EXCLUSIVE INTERVIEW

Startup, Know Thyself: Q&A With Sierra Ventures Managing Director Tim Guleri

In this business climate, the road to striking a venture capital deal is difficult for both funder and fundee. Small startups with big ideas obviously have a harder time finding VC firms willing to take a chance on them, but those VC firms themselves are under added pressure to make the correct decisions regarding where to put their limited resources.

In the case of Sierra Ventures, one of its latest bets is on a firm called “webappVM.” WebappVM is attempting a next-generation approach toapplication management that leverages cloud architecture ratherthan adapting a previous architecture that hinders cloud benefits.

WebappVM’s new approach works as a virtual layer without agents. Otherapproaches use a series of agents and management servers to achieveapplication management functionality. The minds behind webappVM believe the latter approach can disrupt the benefits ofmoving to the cloud: on-demand scaling, portability, low cost,self-service, etc. Instead, webappVM goes in as a virtual layer.

The E-Commerce Times spoke with Tim Guleri, managing director at SierraVentures, about the state of the tech VC marketplace today and ways in which new companies can catch the attention of venturecapitalists.

Guleri has led the firm’s investments and serves on the boards ofApprova, CodeGreen Networks, DotNetNuke, Everest Software (acquired by Trilogy), Greenplum, MakeMyTrip.com (in India), Sourcefire and CarWale (in India), among others. A serial entrepreneur,Guleri built two software infrastructure companiesbefore joining Sierra in 2001.

E-Commerce Times: How much more difficult is it to obtain seed money andsupplemental rounds of investment support in today’s economic climate?

Tim Guleri:

It’s a tough climate for companies to raise capital. Onereason is the macro financial markets have been very choppy. Andobviously the growth over the last couple of years fell off. The lasttime we saw this was after the 9/11 event. The second reason is thecapital which flows into venture capital funds was also at a lowpoint. So there is less capital coming in, and the market is in thedoldrums. This makes it a tough market. The balance is that greatentrepreneurs with well-thought-out business plans are still gettingfunded and are the kind of businesses that we scour the landscape for.

ECT: In light of what you’ve just said, how different is therole of providing funding in today’s market?

Guleri:

We haven’t seen the process change much. We do the sameamount of due diligence and still call customers and prospects and tryto get confidence in the financial model that’s been presented to us.

I think it’s fair to say there is a little more time that’s availablefor us to make these investments from the venture capitalist’sstandpoint, so both sides– the entrepreneur and the venturecapitalists — can do more thorough work. I think the process canstill be very efficient, but at the end of the day, it all comes downto the idea and the team.

ECT: Does that hold true whether the applicant is an opensource company or another type of company? Are there differentqualifications depending on the type of business the applicant comesfrom?

Guleri:

Yes, precisely. Venture capitalists like to invest wherethe market is. There’s going to be correcting in a few years, so wetend to invest ahead of the market, so if you can get to us beforethese ideas become mainstream. We are looking for emerging trends andcompanies that have a sense of how to capitalize on these moderntrends.

So from that standpoint, new things that are affectingexisting architectures — like cloud computing, like a whole newgeneration of storage, like a whole new generation of databasearchitectures, a whole new generation of how you manage applicationsin the cloud — those are the kind of forward-looking trends that welike to pick up on early and then get behind.

ECT: If I were an open source vendor, would I have a leg upin getting considered for a VC money award?

Guleri

You would have a major step up over others if you were anopen source company. Open source used to be a bit of a misunderstoodbusiness model. Now it is something that has picked up good momentumand is something that VCs love to see.

ECT: Are you seeing more requests from open source startups,or is that still a sparse field?

Guleri:

It’s still a sparse field, and that’s a good thingbecause every discipline, be it software or hardware or data center, hasan open source project that knocks them to death. So consequently, whathappens is that the customers are not getting a value from a closedsource like a McAfee or Microsoft. They would rather look for an opensource company. And when that open source company gets to scale, thenthat open source company will come looking for money. So that fieldhasn’t become over-crowded. There are only a handful of companies thathave reached commercial status following open source

ECT: What advice would you give to a startup entrepreneur whois reaching out for VC support? Are there certain things that need tobe done, or are you just looking for something that is out of theordinary?

