Category Archives: Financial

Zoom 也要 IPO 了...

最近的資訊網路圈子 IPO 案子好多,其中一個比較值得注意的是 Zoom:「Zoom, a profitable unicorn, files to go public」。

這家公司不像 PagerDutyPinterest,這兩家是沒賺過錢就丟單子出來了,而 Zoom 是有賺錢還打算出來 IPO:

Zoom, which raised a total of $145 million to date, posted $330 million in revenue in the year ending January 31, 2019, a remarkable 2x increase year-over-year, with a gross profit of $269.5 million. The company similarly more than doubled revenues from 2017 to 2018, wrapping fiscal year 2017 with $60.8 million in revenue and 2018 with $151.5 million.

啊不過 Zoom 真的蠻好用的,一群人在不同地方要討論事情時,用電子白板或是分享畫面都還不錯... 這幾天跟不是資訊圈子的人在用也都有很正面的 feedback。

PagerDuty 向 SEC 遞出 S-1 了 (IPO)

在「pagerdutys-1.htm」這邊可以看到 PagerDuty 遞出 Form S-1 了,翻了一下 TechCrunch 也有報導:「PagerDuty just filed its S-1」。

PagerDuty 主要的服務是監控服務回報狀況後的後續流程,在組織大一點的公司會拿來用,不過不怎麼便宜... 印象中服務品質沒有拉開差距,而同質性的服務低他不少價錢。

有幾個數字可以看,先是估值:

PagerDuty was valued at $1.3 billion last fall when it closed on $90 million in Series D funding led by T. Rowe Price Associates and Wellington Management. Earlier backers Accel, Andreessen Horowitz and Bessemer Venture Partners also joined the round, which brought the company’s total funding to $173 million.

然後 VC 持股 55%:

According to the S-1, venture investors currently own about 55 percent of the company. Andreessen Horowitz owns the biggest stake, with 18.4 percent of its shares sailing into the IPO. Accel meanwhile owns 12.3 recent, Bessemer owns 12.2 percent, Baseline Ventures owns 6.7 percent, and Harrison Metal owns 5.3 percent.

以及獲利問題:

PagerDuty, which employed 500 employees as of last fall, has never been profitable according to its filing, which says it generated a net loss of $38.1 million for the fiscal year ended January 31, 2018. (It saw revenue of $79.6 million during the same period.)

S-1 文件裡有張圖裡也有相關的營運數字:

西班牙透過新法規限制 Uber 營業

包括 UberCabify 都受到新規範影響:「Ride-hailing companies suspend Barcelona services after new regulations」。

新規範限制乘客必須在上車前十五分鐘叫車:

The Catalan government ruled that ride-hailing services could only pick up passengers after a 15-minute delay from the time they were booked.

不是直接說你違法,而是用這個方式壓制隨叫隨到的服務... 這個方式應該會擴散到其他地區。

JPMorgan Chase 的 WePay 用的 MySQL 架構

看到「Highly Available MySQL Clusters at WePay」這篇講 WePayMySQL 的設計,本來以為是 WeChat 的服務,仔細看查了之後發現原來是 JPMorgan Chase 的服務...

架構在 GCP 上面,本來的 MySQL 是使用 MHA + HAProxy (patch 過的版本,允許動態改變 pool),然後用 Routes 處理 HAProxy 的 failover。

他們遇到的問題是 crash failover 需要至少 30 分鐘的切換時間,另外就是在 GCP 上面跨區時會有的 network partition 問題...

後續架構變得更複雜,讓人懷疑真的有解決問題嗎 XDDD

改用 GitHub 推出的 Orchestrator 架構,然後用兩層 HAProxy 導流 (一層放在 client side,另外一層是原來架構裡面的 load balancer),在加上用 Consul 更新 HAProxy 的資訊?

思考為什麼會有這樣設計 (考慮到金融體系的背景),其實還蠻有趣的...

Mastercard 對實體物品提供免費試用後的訂閱條款

Mastercard 規定在免費試用後 (實體物品),需要另外再讓使用者再同意一次才能開始收訂閱費用:「Free Trials Without The Hassle」。

The rule change will require merchants to gain cardholder approval at the conclusion of the trial before they start billing. To help cardholders with that decision, merchants will be required to send the cardholder – either by email or text – the transaction amount, payment date, merchant name along with explicit instructions on how to cancel a trial.

新聞一開始出來時其實讓蠻多人關注的,因為一堆網路服務都是靠這招... 所以 Mastercard 在文章後更新說明,目前只有實體物品套用這個規則:

*This blog was updated on January 17, 2019 to clarify that the rule change is applicable to physical products such as skincare, healthcare items etc.

Vultr 開始要收台灣的稅了...

這幾天收到 Vultr 的通知信,要收 5% 的稅了:

Dear Valued Client,

Vultr.com will start collecting a Value Added Tax (also known as VAT) for services provided after 2018 June 01 in order to comply with new Taiwan regulations. Beginning on 2018 July 1, your invoices will include an additional tax charge of 5% for customers who purchase electronic services in Taiwan. The tax is applied to comply with new Taiwan VAT legislation requiring non-residents who are providing "remote services" to begin collecting Taiwanese VAT on these services when they are provided to Taiwanese residents or persons who are not registered for VAT.

