever.” It happens every single day, and multiple times a day, breaches which are massively bigger. And people who don't want to be in the cloud will find every reason not to be the cloud. Let us have fun.Corey: One of the interesting parts about this is that so many breaches that are on-prem are just never discovered because no one knows what the heck's running in an environment. And the breaches that we hear about are just the ones that someone had at least enough wherewithal to find out that, “Huh. That shouldn't be the way that it is. Let's dig deeper.” And that's a bad day for everyone. I mean, no one enjoys those conversations and those moments.And let's be clear, I am surprisingly optimistic about the future of Azure Security. It's like, “All right, you have a magic wand. What would you do to fix it?” It's, “Well, I'd probably, you know, hire Charlie Bell and get out of his way,” is not a bad answer as far as how these things go. But it takes time to reform a culture, to wind up building in security as a foundational principle. It's not something you can slap on after the fact.And perhaps this is unfair. But Microsoft has 30 years of history now of getting the world accustomed to oh, yeah, just periodically, terrible vulnerabilities are going to be discovered in your desktop software. And every once a month on Tuesdays, we're going to roll out a whole bunch of patches, and here you go. Make sure you turn on security updates, yadda, yadda, yadda. That doesn't fly in the cloud. It's like, “Oh, yeah, here's this month's list of security problems on your cloud provider.” That's one of those things that, like, the record-scratch, freeze-frame moment of wait, what are we doing here, exactly?Yoav: So, I would say that they also have a very long history of making those turnarounds. Bill Gates famously did his speech where security comes first, and they have done a very, very long journey and turn around the company from doing things a lot quicker and a lot safer. It doesn't mean they're perfect; everyone will have bugs, and Azure will have more people finding bugs into it in the near future, but security is a journey, and they've not started from zero. They're doing a lot of work. I would say it's going to take time.Corey: The last topic I want to explore a little bit is—and again, please don't take this as anyway being insulting or disparaging to your company, but I am actively annoyed that you exist. By which I mean that if I go into my AWS account, and I want to configure it to be secure. Great. It's not a matter of turning on the security service, it's turning on the dozen or so security services that then round up to something like GuardDuty that then, in turn, rounds up to something like Security Hub. And you look at not only the sheer number of these services and the level of complexity inherent to them, but then the bill comes in and you do some quick math and realize that getting breached would have been less expensive than what you're spending on all of these things.And somehow—the fact that it's complex, I understand; computers are like that. The fact that there is—[audio break 00:27:03] a great messaging story that's cohesive around this, I come to accept that because it's AWS; talking is not their strong suit. Basically declining to comment is. But the thing that galls me is that they are selling these services and not inexpensively either, so it almost feels, on some level like, shouldn't this on some of the built into the offerings that you folks are giving us?And don't get me wrong, I'm glad that you exist because bringing order to a lot of that chaos is incredibly important. But I can't shake the feeling that this should be a foundational part of any cloud offering. I'm guessing you might have a slightly different opinion than mine. I don't think you show up at the office every morning, “I hate that we exist.”Yoav: No. And I'll add a bit of context and nuance. So, for every other company than cloud providers, we expect them to be very good at most things, but not exceptional at everything. I'll give the Redshift example. Redshift is a pretty good offering, but Snowflake is a much better offering for a much wider range of—Corey: And there's a reason we're about to become Snowflake customers ourselves.Yoav: So, yeah. And there are a few other examples of that. A security company, a company that is focused solely on your security will be much better suited to help you, in a lot of cases more than the platform. And we work actively with AWS, Azure, and GCP requesting new features, helping us find places where we can shed more light and be more proactive. And we help to advance the conversation and make it a lot more actionable and improve from year to year. It's one of those collaborations. I think the cloud providers can do anything, but they can't do everything. And they do a very good job at security; it doesn't mean they're perfect.Corey: As you folks are doing an excellent job of demonstrating. Again, I'm glad you folks exist; I'm very glad that you are publishing the research that you are. It's doing a lot to bring a lot I guess a lot of the undue credit that I was giving AWS for years of, “No, no, it's not that they don't have vulnerabilities like everyone else does. It just that they don't ever talk about them.” And they're operationalizing of security response is phenomenal to watch.It's one of those things where I think you've succeeded and what you said earlier that you were looking to achieve, which is elevating the state of cloud security for everyone, not just Orca customers.Yoav: Thank you.Corey: Thank you. I really appreciate your taking the time out of your day to speak with me. If people want to learn more, where's the best place they can go to do that?Yoav: So, we have our website at orca.security. And you can reach me out on Twitter. My handle is at @yoavalon, which is @-Y-O-A-V-A-L-O-N.Corey: And we will of course put links to that in the [show notes 00:29:44]. Thanks so much for your time. I appreciate it.Yoav: Thank you, Corey.Corey: Yoav Alon, Chief Technology Officer at Orca Security. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, or of course on YouTube, smash the like and subscribe buttons because that's what they do on that platform. Whereas if you've hated this podcast, please do the exact same thing, five-star review, smash the like and subscribe buttons on YouTube, but also leave an angry comment that includes a link that is both suspicious and frightening, and when we click on it, suddenly our phones will all begin mining cryptocurrency.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

