After interviewing 140 people at the top of their fields, Tim Ferriss has 2 key pieces of advice for 20-somethings starting a career

 

Tim Ferriss said that when you’re starting out in your career, you should focus on “learning instead of earning.”

  • “The 4-Hour Workweek” author and hit podcast host Tim Ferriss has made a career of collecting best practices from people at the tops of their fields.
  • For his new book “Tribe of Mentors,” bestselling author and star podcast host Tim Ferriss sent 11 questions to 140 people at the top of their fields.
  • He said most young people chase money at the expense of learning.
  • He also believes young professionals should focus on adopting skills that can work across industries.

When Tim Ferriss was an undergraduate at Princeton, he saw the majority of his classmates fiercely competing for high-paying consulting and finance jobs, regardless of their personal passions or backgrounds. He knew pretty quickly the path wasn’t for him.

After moving to Silicon Valley and starting his own company, Ferriss took a break from it all and embarked on a journey that resulted in his becoming a self-proclaimed “human guinea pig” who seeks out and learns from people at the top of their fields, from musicians to hedge fund managers, writers to chefs.

We recently spoke with Ferriss for Business Insider’s podcast “Success! How I Did It.” After asking him about his own career and what he learned writing his new book “Tribe of Mentors,” we asked him what he recommended for young professionals just beginning their careers. He had two tips.

1. Initially prioritize learning over money

Ferriss said that it’s worth fighting the urge to go for the job that will get you the biggest paycheck when you’re establishing yourself.

“If you optimize for money too early, you will be minimizing for learning, almost without exception,” he said.

“So look at the first few years out as an apprenticeship where you cover your costs,” he said. “And if you’re looking in business, I would say, be in the room as much as possible to observe the decision-makers and dealmakers.”

He said, for example, that if there were someone interested in technology startups and they had a choice between a 1,000-5,000 person team in a hot company and a fast-growing 30-person team in a field as unsexy as waste management — but with the opportunity to work alongside the leadership team — he’d recommend the garbage industry job without hesitation.

2. Learn transferable skills

He then explained that when undertaking this early career education, it’s worth focusing on the material that will help you when you are ready to start going after high-paying, respected jobs.

Ferriss said that if your job entails something niche like placing ads on Instagram, by all means learn how to do that well, “but spend equal time developing the higher level skills like negotiation, persuasion, copywriting.”

He explained: “These are skills that transfer to many, many other domains, which gives you a lot of flexibility and a lot of leverage.”

Source: http://www.businessinsider.com/tim-ferriss-career-advice-for-20-somethings-2017-11

Advertisements

朱啸虎复盘滴滴成长秘史:早期投他们 是觉得他们非常适合做地推

腾讯投资部把所有的公司看了一遍之后,第一选择是滴滴。

观望易到、摇摇、快的之后,为何是滴滴?

我们关注出行领域时间很久了。美国投「优步」的Benchmark和我们关系很好,当初还跟我们说,在美国投了一家比较好的公司,叫优步,发展很快。

于是我们就找类似的公司,当时还在早期。最早是「易到」,易到比滴滴早两年时间。易到团队也很成功,在杭州创业,现在公司已经卖掉了。

当初他们从阿里挖了一个 B2B 的中供的销售人员,过去做地推。我们看了三个礼拜,但数据不行。而且他们严格对标优步,在中国做专车。

当时(五六年前)中国没有人说专车。不像美国,美国大家都知道专车,在美国有一百多的历史。

所以他们当时专门招人做地推,办公楼从上往下扫,向所有的小老板介绍,说你应该有更好的出租车。进度非常慢,每个礼拜的实际达成业绩是预测的10%左右。

当时智能手机没有普及,所以还需要给司机送智能手机。虽然才一千块钱,但是也是成本,同时还要教育用户获取市场。

我们看了三期,觉得易到不对,没有投。

后来等了两年时间,出来了「摇摇」。我们和他们 CTO 关系很好,知道 CTO 和 CEO 有矛盾——CTO 一直不坚定。他是谷歌非常好的产品经理,但一直没有下定决心加入这个公司,一直在「半兼职」,也对 CEO 一直有很多抱怨。

这家公司一直在摇摆做专车还是出租车,产品市场一直在晃。而且 CEO 的互联网思维比较弱,该产品要先注册,先充值才能用,这样转化率很差。后来他们拿了红杉 300 万美金的投资。

再后来是「快的」,快的是陈伟星孵化的,陈伟星是一个很优秀的创业者。这是他孵化的项目,但他不是全职做 CEO。所以这个公司是没有 CEO 的,也比较难投。

当时我不认识程维。我在微博上搜滴滴打车,然后找到程维私信他。他是唯一一个专门做出租车领域的。他想的很清楚:占领市场份额 80%以上才会做专车。再加上他本身的阿里背景,非常擅长做地推,而且战略非常清晰,于是我们很快投了滴滴。