Guleri:

The first thing to do is get conviction around thecustomer ROI. The way to do that is to know the market and getconfidence in the market. So number one is product market. Number twois getting confidence in your financial model. This is where I tend todo a lot of work. I like to invest in companies that are efficient inservicing customers. I like a company to know how to develop thecompany and how to leverage that. So entrepreneurs need to be veryfocused on this early because the decision we make today about fundinga small company will be based on how do you go to market, how do youmarket and how much money do you need to raise.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Business

LinuxInsider Channels

OPINION

How Not To Do CX, Lenovo Style

Sometimes the world of smart technology innovations collides with the planet of dumb customer service provisions. That collision usually does not bode well for the customer.

In my case, that scenario is particularly true. I bought Lenovo’s Chromebook Duet 5 for an attractive price from a major national electronics store. In hindsight, that was a purchase I wish I could undo.

The Duet 5 is regarded in numerous reliable reviews as the best overall ChromeOS tablet/detachable computer available this year. Its larger screen and detachable full-size keyboard make a usable and fun tablet experience not available with pure Android devices.

For me, that accolade falls far short of reaching that mark. In fact, if your primary need for a Chromebook is to run Linux apps, think again about not buying Lenovo’s Duet 5. You might get a unit like mine that does not do Linux even though it is supposed to work. That failure is not considered a valid claim under Lenovo’s warranty.

I have become quite fond of Chromebooks. ChromeOS devices supplement my home office cadre of Linux computers. They link to my Android phone and its apps. I can run the same productivity apps and access their data directly on the Chromebook.

What fed my attraction to the Duet 5 is its logical follow-up to the very popular 10.1″ original Duet I bought a few years ago. The Duet line has a detachable keyboard and is a stand-alone ChromeOS tablet.

Putting want versus need aside, I debated the prospect of more productivity and convenience with a bigger screen at 400 nits, larger keyboard, and 8GB of RAM. I knew the manufacturer and the retail store as well as the product line. Or so I thought.

What could go wrong? Three things: a failed product, no support, and a warranty that also did not work!

Maybe One Too Many

The last thing I needed to buy was yet another Chromebook. Over the last few years, I have used four or five models from HP, Lenovo, and Asus.

The Duet 5 seemed to check all the boxes. As it turned out, the check mark fell out of the box for reliable tech support and customer service.

Nope, I could not return the computer. By the time I discovered its defective nature the undo window had closed.

I suppose this incident will nudge me to buy expensive add-on store warranties for less expensive electronic devices. Adding insult to injury, Lenovo tech support said the malfunction was “beyond the scope of the manufacturer’s one-year warranty.”

A final correspondence from Lenovo’s tech support told me that if I shipped the device to its repair facility, all the technicians would do is reset the unit to its original OS status and remove Linux.

Heck, I had already done the same thing twice.

Lenovo Buyers Beware

This account is not intended to be a product review. Rather, it tells what happens when corporate arrogance destroys the customer experience.

I usually write about business technology issues and open-source developments impacting the Linux OS. My reporting beat overlaps with e-commerce and customer relationship management (CRM) issues.

As a tech writer and product reviewer, I am used to manufacturers sending me top-of-their-line products in hopes of showing off their best wares. Marketing marvels often offer high-end configurations to curry consumers’ attention. They go out of their way to make sure the reviewer is fully satisfied.

Too bad that mentality does not always exist when lowly consumers are on the receiving end. But I was not using a loaner unit I would send back anyway, satisfied or not. I bought this model with no plans to review it. I just wanted to use it.

My personal experience hardened my resolve to not buy a Lenovo product going forward. Not because of a bad product encounter. Lenovo lost my customer loyalty because of shoddy customer service and no dedication to resolving my issue with a malfunctioning computer that they built.

The Gory Details

According to Lenovo’s ill-conceived logic, the warranty on Chromebooks does not cover user modifications. Since I activated the Linux partition, ran into a problem, removed the partition, and reinstalled Linux apps not there when I bought it, I was guilty of modifying the device.

To clarify, all Chromebooks require the user to turn on the Linux partition and install Linux apps. That is the same process for using Android apps on Chromebooks.

Chromebooks are built to run the ChromeOS and optionally to run in separate built-in containers Android and Linux software. Google certifies the hardware to ensure the software works.

The ChromeOS similarly enables users to access websites in a browser environment. An added option lets users access those web destinations to run application services within tabbed browser windows or as progressive web apps (PWAs) in their own isolated windows.

That is what Chromebooks are designed to do on any manufacturer’s hardware. Turning these built-in features on/off should not be construed as “modifying” the device.

