[HN Gopher] Don't Talk to Corp Dev (2015) ___________________________________________________________________ Don't Talk to Corp Dev (2015) Author : tracyhenry Score : 109 points Date : 2021-05-14 18:38 UTC (4 hours ago) (HTM) web link (www.paulgraham.com) (TXT) w3m dump (www.paulgraham.com) | sabj wrote: | Points not covered in this piece, but worth noting: (1) If a | counterparty is interested in you, it can help accelerate | valuable partnerships you care about (2) You may want someone to | invest in you, not to buy you; or you may want them to invest in | you in the future | | Now, for CorpDev, a conversation about investment is always a | sliding scale... n% (invest) <--> 100% (buy you). But whether | it's from the corporate balance sheet or as a referral to the | corporate VC arm, there can be value there, and value in the | relationship building, depending on circumstances. | | As with so much, the risk is not knowing what you want and | getting carried along by the process -- lettings things "happen" | to you. If you have a conversation with corpdev, you're trading | some information and receiving some information. Is that ride | worth the price of admission? You have to decide based on the | circumstances. This piece has an edge that helps to provoke and | draw attention to the themes (don't let others shape the | narrative of your business engagement) and that's fine. | | There are places and indicators that a CorpDev conversation is | 200% M&A, and there are times when it has more BizDev dimensions. | Many companies want to develop partnerships first to determine if | a potential acquisition is accretive. And, those partnerships can | actually be valuable to small companies, even if there have | tricky strings that can trip you up. -\\_(tsu)_/- | rstephenson2 wrote: | I wonder how analogous this is to "don't talk to VC associates" | advice. Corp dev is interested in buying a company, any company, | at a low price but even once corp dev is sold they'll have to | sell the deal to someone who matters. People confuse "this corp | dev person is interested" with "this company is interested". | | If you're not actively looking to sell, _definitely_ don't bother | taking the meeting unless there's a champion high up who is | personally interested. | | Come to think of it, recruiters aren't all that far off this | either... | dalbasal wrote: | This is from 2015? Wow. My memory had it much earlier than that. | Feels like the world has changed a lot since then. | | I wonder if pg would revise the advice today, given how big M&A | has become. I suspect it's all still relevant, except that actual | deals are more common and prices are higher. That might change | the balance, but the general description of what you're dealing | with is still valid. | | Companies constantly flirting with acquisition though... I feel | like this sort of thing is _way_ more prevalent now. | Huiokko wrote: | Never heard of this and I'm not sure how common this is at all. | | Anyone else has experience with this? | capableweb wrote: | You mean you haven't heard of "corporate development" in | general or are you referring to something specific here? | tester756 wrote: | >Don't Talk to Corp Dev | | it sounds kinda edgy, especially that "corp dev" | | bonus points that "dev" seems to refer more often to "developer" | than "development" | davesque wrote: | I think I've really gotten into the habit of disagreeing with | Paul Graham's blogs lately but this one felt different. Felt like | a lot of practical, common sense advice that is just barely | beyond the horizon that most people consider. Of course, it won't | apply in every situation but it felt hard to disagree with the | overall sentiment. | | _Note:_ I say I 've been disagreeing with him lately and, of | course, this blog wasn't written "lately." So maybe that says | something. | kordlessagain wrote: | I'll disagree then because Corp Dev, like most tags, can mean | something else like a group at a corporation responsible for | strategic decisions to grow and restructure its business, | establish strategic partnerships, and/or achieve organizational | excellence. | diego wrote: | No, he's right on this one. Corporate Development means "the | group in charge of acquiring companies." I have never seen a | Corp Dev team that did anything else (and I have dealt with | quite a few including my company's acquisition). | jedberg wrote: | The only reason Corp Dev is establishing a partnership is | because they want to buy you but they aren't sure yet, so | it's like a trial. It's also a good way to convince you to | sell to them while also locking out competitors. | | If you have a partnership with Google, it makes a lot harder | for Amazon to buy you because first they have to unwind the | partnership. | pbhjpbhj wrote: | Re that last para. Amazon and