滴滴的迅速崛起之路,「快滴」大战

投了半年之后,我们把摇摇干掉了,这时摇摇依然在出租车和专车之间摇摆。那年冬天北京下了3场雪,每下一场雪,滴滴的数据就翻一番。

开年之后开两会,马化腾到北京找程维吃饭,他亲自找程维聊,以投资人的名义。当时滴滴还很小,每天几千单。腾讯投资部把所有的公司看了一遍之后,第一选择是滴滴,如果滴滴不让腾讯投,他们肯定会投第二家。

当时阿里已经给了快的一笔钱,滴滴去找阿里很尴尬,拿腾讯的钱也非常有顾虑。当时也很被动,最后还是决定拿了腾讯的钱。

拿了腾讯的钱之后发生了很戏剧化的事情——那年春节腾讯的微信红包火了。然而过完春节,红包热过了,微信支付没有用户了。微信支付就找到滴滴合作,而且腾讯付钱做补贴。当时滴滴很客气,预算 800 万做 3 个礼拜——腾讯觉得太少,给了 1500 万。结果上线半天 1500 万没有了,但是效果非常好。

当时很多朋友都是滴滴用户,但是不愿意绑卡,因为绑卡风险太大。为了 10 块钱的补贴,都去绑卡了,这里面还包括一些投行人士、证券分析师。

活动上了两个礼拜之后,支付宝醒悟过来,觉得这威胁很大,于是最后一个礼拜支付宝追进了。我们三个礼拜做完之后准备停了,当时远远超过了 1500 万的预算。但是腾讯觉得 10 块钱买一个绑卡用户很合算。

后来滴滴停了一个周末两天时间,但是支付宝没有停。我们看到数据发生了变化,到了星期天晚上,三七开。如果继续停,再一个礼拜肯定就翻盘了。所以星期天晚上我们召开了电话会议,商量要不要继续跟进。结果还是跟进,腾讯继续支持,方案改成了资金滴滴出一半,腾讯出一半。

到第二天凌晨,继续补贴的方案上线了。阿里永远比滴滴多一块钱,双方像打游戏一样,一直是动态调整的。后来又打了三四个星期,最后不是看谁的补贴多,而是看谁的服务器不 down 掉——每次下班高峰期都进不去。

腾讯派了 50 个工程师到滴滴解决优化问题。工程师当时都是做偷菜的人,只有偷菜的人才见过这么高的并发量。50 个工程师通宵干了七天七夜,非常给力。同样的,支付宝团队也在帮快的优化。

当年有很多经验——要把什么样服务停掉?如何专注在核心能力上?所以当时把周边的业务都降级,用来保证核心业务,当时滴滴后台系统全部重新升级。

后来马云出面喊停,当时双方信任度很差,互相的往下降,所以最后退出很讲究,退得也非常的不容易。那个时候已经开始谈合并了,因为大家觉得补贴太凶狠了,大家干也干得差不多了。

「三国盛世」下的融资大战

上海三分天下,滴滴、快的、大黄蜂,一上来全部打补贴战。当时大黄蜂在两个方面兜售,找滴滴和快的问他们要不要,一开始双方出价,但是价格太离谱了。

后来者更希望靠全补贴打透一个市场,靠补贴能把上海拿下来,找投资人继续拿钱。

当时滴滴放话给阿里说,我们放弃收购大黄蜂,我们可以签字不要大黄蜂,大家要什么价格自己去谈。

当时柳青代表高盛,想投资滴滴,但是希望滴滴和快的合并之后再投资。当时滴滴的市场份额大,我们希望在七三比较好。结果后面继续打,双方相互阻击融资。

当时,滴滴要融 C 轮很难,拿了腾讯的钱融资非常难,于是去美国融资。每见一个投资人,Joe 蔡就打电话过去,说不许投。从东海回到西安的时候,我们约了好几个投资者,但是阿里马上打电话说不能投。

当时阿里马上要上市,说,不投滴滴我给你分配阿里股份。当时非常痛苦。本来一个投资人已经说好要投的,后来黄了。甚至马云亲自和投资基金见面,达成了共识,最后没有投滴滴。

回来之后我们找到吴敬阳,找到中信产业基金。当时他们和马云说好,不会投滴滴和快的。但没有想到的是,他们看到数据之后觉得滴滴相当不错。以当时情况来说,这太不容易了。在这之后就比较顺了。

融了 C 轮之后,柳青加入,我们也没有想到。因为柳青和程维接触了很多次,柳青一直表示想合并之后投,这可以理解。没想到程维已经说服柳青加入滴滴,我们自己都没有想到,程维确实敢想敢做。

柳青入局之后,滴滴的融资进展非常顺利,所有投资人见了滴滴和快的全部投了滴滴。后面快的的融资进行得很困难。最后,马云亲自打电话给孙正义说,要支持快的,孙正义给了快的 7 个亿,后面还有 3 亿美金在犹豫要不要投。

三国归晋,滴滴开战优步

最后还是合并了。合并定下来之后非常快,可能在深圳谈了两三天合并,条款谈了一个多礼拜,就达成了共识。滴滴和快的合并之后,在国内就剩下了优步,易到等都比较小了。

我们投滴滴的时候去旧金山见过优步的创始人。没有一家美国公司在中国成功过,最成功的是当年谷歌投了百度 5%的股份,赚了很多钱。其实他可以参考这个案例,投滴滴 5%的股份。但他说 5%太少了,要投 40%,40%怎么赚钱?