The Digital Story Photography Podcast
Mother's Day and Other Great Family Photos - TDS Photo Podcast

The Digital Story Photography Podcast

Play Episode Listen Later May 3, 2022 31:37


This is The Digital Story Podcast #841, May 3, 2022. Today's theme is "Mother's Day and Other Great Family Photos" I'm Derrick Story. Opening Monologue Some folks will be spending time with their family this weekend thanks to Mother's Day on Sunday. Generally speaking, Moms don't like having their picture taken. But I have a few tips for you in today's show that will not only help you get her in front of the camera, but will also ensure she looks great in the picture. I hope you enjoy the show.

The Creative Process Podcast
Donald Sultan · Artist

The Creative Process Podcast

Play Episode Listen Later May 2, 2022


Artist Donald Sultan rose to prominence in the late 1970s as part of the “New Image” movement. Sultan has challenged the boundaries between painting and sculpture throughout his career. Using industrial materials such as roofing tar, aluminum, linoleum and enamel, Sultan layers, gouges, sands and constructs his paintings—sumptuous, richly textured compositions often made of the same materials as the rooms in which they are displayed. He lives and works in New York City.“I always feel that you can never fail if you don't know what you're doing. The best work is what you do when you don't know what you're doing…A lot of the images that have struck me, that I get drawn to, a lot of them were from painting. Some of them were from early movies. Some of them were from places I visited, but mostly gardens or wild gardens that had things in them I'd never seen before, and then learning what that was when I'd been working on it. Generally speaking most of what I do had to do with my feelings about other artists work that I admired. A lot of the industrial materials that are use, floor tiling and things like that came from site specific artists, sculptors, people who built into the buildings, Arte Povera. Using works that were just found, the poor materials, that kind of thing. Tar I kind of got from working in my fathers tire shop with the grinding of the rubber and so on. Things come together and I wasn't even aware of it until people start asking me about it. I remember telling them about this man, being in black room with all this rubber, smoking Camels. It was a very cool image. I'll never forget the guy, but when I was doing it myself, that's not what I was thinking. I was really thinking about the materials I was using and inverting them.”· donaldsultanstudio.com· ryanleegallery.com · www.creativeprocess.info · www.oneplanetpodcast.org

Middle Market Mergers and Acquisitions by Colonnade Advisors
MM M&A 026: Industry spotlight – F&I Agencies & Payment Plans