Google could choose to share | the pie: it's want to, not have to, surely? | jedberg wrote: | It was just a contrived example. Imagine instead you have | a partnership with Amazon and then Walmart wants to buy | you. Both companies have made it clear they will never | work with each other. | | Either way, every deal, every partnership, every | contract, complicates an acquisition. The fewer you have | the more likely a deal is. By establishing a | relationship, one company can discourage others from | wanting to put in the effort of acquiring you. | sombremesa wrote: | Yep, this one is on the shortlist of YC advice that's useful to | founders. | | The list: - Launch now - Build something | people want - Do things that don't scale - Find the | 90 / 10 solution - Find 10-100 customers who love your | product - All startups are badly broken at some point | - Write code - talk to users - "It's not your money" | - Growth is the result of a great product not the precursor | - Don't scale your team/product until you have built something | people want - Valuation is not equal to success or even | probability of success - Avoid long negotiated deals with | big customers if you can - Avoid big company corporate | development queries - they will only waste time - Avoid | conferences unless they are the best way to get customers | - Pre-product market fit - do things that don't scale: remain | small/nimble - Startups can only solve one problem well | at any given time - Founder relationships matter more | than you think - Sometimes you need to fire your | customers (they might be killing you) - Ignore your | competitors, you will more likely die of suicide than murder | - Most companies don't die because they run out of money | - Be nice! Or at least don't be a jerk - Get sleep and | exercise - take care of yourself | scubbo wrote: | This was _precisely_ my reaction. "Life Is Short"[0] remains a | great piece that I return to time-and-again, but most of his | other stuff that I've read recently seems to miss the mark - | unlike this one. | | [0] http://www.paulgraham.com/vb.html | markus_zhang wrote: | This is a good one. I can immediately identify many | "bullshits" in work and life. But I then realize that the key | is that I need to have something to be passionate in so that | those time saved from bullshits can be used on them. | hemloc_io wrote: | Ha this reminds me of a video of Justin Kan talking about selling | Twitch to Amazon.[0] | | Most of the tactics in this blogpost by Paul G. show up in that | negotiation, include the 11th hour 20% off move. | | [0]https://www.youtube.com/watch?v=RwUA5i-QolY | breck wrote: | I think there are good perspectives in here that are accurate, | and worth the read for the perspectives, but I don't spot any | great advice. In other words, no pithy strategy that is testable. | Difference between the 2 explained here: | https://breckyunits.com/wisdom-a-tiny-language-for-great-adv.... | KryptoKlown wrote: | That is definitely a good article but I especially like the part | about haters | SquibblesRedux wrote: | I was courted by corp dev from a big public company. It was quite | an experience -- events, dinners, wine, private meetings, large | groups of the corp folks hanging on every word. They got pretty | pushy, demanding to know trade secrets to keep going with a | negotiation. At the end of it I pulled the plug because it was | clear they were not working in our interest. (The word "pillage" | comes to mind.) | | The experience was nice to have, but as the essay claims, it | ultimately was a poor use of time. | dalbasal wrote: | Time is cheap, relatively to focus, IMO. I think it takes a | pretty seasoned businessman to pursue or negotiate (even half- | seriously) an acquisition... and paying the "price" in time | only. | [deleted] | jchonphoenix wrote: | This is out of date. At this point, many larger corp dev teams | act like a recruiting team for acquisitions. They find leads and | pass them to VPs | jboydyhacker wrote: | No the advice is still spot on- acquihires are considered the | firesafe scenario he is referring to. | irrational wrote: | >"What happened to Don't be Evil?" I asked. "I don't think corp | dev got the memo," he replied. | | Why is it that every company that starts with good intentions | eventually succumbs and becomes that which they claimed to not | like? | duxup wrote: | When your metric is dollars... what else could happen? | arduinomancer wrote: | As my economics teacher repeated probably 20 times in one | semester: the purpose of a corporation is to increase | shareholder's wealth | pbhjpbhj wrote: | Your economics teacher was wrong. | | The purpose of a corporation is to fulfill their chosen | corporate mission. Corporations are no more bound to choose | financial accumulation _above all else_ than are any of the | people that form those corporations. | | Cooperatives and public interest companies are corporations, | for example. | pbhjpbhj wrote: | If you're genuinely asking: when companies get controlled by | greedy people then morals take a back seat compared to | financial gain (for those people). The greedy people have the | money, they can structure society using the power they have | because of it, they can corrupt others (who are also greedy) to | support them. The people whose ancestors weren't as greedy, or | lacked the violent capabilities to satisfy their greed, lack | the resources to oppose the greedy. The greedy people get | rewarded with more power to continue being greedier; they pass | on their moral outlook and power to those who are similarly | greedy. | | The pattern seems to be that after a lifetime of wealth | acquisition one buys a cloak of respectable benevolence by | donating a fraction of that wealth to good causes (which you'll | probably carefully choose to provide the best tax benefits and | as a marketing tool to help the next generation of super- | wealthy to get a good start). | | Any company prepared to be sold off, if profitable, will be | acquired by greedy people. | | People who want a quiet unassuming life living in harmony with | those around them don't acquire the wealth in the first place, | they have the morals to run companies for good, they don't have | the wealth to acquire them. | | Capitalism appeals to [immoral] greed, it's a natural successor | to feudalism. | uhhhhhhhhhhhhhh wrote: | Gates' Cloak | nineplay wrote: | I'm of the opinion that it's a mistake to think of companies as | anything other than machines that maximize profit. Positive | slogans, company values, donations to this cause or public | support for that cause - it's all there to generate good | feeling and thus maximize profit. | | I don't say that to be cynical, I think using that as a mental | model really clarifies how we should approach corporate | regulation. Saying a company "should" do this or that is no | more useful than saying my laptop "should" do this or that. | They will try to maximize profit, we ( the public) need to find | ways to make negative activity unprofitable. Hauling Mark | Zuckerberg in front of Congress doesn't do anything, we need to | get into the machine and change the way it works. | ska wrote: | > Why is it that every company that starts with good intentions | eventually succumbs | | There isn't much money in good intentions. | diamond_hands wrote: | For the same reason many companies software gets lower quality | over time. They grow and hire people who don't care. Everyone | who did care leaves to start their next company that cares. | Analemma_ wrote: | Evolution and survival of the fittest. On a long enough time | scale, all the companies which don't behave psychopathically | are outcompeted and replaced by the ones which do. | duxup wrote: | >If they can, corp dev people like to turn the tables on you. | They like to get you to the point where you're trying to convince | them to buy instead of them trying to convince you to sell. | | I worked for an established company (not a startup) and had a run | in with Wal-Mart. Wal-Mart managed to buy some stuff at an ultra | low discount because ... someone thought maybe if we get in there | we could sell tons to their IT team. | | Meanwhile I'm working with their IT guys. They hate the product. | They tell me in no uncertain terms and in every unprofessional | way you can imagine (that part was pretty shocking). Of course | what they're really doing is just buying the minimum and pounding | the hell out of support with complaints as they pump 20 gallons | into 10-gallon hat of our product. | | What happens? We keep providing them free services, extra | services. The folks at the top think they're at the tip of a big | sale, big money despite myself and others telling them "These | guys don't like our widget, they don't want it... and they're not | capable of even making good use of it. All while giving it to | them for free, why would they pay a dime more?" | | By the end I hear we've made like our 5th pitch to them that is | barely profitable for us... just on the face value of the product | and support. Somehow Wal-Mart convinced these guys to take a 'big | sale' moment and turn it into a loss if you consider all the time | put into working with them. And they were happy to do it. | | Finally we had a stroke of luck, we were acquired, and the new | CEO had worked with Wal-Mart before as a customer and cut them | lose. Finally all that effort and energy that went into this big | deal that never happened (probably for 18+ months) could be put | to use with better customers. | | It's amazing how some folks can over time convince other people | to actually propose a bad deal... for themselves. | vb6sp6 