他下面的人都认可,但是他不愿意,就打了一仗。优步在中国烧了 20 亿美金,每个月都亏,很多钱被骗补贴骗走了。补贴的效率很差,在中国推广产品有很多特殊性。

最后他的压力非常大。优步不像滴滴。滴滴的投资人可以在过程中随时退出,还欢迎早期投资人卖股份;而优步不让投资人卖股份,最后就被赶下去就是这个原因。优步的投资人投优步比我们早一两年,到现在一分钱都没有卖掉。肯定有卖股份这个需求,但是他不支持。

优步亏损得很厉害,在中国烧了 20 亿美金。投资人不愿意了,给他很大的压力,让他们必须退出中国。

于是他们主动找上了滴滴。我们虽然可以把它打死,但是代价很高,合并的损失会更少一点。最近优步出了很多问题,给了滴滴很好的机会。这可能成为中国第一个案例,中国的模式到美国去投资。

滴滴和优步有一点不同的策略:我们在海外扩张都是选择当地的合作伙伴。中国人英语水平不行,达不到在当地工作的交流水平,本地人去海外很难。于是我们把技术、运营策略输出给他们,这非常好。

当时第一个投了 Lyft。原因很简单,我们不能让优步在美国赚钱。一旦优步在美国赚钱,他们肯定拿全球的利润来补贴中国区的发展。通过 Lyft 骚扰优步使其不能在本土赚钱,后来目的达到了。Lyft 在美国市场的地位逐步上升,而美国的优步基本还赚不到钱。

所以总体来看确实滴滴每一步都惊心动魄,每一步的运气很好,我们没有犯错误,都是对手犯错误,尤其是优步犯了很多错。

如何看 CEO 和投资人的关系很重要。不能忽视投资人的需求,最后一旦出问题,矛盾会激烈地爆发出来。优步在单一项上赚了 80 亿美金,这么赚钱的项目,投资人还是把 CEO 赶走了,可见矛盾有多深。这是非常有意思的案例。

滴滴的未来&滴滴团队的闪光点

在朱啸虎见面会现场,还有一个嘉宾问答环节。在听完朱啸虎的叙述之后,参会企业的CEO或者创始人们各自提出了自己想了解、学习的一些困惑。以下内容已经过整理汇总。

Q1:滴滴等网约车,在相当一段时间内被政府政策限制,当时融资怎么解决这个问题?现在滴滴认为自己的边界在哪里?滴滴存在哪些风险?

朱啸虎:中国政府都这样,先看看,先放一放,行业稳定之后出监管政策,包括新闻、P2P、游戏、支付等等,投资人对这方面不担心。

现在出行相关的都是滴滴核心业务,比如二手车、新车、车加油、车后市场都是滴滴相关业务,包括驾驶、人工智能都是相关的业务。不一定是投资,绝大部分是自营。

风险永远存在,比如团队,在无人驾驶方面是否会落后。

Q2:怎么看共享汽车?

朱啸虎:在农村有市场,比如电动汽车,很多农民花几十块钱开一天,从农村开到乡里。但在城市很难做,为什么?停车费,在农村停车免费,共享单车不用停车费。

所以这需求是有,关键是守不住,而且还是非常小的市场。你看黄包车都守不住就知道了。

现在携程的微导游很厉害,网络很强大,社区很活跃,游客自己会互相分享。而且他们在尝试商业化,转化率非常高。关键是游客内部之间会分享,这是好玩的事情。它从入口端就留住了。但共享汽车没法打,短期一两年内可以做,长期比较难。

做小而美的公司很好,千万不要想太多,90%以上的公司是小而美的公司。

做小而美的公司,先把基本的东西想好。不能想太多,想太多死得快。小而美现在很滋润,但想做入口就可能会死得很惨。比如我们见过一家在智能家居做入口的,很难,我们不敢投,产业入口要烧很多钱。

Q3:滴滴团队带着成长的核心人才是哪些?程维最初团队是如何过渡到后来的人才结构?

朱啸虎:当年就靠地推,确实很辛苦。北京冬天凌晨 4 点钟他们起来找出租车——早上 4 点钟是出租车司机吃早饭的时候,是政府供应的特价早餐,那里容易找到出租车司机。当时快的打不过滴滴。支付宝派人去北京,呆了一天就回杭州了。

滴滴早期大部分是做地推的,今天大部分是技术。我们早期投他们,是觉得他们非常适合做地推。当时必须在两分钟之内全部搞定,比如话术,这里有一套非常好的程序。

程维在组织结构调整上非常有水平。确实在四五年中,整个公司的体系有巨大的变化,他初期的还人在,但是要找更好的岗位。阿里也是如此,阿里也有早期的人。

Q4:当年的程维可能不是最优秀的,什么原因决定你投他?你说到程维的成长,作为CEO他有什么好的学习方式?