Tech Support Hell

A few weeks after receiving the Duet 5, I experienced only an intermittent screen flickering issue. That cleared up after a system update. No worries. No concerns.

At that point I turned on the Linux partition and installed the same Linux apps that I use on my other lesser-endowed Chromebooks. Those devices worked fine with the same apps installed.

But the Lenovo Duet 5 froze after loading the Linux apps and running for a few minutes. Glitchy installations happen. So I did what is standard troubleshooting. I reset the ChromeOS to its original status. I then set up the Linux partition and sized it well beyond the Google-recommended minimum size.

Problem NOT solved. So I wiped the Linux partition again. This time, I installed a single Linux app one at a time looking for the culprit throwing the others out of whack. Every Linux app in isolation froze.

Lenovo tech support declined to investigate or test the hardware. The agents suggested finding an affiliated tech center to pursue a solution.

Stuck With No Options

I gladly would have done that. But the nearest such Lenovo repair center was across state lines some 150 miles away.

I reached out to the Google Chromebook support community for an alternative solution. A support person there had me run the “df command” in a Linux terminal to determine the physical health of the partition.

The readout from that diagnostic confirmed the device has a valid and working Linux container. That partially settled the question about the hardware. It did not, however, identify what other hardware issues might be involved.

The Google support forum tech then suggested I look for one or more dud packages by following the procedure outlined above. But, of course, I already did that several times.

Lousy Lessons Learned

If you plan to buy a Chromebook just to have easy access to selected Linux apps, seriously consider my experience. Maybe look elsewhere instead of the Duet 5. Numerous Chromebook alternatives exist.

Who knows? Maybe the Linux apps will work fine for you on your Duet 5. As I said, I have not had this situation on any other Chromebook product I use.

No doubt my experience was a gross anomaly. The aggravating part in all of this is that I will never know the cause.

But if you buy a Duet 5 from a retail outlet instead of directly from the manufacturer, be sure to confirm how that store honors the warranty. You now know how Lenovo honors its warranty.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.
Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
OSS NEWS

Coding Vulnerabilities, Linux Growth, FOSS Friction Cap Summer Highlights

Open Source

As IT workers continue their daunting job of protecting network users from bad guys, a few new tools might help stem the tide of vulnerabilities that continue to link open source and proprietary software.

Canonical and Microsoft reached a new agreement to make their two cloud platforms play nicer together. Meanwhile, Microsoft apologized to open-source software devs. But no apology was rendered for BitLocker locking out Linux users.

Let’s get caught up on the latest open-source software industry news.

New Open-Source Tool Helps Devs Spot Exploits

Vulnerability software platform firm Rezilion on August 12 announced the availability of its new open-source tool MI-X from the GitHub repository. The CLI tool helps researchers and developers quickly know if their containers and hosts are impacted by a specific vulnerability to shorten the attack window and create an effective remediation plan.

“Cybersecurity vendors, software providers, and CISA are issuing daily vulnerability disclosures alerting the industry to the fact that all software is built with mistakes that must be addressed, often immediately,” said Yotam Perkal, director of vulnerability research at Rezilion.

“With this influx of information, the launch of MI-X offers users a repository of information to validate exploitability of specific vulnerabilities, creating more focus and efficiency around patching efforts,” he added.

“As an active participant in the vulnerability research community, this is an impactful milestone for developers and researchers to collaborate and build together,” Perkal noted.

Current tools fail to factor in exploitability as organizations grapple with a litany of critical and zero-day vulnerabilities, and scramble to understand if they are affected by that vulnerability. It is an ongoing race to figure out the answer before a threat actor does.

To make this determination, organizations need to identify the vulnerability in their environment and ascertain if that vulnerability is truly exploitable to have a mitigation and remediation plan in place.

Current vulnerability scanners take too long to scan, do not factor in exploitability, and often miss it altogether. That is what happened with the Log4j vulnerability. The lack of tools gives threat actors a lot of time to exploit a flaw and do major damage, according to Rezilion.

The introduction of MI-X is the first of a series of initiatives Rezilion plans to foster a community around detecting, prioritizing, and remediating software vulnerabilities.

Linux Thrives, Along With Growing Security Woes

Recent data monitoring of more than 63 million computing devices across 65,000 organizations shows the Linux OS is alive and well within businesses.

New research from IT asset management software firm Lansweeper shows that even though Linux lacks the more widespread popularity of Windows and macOS, plenty of corporate devices run Linux operating systems.