Affected customers need to submit their VAT ID to Vultr. If you don’t provide a business VAT ID, your account charges might increase.

If you have any questions about this upcoming change, please contact our support team today. Thank you again for being a customer!

The Vultr.com Team

從 2018 七月開始收...

加州打算強制規定新房子都要有太陽能...

加州打算直接從法律上規定從 2020 年開始的新房子都要有太陽能:「California set to become first US state requiring solar panels on new homes」。

The state’s Energy Commission is due to vote next week on new energy standards that would require virtually all new homes to be constructed with solar panels from 2020.

如果通過的話,從 20% 直接變成強制性的 100%:

Currently around 20 per cent of single-family homes are constructed with solar capacity built in, but if the new standards are approved as expected this proportion will rise sharply.

下個禮拜回來看看消息好了,這應該是蠻指標性的事情... 無論是在經濟上還是在環保題材上。

Ethereum Smart Contracts 裡的 PRNG

現代密碼學的安全性有很大一塊是基於亂數產生器 (RNG) 非常難被預測。如果這個前提不成立的話,利用亂數產生器產生出來的各種資訊都會被預測出來 (尤其是 Private Key)。

但真正的 RNG 需要靠硬體支援,而且產生速度很慢,一般都會使用 PRNG (Pseudorandom number generator) 產生。也就是「看起來」很亂的亂數產生器。

PRNG 通常是指在統計學上通過許多測試,像是在多種測試都是 Discrete uniform distribution,不需要防止有惡意人,可以從產生出的 PRNG 的值而推導出後續結果的用途。

在「Predicting Random Numbers in Ethereum Smart Contracts」這篇裡面,作者列出了一堆實做 Ethereum Smart Contracts 卻誤用 PRNG 的行為。

文章裡提到的問題都是因為 PRNG 拿著可被預測的資訊當作 entropy source (e.g. seed),而且提出來的範例都是拿 block 本身或衍生的資訊 (像是 block 的 hash) 來用:

  • PRNGs using block variables as a source of entropy
  • PRNGs based on a blockhash of some past block
  • PRNGs based on a blockhash of a past block combined with a seed deemed private
  • PRNGs prone to front-running

然後列了大量的程式碼當例子,建議有需要接觸的人看過一次,或是有時間的人都值得看這些負面範例... XDDD

不過作者在文章裡面也給了一堆有問題的方法,像是從外部網站取得亂數之類的 XDDD

正確的方法是使用 CSPRNG (Cryptographically secure pseudorandom number generator),這是專門設計給密碼學用的 PRNG。

CSPRNG 有幾種方法可以取得:

  • 在大多數的程式語言內都有對應的 library 可以用,另外在比較近代的瀏覽器內 (如果問 IE 的話,是 11+),可以透過 RandomSource.getRandomValues() 得到。
  • 如果打算自己搞底層而需要直接取得 CSPRNG 的產出,在 Unix-like 的環境下可以透過 /dev/urandom 取得,在 Microsoft Windows 下則可以透過 CryptGenRandom 取得。

別學作者那邊奇怪方法啊 XDDD

Stripe 也宣佈要停止支援 Bitcoin 了

Stripe 發了公告出來,要停止支援 Bitcoin:「Ending Bitcoin Support」。預定保留三個月的緩衝期,在 2018 年 4 月 23 日停掉:

Over the next three months we will work with affected Stripe users to ensure a smooth transition before we stop processing Bitcoin transactions on April 23, 2018.

跟其他單位停用的原因都差不多,愈來愈慢的交易速度與愈來愈高的手續費:

Transaction confirmation times have risen substantially; this, in turn, has led to an increase in the failure rate of transactions denominated in fiat currencies. (By the time the transaction is confirmed, fluctuations in Bitcoin price mean that it’s for the “wrong” amount.) Furthermore, fees have risen a great deal. For a regular Bitcoin transaction, a fee of tens of U.S. dollars is common, making Bitcoin transactions about as expensive as bank wires.

Steam 當時的理由很類似... (參考「Steam 停止使用 Bitcoin 購買遊戲」)

Intel CEO 做的真不錯 XDDD

在發生爆發前一個月把自家 Intel 的股票賣到最低限度 XDDD:「Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock」,引用的新聞是「Intel's CEO Just Sold a Lot of Stock」:

On Nov. 29, Brian Krzanich, the CEO of chip giant Intel (NASDAQ:INTC), reported several transactions in Intel stock in a Form 4 filing with the SEC.

所以十一月底的時候賣掉... 只保留 CEO 最低限額 250 張:

Those two transactions left Krzanich with exactly 250,000 shares -- the bare minimum that he's required to hold as CEO.

來看看獲利會不會被追回 XDDD