朱啸虎:我觉得他是唯一在那个行业想清楚事情的,就想做出租车。

当时所有人没有想清楚为什么做出租车。当年A轮很困难,投资人不理解出租车行业,因为出租车行业确实很辛苦,出租车每天工作十几个小时每个月才赚四五千块。从出租车司机上身上赚钱是不可能的事。

但是他想清楚了出租车司机是入口。创业企业千万不要教育市场,比如起码要在出租车圈过来之后再做升级,升级是相对很靠谱的一件事。

程维的学习能力很强,心态开放,他向任何一个投资人、合作伙伴学习。千万不要说谎和隐藏,任何数据和信息开放,这样才能尽快地发现问题去纠错。

创始人如果和我说,这个很好、很放心,肯定不行;如果他说这个公司这个问题、那个问题,那这种创始人比较有机会。

后互联网时代来临,你懂线下吗,会 AI 吗,有深度爱好吗?

今天整个时代,机会从来都来自于变化,一个静态的社会是很难找到机会的。它是一个持续积累的过程,猎豹正是抓住了整个移动互联网在全球崛起的机会。

但是现在我看到移动互联网也进入到一个静态的过程,移动互联网的格局已经基本奠定。

今天猎豹也遇到一些问题,这些问题的核心在于工具的全球化已经被大家认知了,竞争在加剧,没有一个永远的蓝海,当这块红利消失以后,你就会要找下一个红利。

以前找到一个认知的红利大概能做个几十年,比如石油;后来做十几二十年,比如 PC;现在只能做三五年,你方唱罢我登场。

我认为互联网会成为一个基础行业,它谈不上是一个高科技行业了,互联网已经从边缘成为中心。它本身的创新基本上要么就没有,要么就是属于几个巨头,今天的 BAT 就是人类历史上的托拉斯,这个托拉斯比过去任何一个托拉斯都厉害,因为它懂互联网,总是能够最快地找到那些信息点。

不光是中国,美国也一样,在过去的五年当中,有哪一个美国纯互联网公司在原来的范畴内真正崛起?Facebook 之后好像就没有出现过类似的公司了。

Snapchat 在 Facebook 当年花 20、30 亿美金买它的时候,拒绝了。虽然这次上市以后大家都很看好,但这几个季的财报也不够好,它的时长被 Instagram 也打击得很厉害。一层一层的,大鱼吃小鱼,小鱼吃虾米,和传统行业没有任何区别。

还有一点,我认为互联网的技术革新已经缺乏动力了。

就和今天的电一样,最早用电的面包厂是高科技面包厂,人家都用水磨房你用电,但是现在电就像空气一样,没有人会提,因为它变成了基础产业,不具备创新性和创业性。

我经常在微博上收到一些私信,留言者说他有点子颠覆阿里巴巴,有点子颠覆腾讯,你给我十分钟就行了。这个可能性也许有,也许有天才,但是这个概率太低了。前两天搜狗要上市,我就跟小川说我们基本上就算是中国移动互联网最后一批纯互联网的公司了。

所以我觉得在后互联网时代,跨界和创新就是两大机会。后互联网时代的三大特征是:流量垂直化、个性化,线下红利期到来和 AI 创造的新场景。所以我想问:你们懂线下吗?会 AI 吗?有深度爱好吗?

先讲跨界,互联网未来就是一个基础的应用,我们需要考虑怎么去和行业结合。传统行业的春天已经到了。

互联网的形成实际上是一个蛮荒时代,一群不知所谓的年轻人冲进这个行业,他们也不是当时最优秀的人才,但是掌握了一些最先进的互联网思维,在一个虚拟的世界中快速攻城略地。

猎豹到今天全球有近 6 亿的月度活跃用户,几十亿次的下载,在美国月活是几千万,我们在达到这个数字之前在美国只有 1 个员工,而且那个人后来被解雇了,因为他天天不来上班,也没有人管他。

互联网当年带来的轻模式和神话般的增长,这个时代基本过去了。我看了一些互联网公司的财报也是一样的,今年上半年和去年的增长率几乎没有,这一代的互联网企业其实已经开始进入了一个滞胀期,只有和传统产业的结合,但是传统产业的积累是很多年的。

还有一点,之前很多人是不理解什么是互联网的,今天每个人多多少少都理解,而且还具备了当初定义的互联网人的素质,今天谁不知道公众号?谁不知道转发?