Scanning data from more than 300,000 Linux devices across some 26,000 organizations, Lansweeper also uncovered the popularity of each Linux operating system depending on the total amount of IT assets managed by each organization.

The company released its finding August 4, noting that around 32.8 million people use Linux globally, with about 90% of all cloud infrastructure and almost all the world’s supercomputers being dedicated users.

Lansweeper’s research revealed CentOS is the most widely used (25.6%) followed by Ubuntu (20.8%) and Red Hat (15%). The company did not break out the percentages for users of the numerous other Linux OS distributions in use today.

Chart shows Linux devices by company size


Lansweeper suggested that businesses demonstrate a disconnect between using Linux for its enhanced security and proactively putting security processes in place.

Two recent Linux vulnerabilities this year — Dirty Pipe in March and Nimbuspwn in April — plus Lansweeper’s new data, show that when it comes to protecting what is under their own roof, businesses are going in blind.

“It’s our belief that most of the devices running Linux are business-critical servers, which are the desired target for cybercriminals, and logic shows that the larger the company grows, the more Linux devices there are that must be protected,” said Roel Decneut, chief strategy officer at Lansweeper.

“With so many versions and ways to install Linux, IT teams are having to grapple with the complexity of tracking and managing the devices as well as trying to keep them protected from cyberattacks,” he explained.

Since its launch in 2004, Lansweeper has been developing a software platform that scans and inventories all types of IT devices, installed software, and active users on a network. This allows organizations to centrally manage their IT.

BitLocker, Linux Dual Booting Not Perfect Together

Microsoft Windows users who want to install a Linux distribution to dual boot on the same computer are now between a technological rock and a Microsoft hard place. They can thank an increased use of Windows BitLocker software for the worsening Linux dual-booting dilemma.

Developers of Linux distros are fighting more challenges in supporting Microsoft’s full-disk encryption on Windows 10 and Windows 11 installations. Fedora/Red Hat engineers noted that the problem is worsened by Microsoft sealing the full-disk encryption key is sealed using the Trusted Platform Module (TPM) hardware.

Fedora’s Anaconda installer along with other Linux distribution installers cannot resize BitLocker volumes. The workaround is first resizing BitLocker volumes within Windows to create enough free space for the Linux volume on the hard drive. That useful detail is not included in what are often flimsy installation instructions for dual-booting Linux.

A related problem complicates the process. The BitLocker encryption key imposes another fatal restriction.

In order to unseal, the key must match the boot chain measurement in the TPM’s Platform Configuration Register (PCR). Using the default settings for GRUB in the boot chain for dual boot setups produces the wrong measurement values.

Users trying to dual boot then get dropped to a BitLocker recovery screen when trying to boot Windows 10/11, according to discussions of the problem on the Fedora mailing list.

Microsoft, Canonical: A Case of Opposites Attract

Canonical and Microsoft have tightened the business knot connecting them with the common goal of better securing the software supply chain.

The two software companies on August 16 announced that native .NET is now available for Ubuntu 22.04 hosts and containers. This collaboration between .NET and Ubuntu provides enterprise-grade support.

The support lets .NET developers install the ASP.NET and .NET SDK runtimes from Ubuntu 22.04 LTS with a single “apt install” command.

See full details here and watch this brief video for the update:

Microsoft Reverses Open-Source App Sales Ban

In what might well be the latest case of Microsoft opening its marketing mouth to insert its stumbling foot, the company recently upset software developers by implementing a ban on the sale of open-source software in its app store. Microsoft has since reversed that decision.

Microsoft had announced new terms for its app store to take effect July 16. The new terms stated that all pricing cannot attempt to profit from open source or other software that is otherwise generally available at no cost. Many software developers and re-distributors of free- and open-source software (FOSS) sell installable versions of their products on the Microsoft Store.

Redmond maintained its new restrictions would solve the problem of “misleading listings.” Microsoft claimed FOSS licenses permit anyone to post a version of a FOSS program written by others.

However, developers pushed back noting the problem is easily solved the same way regular stores solve it — through trademark names. Consumers can tell genuine sources of software products from third-party re-packagers with trademark rules that already exist.

Microsoft has since acquiesced by removing references to open-source pricing restrictions in its store policies. The company clarified that the previous policy was intended to “help protect customers from misleading product listings.”

More information is available in the Microsoft Store Policies document.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Software