wrote: | Sometimes it isn't about the "big sale" but having the big | company on your list of customers. It can give your company a | lot of credibility. | duxup wrote: | I don't doubt it for a start up... but I also wonder what | value that is vs. 18 months of work and turn that into a deal | that is really a loss, and the customer struggles to use the | product ... and now you've got a big dominating customer who | is going to continue to eat up time ... | | I wonder how many profitable customers could be had in that | time. | bathtub365 wrote: | They aren't really your customer if they aren't either paying | you or otherwise hinging part of their own success on your | product. | vb6sp6 wrote: | They used the product (in our case). They just asked for | things that no one has wanted since. | quickthrower2 wrote: | I've worked at a small company constantly chasing large | customers. Let's say a middling customer deal was $50k. Pretty | much all profit. A large customer deal would be $500k, and need | $500k of very specific technical-debt inducing bespoke dev | work. I didn't know why they didn't grow the number of $50k | deals! | | Actually I know why. It was the "If we can get walmart it'll | lead to much more" mentality (but not walmart but similarly big | clients). | | Also the $500k deals took a long time to land. When budgeting, | whether the company made a profit or not would depend on a top | salesman landing such a deal, or not. | | What I notice is with larger deals and tenders the world was | more cutthroat, the competition was more fierce etc, a lot of | the "value" was from negotiating contracts and arguing over | deadlines and shit, not actually delivering a product. | lnanek2 wrote: | He actually didn't even cover one of the worst parts about the | whole process - fake buyers who just want to steal your tech. I | was working at a startup with a ground breaking product no one | had released before, we had shipped hundreds of prototypes and | gotten good reviews and had plenty of orders, but board redesigns | and setting up a factory assembly line for the production models | was eating into our cash and runway. A big company in an adjacent | space made it known they were willing to buy us. We set up a data | room, gave them tours of the office and technology, intros to all | the staff, and they liked everything they saw. Offer never came | through. A year later they announced they would be developing a | knock off. Entire process just seemed like a way to get internal | development info for their own clone they were starting | development on. | | Amusingly, I've seen this process go the other direction in the | finance world. Sometimes an employee will go out and interview | with another fintech company, pretend they are willing to jump | ship, and pick up as much information on how their competitor | works as they can at the fake job interview. Employee then | happily continues at the fintech startup with the extra | knowledge. | yjftsjthsd-h wrote: | Wouldn't acquisition talks be covered in NDAs to prevent | precisely this? | gnicholas wrote: | Most NDAs do include prohibitions on either disclosure of | information or use of information (for any purpose other than | the contemplated transaction). | | But some big SV companies refuse to include the second prong, | which means they won't tell anyone your secrets but are free | to use them to squash you. Intel's NDA is notorious for this. | bumbada wrote: | Who cares about NDAs when the company that breaks the law is | thousands of times bigger than your company. | | They have a football team of very good lawyers working full | time in order to delay things for years. | | You can be right and go broke just dealing in Courts and | distracting your company from your technical work. | Retric wrote: | The trick is not to sue them but to sell the right to sue | them to someone else. | ufmace wrote: | Possibly, but even if it's airtight, good luck with actually | filing a lawsuit about it, getting it through the courts, | getting a decision in your favor, and actually enforcing it | against a corp with a much bigger legal budget than you | before they eat you for breakfast in the market. | splistud wrote: | Sure. Creates a lot of nice evidence for you to present in | the lawsuit over the next decade (if you can afford it). | kjs3 wrote: | Absolutely. | | Now...can your more or less thinly financed startup litigate | against, say, Apple to enforce your rights? Because there's | no magical moment where you say "But NDA!" and the other side | says "Aw, you got us...here's your bags of money". | | That'd be Nope. | bsder wrote: | > A year later they announced they would be developing a knock | off. | | This normally doesn't worry me. | | What I normally see is: | | 1) company we're selling to gets snotty that