当年金山的崛起是一个叫求伯君的技术天才,现在想想他是很早地学习了一门计算机语言,写出了一个 WPS 的东西,金山就起来了,QQ 当年做了一个可以聊天的工具,它就起来了。但是今天你发现,当有一个点子,把它变成一个 APP 或者是应用程序的时候,各行各业的人都有这样的能力,就和当年建网站是一样的。所以,只有把它作为基础工具。

一、流量的垂直化和个性化

在后互联网时代,一定要用垂直化和个性化完成流量的细分。以前粗犷的流量是没有任何意义的,未来个性化会成为所有公司的基础性算法。未来一定要做到千人千面,手机市场不可能再增加了,流量本身也不会再有增加。你只能把流量细分,让每个人看到不同的东西。专注一些垂直场景,比如我现在看好的教育、健身,马拉松、旅游等,还有用 AI 实现的个性化。

二、线下红利期的到来

线下红利期的到来也是一个重要的特色。

以前刘强东在一次演讲中说,他关了所有线下店,线上的效率很高,这和那个时候线上没有人重视、成本低也是有关的。今天线上流量本身就很贵,线上已经从原来的洼地变成了高地。现在大家都在琢磨互联网,反而线下成为大家不太重视的地方,就显得便宜了。像共享单车,甚至在商场里看到自动售卖机。不仅是提供服务,更多是传统意义上的互联网流量。其实这些流量也是可以被挖掘的,而且它其实比所谓线上流量更便宜。

我经常给大家讲共享单车的例子,如果一辆自行车的成本 200 块,你放在那儿有人注册、骑行,一天有 10 个人,其实这辆车所有成本都回来了。大家做互联网推广,一个游戏用户需要几百,金融、保险行业也很贵,一个工具也得几块、几十块。

如果一辆自行车,首先你让一个用户注册了,有使用时长,还有支付账户,还付了钱,还有押金,这么看来其实很便宜,因为你和这个用户还产生了关系。现在樊登读书会还和自行车挂钩了,骑的时候扫一下还能听本书;当你骑到一个星巴克门口的时候,出了一个优惠券;当你到月底骑的时候,说给你一个贷款,让你买几包方便面,等着下个月工资的出现,这都算流量。

我昨天看了一个新闻,让我非常非常诧异,Google 去年光预置 Google 浏览器花的成本是 12 亿美金,占了他整个收入的 12% 多,去年比前年要提高了 5 个百分点。连这样的巨头,他掌握了整个生态,在流量的上面还花费了巨大的成本。

所以,这就能解释为什么今天,许多风险投资在新零售的投入,为什么今天 OPPO、VIVO 的崛起,其实也是靠线下的流量去和当时的互联网产生了竞争,这是一个很大的产业话题。

三、AI 创造新场景

我认为 AI 就是一个基础技术,不是一个产品,它就像电一样,会存在任何产品当中。今天没有什么是不用电了,AI 也会这样。

AI 是个技术浪潮,有机会使很多行业发生改变,比如零售,以前有一个问题,人们不知道消费者在线下或者是整个真实场景中发生了什么,只知道最后的交易,而在互联网上你知道用户在哪里点击、看过什么、对什么有兴趣、加入购物车以后又走了,这些线下店永远没办法实现。这就是刘强东说为什么要关闭线下门店。(不过他现在又开了)

但是今天线下店可以实现了,你通过摄像头、Amazon Go 做的无人购物,甚至这个人进店的时候,就知道他曾经来过没有,月消费额是多少,他的喜好是什么,都可以实现,线上线下已经实现无差别化了。所以,我认为很多新的场景就被创造出来了。

四、AI 时代如何弯道超车

如果说互联网是上一个认知红利,那下一个就是 AI 了。在这个时代背景下,我们怎么能够实现弯道超车?

我觉得核心是技术和产品和场景的结合,我记得有一次 AI 大会,李彦宏讲技术,马云讲数据,马化腾讲场景。我认为他们三个人代表了 AI 的三个维度,都是很重要的,其中最重要的是跟场景结合。说 AI 超过人类的人,基本上是没有看过技术本身。它只是一个更有效的技术而已,最重要的是要找到产品和技术的结合。

猎豹从一年多前开始布局 AI,通过投资和招聘的方式,组建了几百人的 AI 团队,花了很长的时间。因为我不是学技术的,也不会写代码,所以开始觉得这个东西特别高深,越到后面我发现越不是这样,你会发现它虽然比别的技术听起来更有复杂度,神经网络什么的,但是它把很多以前跨领域的技术集中在一起了,这就造成一个什么事情呢?就有点像互联网,所有聪明的大脑都在想着一件事情,所以这件事情发展就会非常的快。语音图像,自动驾驶都是不同的人在做,他们离的很远也没见过面,但深度学习把他们联系到了一起。

业界现在有两种观点,一种观点认为今天的 AI 是泡沫,没有真正的价值。殊不知这个东西在很多地方已经产生了巨大的变化。还有一种想法就是 AI 来了,人类要完蛋了,还需要我们吗?我觉得当然需要,因为今天至少我看到的 AI 只是一个高效的方式去理解算法而已,这个不能产生场景化的理解。所以场景化在什么时候用,怎么能够用得好,怎么让用户有体验,这是我们要去思考的问题。

猎豹自己做了一系列 AI 软硬一体化的落地。比如说用 AI 对 Live.me 的直播内容进行审核,对新闻内容进行个性化的推荐。美国对儿童、色情是非常非常在意的,我们有大量的工作是保证小朋友的利益不受侵犯,Live.me 不是一个成年人的 App。所有这些都是利用 AI 技术完成的审核,不然每天几十万的开播量根本看不过来。