Middle Market Mergers and Acquisitions by Colonnade Advisors

Play Episode Listen Later May 2, 2022 34:54


This episode continues with our “industry spotlight series” where we focus on specific trends and opportunities in middle-market M&A transactions. Our previous episodes have covered four industries in which Colonnade has played a significant role as an M&A advisor to both buy-side and sell-side clients. We add F&I Agencies & Payment Plan Providers as industries where we deeply know the dynamics and players so as to provide exceptional service to clients who hire us to assist them in a transaction. Colonnade has studied the F&I Agencies and Payment Plan Provider markets for the last 20+ years. We have worked on nearly 30 M&A transactions on the buy-side and the sell-side. We have gotten to know the industry players and the buyers. We've identified some high-opportunity M&A plays that could help to drive even more value, scale, and customer satisfaction in the industry. Spotlight on F&I Agencies (1:00) In this first part of our episode, we answer the following questions: Where do F&I agencies sit in the F&I ecosystem? (1:00) What does a typical F&I agency look like? (7:00) What is going on in terms of M&A and what are the value drivers in the industry? (9:00) What is driving M&A transactions right now and what are some potential M&A plays? (12:00) Where do F&I agencies sit in the F&I ecosystem and what value do they provide? (1:00) Gina: Between the F&I administrators and the F&I office and the dealership, there are F&I agencies. They are independent agencies with independent agents. They are like insurance agents. They bring together the product administrators and the dealers.  Gina:  The agents have deep knowledge about the products they represent. They can train the F&I office on those products and how to sell the products. They also act as the middle man or the interface with the administrator. They are one distribution arm for the administrators, which makes them critical in the ecosystem. They are a valuable component of the overall F&I ecosystem. Jeff: The F&I agency is a particular point in the value chain. It's a differentiator. Some administrators sell to dealers through a direct sales force, others use F&I agents.  Gina: There are administrators who go direct to dealers, but most administrators also use independent agents. They may have a direct sales force, but they have independent agents also. The only sector where that seems to not always be the case is selling into independent dealerships. You tend to see more direct agents that are employed by the administrators selling into the independent dealerships. Gina: An important component of what the agents do is help the dealership with reinsurance. Reinsurance is an important component of a dealership owner's profits. For every contract, every F&I product that is sold, there is a reserve set aside for future claims. F&I agents are usually very fluid and educated in talking about reinsurance and making sure that the dealership has the right reinsurance programs. So they deal with reinsurance, they do training on products, they do training on how to sell products. They sometimes help with staffing in the F&I office, and they'll help with some of the technology that is between the F&I office and the administrator. Gina: F&I represents a third of a dealership's profits. Everybody within the organization and affiliated with the organization is going to make sure that F&I runs smoothly. What does a typical F&I agency look like? (7:00) Gina: There are well over 100 independent agencies, and approximately 75%-80% of F&I agencies are less than 10 employees. There are very few large agencies. There are a few that are scaling, but there really aren't many. There is only one national agency that comes to mind and that's Vanguard (owned by Spectrum Automotive). Vanguard has been very acquisitive in building out its agent network. We also see Brown & Brown, which is a P&C insurance brokerage. They've been acquiring F&I agencies over the last few years. I don't know if they have a national footprint yet, but they're probably getting pretty close. And then you have acquired a lot of small agencies. ​​Jeff: The Brown & Brown example is an interesting one that we've watched over the last five to six years as they've entered the industry. We've always thought their participation in the F&I agency world makes a lot of sense, given the parallels to the P&C distribution market. What is going on in terms of M&A and what are the value drivers in the industry? (9:00) Gina: We think that the M&A market for F&I agencies will continue to be hot in 2022. (See Gina's cover article in Agent Entrepreneur, 2022 M&A Predictions for F&I Agents) Agent value is driven by a couple of different factors. One is diversification. One of the challenges for these small agencies, just like any small company, is having all of their eggs in one basket. An F&I agency may have one dealership group that represents 40% of sales. That is a gating factor to trading and getting the highest possible value. Agencies that have significant concentration, which I call greater than 15%, trade at a lower multiple than agencies that have little concentration. Another value driver is size. We look at the number of W-2 employees (as well as financials). Jeff:  Important when you go to sell these companies: Who owns the dealer relationships? And what's the risk of attrition in a transaction? Gina: A lot of diligence needs to be done in these transactions to really understand the nitty-gritty of who, not just on paper but in practice, owns the relationships. What is driving the M&A transactions right now and what are some potential M&A plays? (12:00) Jeff: It sounds like an industry that could be rolled up further. Following the playbook of the P&C insurance distribution market, you got a lot of mom and pops out there and a few large players.  