we're charging too | much. | | 2) company sets up internal group to do what we do | | 3) company spends 3 years doing it--and then shuts it down | because it was soaking up money (gee ... ya think?) | | 4) company now comes back to us and we increase their prices | relative to what they had and their competitors | | If 3 guys and a dog can clone my work that easily, I'm doing | something trivial, and I'm about to be out of business anyway. | bumbada wrote: | This is a classic. | | It usually takes an experienced engineer a 15 minutes tour | around a building watching the machines to know exactly how you | have done anything. It takes years an millions of dollars for | your company to iterate on the specific layout, from the | infinite possibilities. | | I have seen so many derivatives of this system, like | courting/buying the gatekeeper with expensive gifts (laptops, | very cheap vacations) or compliments in order to gain access. | | It is relevant here to talk about what Apple did with DropBox. | They invited those guys to a tour around Apple HQ(probably with | bed sheets over machines), but Steve Jobs got angry when the | people of DropBox did not reciprocate and invited Apple folks | to a neutral place instead. | | It became clear Apple just wanted to know all the internals in | order to copy them strait, just with mountains of money. | sombremesa wrote: | Sometimes it doesn't even take a 15 minute tour, just some | office photos innocently tossed up on the about us page of a | company. | idbehold wrote: | Is there a reason he doesn't have HTTPS on his site? Firefox | throws up a giant warning when I try to visit. | tcgv wrote: | I actually sent him a cold e-mail in Nov/2020 on that matter to | which he promptly replied (in less than 1h) that his site "just | doesn't have https". So he's aware of that. IMHO it'd be a | small effort for improving his readers experience (and | security). | mistrial9 wrote: | side note - I have some misc content that is http today in 2021 | - I feel that the original HTML spec is better than modern web | in some ways, therefore I like sticking to http here and there, | when I chose, based on first principles | yjftsjthsd-h wrote: | Old HTML might be fine, but sending it over an insecure | connection isn't. | rsj_hn wrote: | These words "secure" and "insecure" when used as synonyms | for "encrypted" and "plaintext" obscure more than they | illuminate and have done a lot of damage to the world of | software security. They stop thought. You would not believe | how many times I've talked to a company with some complex | webapp and asked for their security policy and they respond | with some statement about using TLS. It's absurd. Then even | in books or standards, you are starting to see chapters | called "security/cryptography". As if encrypting something | was a type of security pixie dust. | | I am not trying to relitigate the battle of SSL's naming | scheme, that battle was lost, and now people associate | "security" with encryption. Who knows, maybe in the future | they will associate "security" with bitcoin. But it's | certainly not true that every plaintext connection is an | insecure connection in the sense of actual security. Not | everything needs to be or should be encrypted, and many | things obtain no benefit whatsoever from being encrypted. | rgj wrote: | In TLS context, "secure" and "insecure" don't just mean | (un)encrypted, but also whether the connection is | authenticated, i.e. whether you can be fairly sure you're | looking at the "real" website. This is a far more | important property of a site using https. | | Especially in a world full of disinformation, | authenticity and integrity of information are often a | much greater good than confidentiality. | rsj_hn wrote: | I understand what TLS does, but an argument that "we live | in a world of disinformation" is not a substitute for | having a well defined threat model and for many websites, | particularly sites that broadcast information or download | binaries which might already be signed or have hashes | distributed via alternate means, there does not need to | be a threat that requires TLS to address it. | | Like it or not, it is up to the information owner to | determine their threat model and which mitigations are | suitable for that threat model. If someone is | broadcasting a message containing information that is | public, they may not consider someone intercepting a | response and altering it to be a threat that needs | addressing, or they may consider alternate mitigations as | sufficient -- e.g. the fact that many people can | independently verify the information from different | sources. For the vast majority of sites, this is a | reasonable assumption. Just because _you_ may be worried | about this threat doesn 't mean the information owner | needs to be. Of