硬件方面,猎豹旗下的人工智能公司猎户星空做的猎户语音 OS,在小雅 AI 音箱上全面推开,小米智能音箱的很多技术也是我们提供的。目前,猎户星空远场语音识别采用率在业内排名第一。图像识别上,我们的人脸识别技术在微软百万名人识别赛和 LFW 的竞赛中都排在前列。

猎豹的新使命就是成为一家有伟大技术理想的人工智能公司。工具产品是在移动互联网上,让你的手机更快、更好用的一种应用;但在后互联网时代,其实就是用人工智能让生活变得更好。未来,猎豹有很多技术成果都会逐渐发布出来。

真正讲在人工智能时代,我一直认为机器人会是中国一个巨大的机会。因为我们有最好的制造,有最好的软件,也有最好的场景思考,最重要的是中国的人口红利即将过去。随着消费的升级,最重要的就是体验。虽然机器人还有很多难点,但是我相信从一个小的点,我们必将找到一个巨大的行业爆发机会,并且和大家一起成长。最后一句话重申下猎豹的新使命,就是能够让世界变得更聪明,Make the World Smarter。

SSH/OpenSSH/Keys on Ubuntu

Public and Private Keys

Public key authentication is more secure than password authentication. This is particularly important if the computer is visible on the internet. If you don’t think it’s important, try logging the login attempts you get for the next week. My computer – a perfectly ordinary desktop PC – had over 4,000 attempts to guess my password and almost 2,500 break-in attempts in the last week alone.

With public key authentication, the authenticating entity has a public key and a private key. Each key is a large number with special mathematical properties. The private key is kept on the computer you log in from, while the public key is stored on the .ssh/authorized_keys file on all the computers you want to log in to. When you log in to a computer, the SSH server uses the public key to “lock” messages in a way that can only be “unlocked” by your private key – this means that even the most resourceful attacker can’t snoop on, or interfere with, your session. As an extra security measure, most SSH programs store the private key in a passphrase-protected format, so that if your computer is stolen or broken in to, you should have enough time to disable your old public key before they break the passphrase and start using your key. Wikipedia has a more detailed explanation of how keys work.

Public key authentication is a much better solution than passwords for most people. In fact, if you don’t mind leaving a private key unprotected on your hard disk, you can even use keys to do secure automatic log-ins – as part of a network backup, for example. Different SSH programs generate public keys in different ways, but they all generate public keys in a similar format:

<ssh-rsa or ssh-dss> <really long string of nonsense> <username>@<host>

Key-Based SSH Logins

Key-based authentication is the most secure of several modes of authentication usable with OpenSSH, such as plain password and Kerberos tickets. Key-based authentication has several advantages over password authentication, for example the key values are significantly more difficult to brute-force, or guess than plain passwords, provided an ample key length. Other authentication methods are only used in very specific situations.

SSH can use either “RSA” (Rivest-Shamir-Adleman) or “DSA” (“Digital Signature Algorithm”) keys. Both of these were considered state-of-the-art algorithms when SSH was invented, but DSA has come to be seen as less secure in recent years. RSA is the only recommended choice for new keys, so this guide uses “RSA key” and “SSH key” interchangeably.

Key-based authentication uses two keys, one “public” key that anyone is allowed to see, and another “private” key that only the owner is allowed to see. To securely communicate using key-based authentication, one needs to create a key pair, securely store the private key on the computer one wants to log in from, and store the public key on the computer one wants to log in to.

Using key based logins with ssh is generally considered more secure than using plain password logins. This section of the guide will explain the process of generating a set of public/private RSA keys, and using them for logging into your Ubuntu computer(s) via OpenSSH.

Generating RSA Keys

The first step involves creating a set of RSA keys for use in authentication.

This should be done on the client.

To create your public and private SSH keys on the command-line:

mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa

You will be prompted for a location to save the keys, and a passphrase for the keys. This passphrase will protect your private key while it’s stored on the hard drive:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/b/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/b/.ssh/id_rsa.
Your public key has been saved in /home/b/.ssh/id_rsa.pub.

Your public key is now available as .ssh/id_rsa.pub in your home folder.

Congratulations! You now have a set of keys. Now it’s time to make your systems allow you to login with them

Choosing a good passphrase

You need to change all your locks if your RSA key is stolen. Otherwise the thief could impersonate you wherever you authenticate with that key.

An SSH key passphrase is a secondary form of security that gives you a little time when your keys are stolen. If your RSA key has a strong passphrase, it might take your attacker a few hours to guess by brute force. That extra time should be enough to log in to any computers you have an account on, delete your old key from the .ssh/authorized_keys file, and add a new key.

Your SSH key passphrase is only used to protect your private key from thieves. It’s never transmitted over the Internet, and the strength of your key has nothing to do with the strength of your passphrase.

The decision to protect your key with a passphrase involves convenience x security. Note that if you protect your key with a passphrase, then when you type the passphrase to unlock it, your local computer will generally leave the key unlocked for a time. So if you use the key multiple times without logging out of your local account in the meantime, you will probably only have to type the passphrase once.