Gina: Both Brown & Brown and Vanguard Dealer Services (Spectrum Automotive) are rolling up agencies. The rest of M&A activity we see is not a roll up, but administrators buying agencies. National Autocare and Portfolio Group have been very inquisitive. There are many other administrators who bought one, two, three agencies, as they attempt to lock in their distribution channels.  Gina:  There should be another roll up of F&I agencies. There should be a private equity firm that's coming in here saying, “I'm going to put a hundred, $150 million to work and we're going to leverage it. And we're going to buy up 20 F&I agencies. We're going to make a super-agency with national coverage.” That could be uber-successful for everybody involved. It just hasn't happened yet. Jeff: The folks that are acquiring are paying pretty high multiples, and that's a challenge. Any new entrant would have to go in and go big pretty quickly. They'd have to find a platform that they can scale and put a lot of capital to work while holding their nose as they pay big prices upfront. Gina: A lot of the M&A activity we have seen is with an older generation that is retiring. There's also some leakage happening where the younger, talented, hungrier F&I agents are like, “I get it, I can do this.” They leave and go start their own agency. I think we'll see that next-generation starting to trade in about a year or two. Gina: I have one last point I want to cover about F&I agency M&A: what's driving the activity. First of all, there's a lot of money looking for deals. There are private equity firms backing administrators that need to grow inorganically. But we also see a lot of M&A activity at the dealership level. They're getting bigger. Big dealership groups are buying up other dealers, independent shops, and dealership groups.  Every time one of those transactions happens, the agent that represents the target dealership is at risk of losing that client. Dealership M&A is driving F&I agency M&A. I think that this is the question that keeps a lot of agents up at night: Are they one or several M&A transactions away from losing a significant portion of their relationships and their livelihood? Spotlight on Payment Plan Providers (18:00) In this second part of our episode, we answer the following questions: How do payment plan providers add value to the auto F&I sector? (18:00) How big is the industry and who are the biggest players? (23:00) Why are payment plan providers a favorite industry of Colonnade? (25:00) What is going on in terms of M&A and what are the value drivers in the industry? (29:00) How do payment plan providers add value to the auto F&I sector? (18:00) Jeff: Payment plan companies came out of the ground around 20 years ago. They started as an offshoot of the insurance premium finance market, which we've talked about in a previous podcast. Fundamentally, this market is designed to help consumers purchase F&I products cost-effectively. Whether you're in a dealership (point of sale) and the F&I person says, “This VSC is going to cost you $3,000” or whether you get a piece of mail about an extended auto warranty (aftermarket), once you get sold on buying the coverage, the questions is always: Do you want to write a check for three grand or do you want to finance it over two or three years?  In most cases, the VSC/extended auto warranty gets financed. That's where these payment plan companies come in. Jeff: At the dealership (point of sale), the payment for an F&I product typically gets rolled into the auto loan. It's just one of the line items in the auto loan, and you (as the consumer) pay it off as you go. There are some payment plan providers that focus on point of sale at the dealership, allowing a consumer to finance the product outside the auto loan. In the aftermarket, which is really where we see these payment plans flourish, it's a different dynamic. If you're on the phone with a direct marketer and you agree to buy the coverage, you can put 10% down and pay over 18 or 36 months, depending on the payment plan. Interestingly, they're interest-free and cancelable at any time. And as you continue to drive your car and assess the usefulness of the product, you can cancel it at any time. If you cancel it, all you do is call up the seller or the administrator and say, “I want to cancel my payment plan.”  In that case, you get a portion of your money back (the unearned premium). It works in a similar way to the insurance premium finance market. The contract is earned over the life of the product. If it's a five-year product and you're one year into it, you might get 80% of the money back. The payment plan company is indifferent because it will just get their pro rata share back from the administrator and seller. The seller will sell the product to the consumer, and if they attach financing to it, the seller will collect the 10 or 15% down payment. The payment plan company will insert themselves and front the rest of the money to the administrator and to the seller. The administrator has to front some money to the CLIP (1) provider, but the revenue to the seller and the admin fee gets fronted by the payment plan company. Jeff: Our Industry Report on this sector goes into much more detail about the industry. How big is the industry and who are the biggest players (23:00) Jeff: We estimate this is about a $5 billion a year originations market. There's not good data. We've done a number of studies over the years and think that's the size of the market. It grows with auto sales and the adoption of products. It's grown considerably over the last several years. There are probably 10 independent players in the market. There are just a small handful of large players. The biggest players are PayLink, which is owned by Fortress and Milestone. Walco is the next biggest, and they're growing nicely. This is the Walder team that previously ran Mepco and Omnisure, and they've started up a new finance company that's growing quite rapidly. Mepco is a large player, they're top three, that's owned by Seabury. There are other smaller players