course you as an information consumer | have your own threat model, and if you are really worried | about someone targeting you and altering http responses | sent to your browser, then you may not want to visit | unencrypted sites. That is also legitimate. The | information owner can't force their threat model on you | anymore than you can force yours on them. But words like | "secure" and "insecure" make sense only with respect to a | given threat model, they are not attributes of an http | connection. | enzanki_ars wrote: | Like others have said, I agree that stating that TLS does | not garuntee security. But, plain unencrypted HTTP does | mean insecure. | | For a good discussion into why _all_ websites should use | HTTPS, and the many different ways that not having the | connection secured is actively harmful and why should not | be done in the modern era. | | https://www.troyhunt.com/heres-why-your-static-website- | needs... | | Not having your site as HTTPS puts all of your website | visitors at risk. Even US ISPs like that of Comcast use | these very same practices to inject warnings into | insecure web traffic[0], some of which look more like | advertisements than warnings. And like mentioned in the | article, promises from ISPs not to use it for | advertisements are just that, promises, and those can be | broken in an instant. And when you have the power to | inject anything without notice, you can do anything and | everything with the website experience. You can attempt | to force a download, present scam pages that look like | antivirus warnings or software updates, one of the | easiest ways to have users fall for malware. | | We should _never_ expect regular non-technical users to | have all of their threat models in mind, nor should they | be expected to understand all of these differences. | Website owners should be expected to protect all of their | visitors as best as possible and one of the easiest ways | to start is by protecting their website with modern HTTPS | encryption. Otherwise, it would be like a chef leaving | the bones in a salmon before serving to a customer. You | could do leave them in, but a customer might not know | they are there and you have left a choking hazard. | | [0]: https://gizmodo.com/comcast-to-customer-who-noticed- | it-secre... | yjftsjthsd-h wrote: | I'm happy to agree that TLS doesn't guarantee security, | but plaintext HTTP _does_ guarantee insecurity. | [deleted] | orf wrote: | In the era of instant, free and stupidly easy to | configure TLS certificates why not just serve it over | HTTPS? | yellow_lead wrote: | Many read only sites don't have HTTPS. Firefox and other | browsers are at fault for saying it's insecure. | enzanki_ars wrote: | For a good discussion into why _all_ websites should use | HTTPS, I'd highly recommend this article. | | https://www.troyhunt.com/heres-why-your-static-website- | needs... | | Not having your site as HTTPS puts all of your readers at | risk. Even US ISPs like that of Comcast use this very same | practice to inject warnings into insecure web traffic[0]. And | like mentioned in the article, promises from ISPs not to use | it for advertisements are just that, promises, and those can | be broken in an instant. | | [0]: https://gizmodo.com/comcast-to-customer-who-noticed-it- | secre... | ilaksh wrote: | The reasons to use HTTPS on a blog or everywhere regardless of | whether there is data that needs to be secured are mainly to | fight against things like censorship or ISP surveillance. | | If you really don't think your website is going to be censored, | that leaves the problem of ISPs injecting content. Maybe he | doesn't feel that is a big problem, or that there is another | way to fight it. | | The big push for everything to be https is about making it hard | for governments or ISPs to say that some site or another should | be an exception. | | It's kind of like, wearing masks.. before the policy was that | everyone should wear a mask, best to keep it simple and not try | to make exceptions that way we will get the most adoption.. | except for sites like this, it's like you never actually talk, | and have been vaccinated so you are not worried about catching | anything and don't wear a mask. | | The other part of this is that for people like me who have been | serving http for so many years, the campaign for https just | doesn't hit as hard as for young people who really grew up with | that mindset being preached to them constantly. | | But in the end, I think that it is better if everyone does it. | Just maybe not quite as severe a problem as you think if a few | people slip through the cracks. | gumby wrote: | This is good advice (though it only needed to be a couple of | paragraphs long) ___________________________________________________________________ (page generated 2021-05-14 23:00 UTC)