If you do adopt a passphrase, pick a strong one and store it securely in a password manager. You may also write it down on a piece of paper and keep it in a secure place. If you choose not to protect the key with a passphrase, then just press the return when ssh-keygen asks.

Key Encryption Level

Note: The default is a 2048 bit key. You can increase this to 4096 bits with the -b flag (Increasing the bits makes it harder to crack the key by brute force methods).

ssh-keygen -t rsa -b 4096

Password Authentication

The main problem with public key authentication is that you need a secure way of getting the public key onto a computer before you can log in with it. If you will only ever use an SSH key to log in to your own computer from a few other computers (such as logging in to your PC from your laptop), you should copy your SSH keys over on a memory stick, and disable password authentication altogether. If you would like to log in from other computers from time to time (such as a friend’s PC), make sure you have a strong password.

Transfer Client Key to Host

The key you need to transfer to the host is the public one. If you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer:

ssh-copy-id <username>@<host>

Where <username> and <host> should be replaced by your username and the name of the computer you’re transferring your key to.

(i) Due to this bug, you cannot specify a port other than the standard port 22. You can work around this by issuing the command like this: ssh-copy-id "<username>@<host> -p <port_nr>". If you are using the standard port 22, you can ignore this tip.

Another alternative is to copy the public key file to the server and concatenate it onto the authorized_keys file manually. It is wise to back that up first:

cp authorized_keys authorized_keys_Backup
cat id_rsa.pub >> authorized_keys

You can make sure this worked by doing:

ssh <username>@<host>

You should be prompted for the passphrase for your key:

Enter passphrase for key ‘/home/<user>/.ssh/id_rsa’:

Enter your passphrase, and provided host is configured to allow key-based logins, you should then be logged in as usual.

Troubleshooting

Encrypted Home Directory

If you have an encrypted home directory, SSH cannot access your authorized_keys file because it is inside your encrypted home directory and won’t be available until after you are authenticated. Therefore, SSH will default to password authentication.

To solve this, create a folder outside your home named /etc/ssh/<username> (replace “<username>” with your actual username). This directory should have 755 permissions and be owned by the user. Move the authorized_keys file into it. The authorized_keys file should have 644 permissions and be owned by the user.

Then edit your /etc/ssh/sshd_config and add:

AuthorizedKeysFile    /etc/ssh/%u/authorized_keys

Finally, restart ssh with:

sudo service ssh restart

The next time you connect with SSH you should not have to enter your password.

username@host’s password:

If you are not prompted for the passphrase, and instead get just the

username@host’s password:

prompt as usual with password logins, then read on. There are a few things which could prevent this from working as easily as demonstrated above. On default Ubuntu installs however, the above examples should work. If not, then check the following condition, as it is the most frequent cause:

On the host computer, ensure that the /etc/ssh/sshd_config contains the following lines, and that they are uncommented;

PubkeyAuthentication yes
RSAAuthentication yes

If not, add them, or uncomment them, restart OpenSSH, and try logging in again. If you get the passphrase prompt now, then congratulations, you’re logging in with a key!

Permission denied (publickey)

If you’re sure you’ve correctly configured sshd_config, copied your ID, and have your private key in the .ssh directory, and still getting this error:

Permission denied (publickey).

Chances are, your /home/<user> or ~/.ssh/authorized_keys permissions are too open by OpenSSH standards. You can get rid of this problem by issuing the following commands:

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Error: Agent admitted failure to sign using the key.

This error occurs when the ssh-agent on the client is not yet managing the key. Issue the following commands to fix:

ssh-add

This command should be entered after you have copied your public key to the host computer.

Debugging and sorting out further problems

The permissions of files and folders is crucial to this working. You can get debugging information from both the client and server.

if you think you have set it up correctly , yet still get asked for the password, try starting the server with debugging output to the terminal.

sudo /usr/sbin/sshd -d

To connect and send information to the client terminal

ssh -v ( or -vv) username@host's

Where to From Here?

No matter how your public key was generated, you can add it to your Ubuntu system by opening the file .ssh/authorized_keys in your favourite text editor and adding the key to the bottom of the file. You can also limit the SSH features that the key can use, such as disallowing port-forwarding or only allowing a specific command to be run. This is done by adding “options” before the SSH key, on the same line in the authorized_keys file. For example, if you maintain a CVS repository, you could add a line like this:

command="/usr/bin/cvs server",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-dss <string of nonsense>...

When the user with the specified key logged in, the server would automatically run /usr/bin/cvs server, ignoring any requests from the client to run another command such as a shell.

Ruby on Rails in Machine Learning – Yay or Nay?

Machine Learning is a trending field of Computer Science turning computer’s computations into a new level and giving a number of unique opportunities. It’s getting more and more popular, and it’s common for modern web application as well as services, such as Netflix, Spotify, Amazon.com and Facebook. Machine Learning is a good solution for apps based on recommendations or some kind of predictions. If you want to build such apps, you will need an efficient backend technology to support it. Is Ruby on Rails the right choice?

https://ericplayground.files.wordpress.com/2017/10/9a99f-1yc4ub-q9m5kzqbjakrgfrq.png?w=918&h=688

What’s Machine Learning?