like Budco, Line 5. Service Payment Plan is a big company in the dealer space, again different dynamics but similar product offering. PayLink, Omnisure, and Mepco really dominate the aftermarket space. Folks like Service Payment Plan dominate the dealer (point of sale) channel. Why are payment plan providers a favorite industry of Colonnade? (25:00) Gina: I love the payment plan business because it is so low-risk. What the payment plan companies do is hold a cash reserve on each funding in case the underlying consumer cancels. And that happens. There are a lot of cancellations in the direct consumer marketing of vehicle service contracts. As we've discussed before, it's not because the contracts are bad contracts, but it's because consumers actually have transparency. In the case of vehicle service contracts rolled into an auto loan, consumers don't get a breakout every month of the components of their auto loan that they're paying. They don't see that 80% of your auto loan payment is for the car, 10% is for the vehicle service contract, et cetera, cetera. But when a consumer is financing or using a payment plan for a vehicle service contract in the aftermarket, they have complete transparency as to what that cost is for. And if they decide as a household, they no longer need that product (they need to redeploy that payment to something else like their mortgage), they can cancel. The payment plan businesses have a cash reserve for this. So it is a very low risk business and has great returns. Jeff: Some of these companies have several hundred million dollars of portfolio and each contract starts out at $3,000 and burns down. These are very granular portfolios. You're not going to take a big loss on any particular contract. Unlike the insurance premium finance industry, the incidence or likelihood of fraud is negligible, and the risk here is quite low given the granularity. We like the short duration of these assets. We like the low loss rates. Generally, these transactions are priced at a 15% to 20% unlevered return. They're very high-yield. There's no credit risk. We're not doing anything with consumer credit risk.  We really don't care. We're just managing relationships with sellers and administrators. All those dynamics are favorable to this lending universe. I love this business. It's a niche industry, $5 billion is not the $50 billion commercial P&C market, but it's meaningful and growing. What is going on in terms of M&A and what are the value drivers in the industry? (29:00) Jeff: There really hasn't been much activity as there's a limited universe of players. Some of the administrators are vertically integrating and getting into the payment plan industry. We worked on the initial sale of Mepco to Independent Bank almost 20 years ago. We sold PayLink (which used to be called Warranty Finance Company) to Oxford Financial. It's now owned by Milestone and Fortress. Omnisure: Ed and Paul Walder started up that business from scratch and grew it to a couple hundred million dollars of receivables. We advised on the sale to Fortress.  PayLink and Omnisure merged in 2017 and put together two leading players in the industry. The other important transaction to mention is Seabury's acquisition of Mepco out of Independent Bank in 2017.  Most recently Walco has come out of the ground. Walco was started in early 2020 by Ed and Paul Walder again, starting up another competitor in the sector. They've grown considerably in recent years and are doing a great job building out that business. We don't see a ton of M&A activity per se, but it's a really interesting market. Part of the challenge from an M&A perspective is that there has not traditionally been a deep bank buyer universe of this product and that confounds me a bit. For all the reasons we mentioned, this is a really interesting, dynamic asset class. It's very similar to insurance premium finance, which has a number of large banks in the sector and a number that want to get into it.  The collateral structure looks very similar, except that payment plan providers have higher yields, higher return on assets, and even lower losses. And there's no fraud. I think there's a real opportunity for forward-thinking banks to embrace this asset class and do quite well with very little risk. (1) A CLIP is a commercial liability insurance product that covers the contractual obligations of the insured. A full reimbursement CLIP would indemnify the insured commercial entity for all monies it expends to fulfill a contractual commitment.   About the hosts Gina Cocking serves as the Chief Executive Officer of Colonnade Advisors. Gina began her career in investment banking at Kidder Peabody, was an analyst at Madison Dearborn Partners and an associate at J.P. Morgan & Co. She was the Chief Financial Officer of Cobalt Finance, a specialty finance company. She went on to become the Chief Financial Officer of Healthcare Laundry Systems, a private equity-backed company for which she oversaw the successful sale to a strategic acquirer. Gina served as the Line of Business CFO – Consumer Banking and Lending at Discover Financial Services. Gina serves on the Board of Directors of CIB Marine Bancshares, Inc. Gina received her BA in Economics and an MBA from the University of Chicago. Jeff Guylay is a Managing Director of Colonnade Advisors. Prior to joining Colonnade in 2000, Jeff was an investment banker at J.P. Morgan in the firm's Mergers & Acquisitions and Fixed Income Capital Markets groups in New York. He also spent several years in J.P. Morgan's Chicago office. Jeff has over 20 years of M&A and investment banking experience and has served as lead execution partner on over 25 M&A and financing transactions at Colonnade. Jeff received an MBA from Northwestern University's Kellogg Graduate School of Management and a Master of Engineering Management from the University's McCormick School of Engineering. Jeff received a BA from Dartmouth College and a BE from Dartmouth's Thayer School of Engineering.

The Dr. Kinney Show
72: How the FLÖKA App Is Changing the Way We Do Holistic Healthcare with Vanessa De Waal

The Dr. Kinney Show

Play Episode Listen Later May 2, 2022 22:24


Have you ever wished it was easier to gather all of your diet, lifestyle, and health information in one place?   As you may already know, this type of information is extremely important when it comes to holistic health practitioners. They need to look at the whole picture when it comes to your health, not just the problem area. In order to do that, they need all of your information.    Generally, this means patients are scrambling around trying to gather everything they need from multiple different apps or notebooks. It doesn't have to be this way though! We live in a time where technology is evolving every day which makes things like this much easier for the health practitioner and patients alike.    In this episode of The Dr. Kinney Show, I sat down with Vanessa De Waal to talk about how she found an easier way to integrate all of your health information so that you have easy access to everything you need in one place.   Vanessa is the founder of FLÖKA, a platform that helps practitioners heal patients faster by syncing them up with their patient's real-time lifestyle context. Vanessa holds a B.A. in Psychology and has made it her mission to help more women heal.   Tune in to hear more about FLÖKA, how it works, and how you can get started using it today for a more personalized health treatment plan.    Show notes available at www.drerinkinney.com/72   Resources Mentioned:  Get the FLÖKA app: www.floka.co   Follow FLÖKA on Instagram: https://www.instagram.com/flokalife/   I would love to connect on Facebook: https://www.facebook.com/DrKinneyND I would love to connect on Instagram: https://www.instagram.com/drkinney

friends on FIRE
#147 | How to save on your cell phone bill

friends on FIRE

Play Episode Listen Later May 2, 2022 35:14


The average person is paying $60-100 a month for a cell phone plan, but in reality, we think that's way too much!  Most people can get solid and reliable coverage for $25-40 a month. This is our advice for what to consider as you research and explore new cell phone plan options.  Do your research and decide what you need:Where do you live, and who has good coverage?  These days all carriers tend to have excellent coverage.  How much data do you need? For example, unlimited data usage versus are you OK with a cap on your data usage. What type of phone do you have or need?  How many lines do you need? Pre-paid plans vs. traditional cell phone bills Almost all carriers have cheaper plan options if you go with a “pre-paid” plan.  We explain what these plans are and why they cost less.Some of the best low-cost cell carriers out thereTheir offers are constantly changing, so when you're ready to look into things, you need to go and see who's offering what.  Even if we made a massive spreadsheet highlighting and comparing them all, someone's would change next month.  Consider offer stacking.  For example, you can sign-up through Rakuten for cashback or a sign-up bonus using a friend's referral link.  The best discount companies we have found include Visible, Cricket Wireless, Mint Mobile, GoogleFI, Tello, and pre-paid plan options with any of the big networks like Verizon and AT&T.Approaches for traveling internationallyPick up a local SIM card or rent a wifi hot spot while traveling. You can buy international time/packages through many previously mentioned carriers, but they can get quite pricey. So if you go this route, manage your data usage proactively while traveling!Top 3 takeaways:You're likely paying too much if you're paying more than $40 a month for your cell phone plan.Do a little bit of research or accept someone else's research and make a change to save money today.  Don't get sucked into clever marketing. Generally speaking, cell phone plans are a commodity product, and you'll get the same service from everyone.Show References:friends on FIRE episode #021 | Cell Phones and TV and Internet, Oh My!Visible referral link - first month is $5---Follow friends on FIRETwitterInstagramFacebookLinkedInLeave us a voicemail or text us: 404-981-3370eMail us at:  friendsonfiremm@gmail.comVisit our website: www.friendsonfire.org---Other LinksMaggie's Blog: Mostly Minimal LifeMike's Book: Your New Relationship with Money