The most famous definition of Machine Learning is the subfield of computer science giving computers the ability to learn without being explicitly programmed.
In fact, it gives a nice clue of what it is all about. Machine Learning is a part of data science. It is used when we want to use computers to predict unknown results based on related bulky data sources. It is a good way to discover any kind of uncertainty, such as recommendations, predictions or detections of described situations. We don’t need to plan and implement any algorithms. We say that a computer gains  the ability to be smart and learn new things.

How Does It Work?

We don’t need to specifically instruct a computer on what to do. If you want to be smart and predict uncertain values applications, use specific structures and tools, e.g. neural nets. These technologies learn new facts and make predictions in a way which is similar to that of the human brain. For example, neural nets are composed of layers of units called neurons. We see a clear analogy of how it could work.

What Do We Need?

As Machine Learning is a part of Data Science, it is a composition of various mathematical computations. It means that an application uses the technology needs to provide complex calculation fast. Since it’s not a trivial software problem, we need to take care of the best tool choices.

Is Ruby on Rails a Good Choice for Machine Learning?

Ruby is an elegant programming language which found its role in the web development and scripts. With the help of Ruby and Rails framework, developers can build MVPs in a way which is both fast and stable. This is thanks to  the availability of various packages called gems, which helps solving diverse problems speedily.

However, looking for the Machine Learning gems, we can conclude that the choice is not that rich. Going deeper, the described solutions are not documented enough. The reason is that they do not provide efficient computation speed and gather a too small community around. All these factors attest to the fact that there are more risks than advantages of using Ruby gems as Machine Learning solutions, and it is not the best choice after all.
Moreover, tools and packages are as useful as the language of development. Ruby is definitely one of the most interesting programming languages. It has many proved purposes, but fast computing is not one of them. Ruby does not match Machine Learning, and we need to look into something better.

What’s the Alternative?

Python is also a popular programming language which is often used in Data Science projects because:

  • It has numerous packages for Machine Learning and other computations. The prime examples are numpy, pandas, keras, tensorflow. These packages are well-documented, which is helpful in starting with new projects and solutions. It also speeds up the process of fixing bugs.
  • Its libraries are simply powerful. It means that they comprise many features helpful in complex computations. The development is fast, efficient and stable. It is also common that they use a range of computation speed improvements. All of these advantages make these tools mature and reliable.
  • Another important advantage of using Python libraries is a considerable support from the community as the developers can easily find tutorials and tips valuable in a development process. A stable community makes the start threshold lower – it is easier to use new technologies from scratch.
  • Python is a developer-friendly language which is easier to start with for Ruby on Rails developers comparing to other, lower-level programming languages. The syntax is intuitive, and it parallels the one in Ruby more than other popular languages.

Tensorflow

We need to choose the best Python library for the Machine Learning purposes. We recommend using Tensorflow, a popular and powerful tool from Google. It provides stable implementation for Python, C++ and many other programming languages. We decide to use Tensorflow for the benefits it provides:

  • it has an excellent documentation, a bunch of helpful tutorials and howtos, which helps developers go deep into the Machine Learning solutions;
  • it performs all complex calculations “behind” Python – it uses a unique computational engine and leaves Python free of heavy operations;
  • it allows building neural nets and other Machine Learning structures like graphs and chains of single operation blocks;
  • it allows using Graphics Processing Unit for a much better performance.

RoR as a Web Application for ML

Ruby on Rails is a perfect choice for web development. It gives developers the possibility to kick off a stable MVP really fast. However, it does not guarantee the best performance and the quality of complex and heavy computations.
Based on the above, it is a good idea to connect the brilliance of Ruby on Rails framework with Python as a microservice performing Machine Learning computations. This architecture gives us the mix of the best computation efficiency and web application development stability. It minimises the time of building a prototype and provides the best quality of usage.

What are the main benefits of such a combination?

  • It’s easy and convenient to connect our app with other microservices. The Rails framework provides many reliable ways of communication between different services. It does not break the integrity with the core services.
  • Rails is great for building MVPs. Developers can build a web application fast and pitch it to investors.
  • It is a stable solution with a really good documentation. Moreover, there are many famous companies which trusted this framework and built efficient software.
    Active community support also makes this choice smart.
  • With the help of gems, Rails packages, developers can quickly build more complex parts of an application.

How to Connect Microservices in Python with RoR

So, we chose Ruby on Rails as a web application framework and Python with Tensorflow as a Machine Learning microservice. Great! The very last element of our technology chain is the efficient connection between these two endpoints. It is important to choose connection technology carefully. Let’s compare two most common options:

HTTP Communication

The first option is the HTTP communication. It is definitely the most popular way of connecting the two services. The most popular one may not be the best. HTTP protocol is getting older and older. There are still some boilerplates, issues and difficulties on our way. Moreover, it is said that the protocol does not provide the best speed in all cases. We are looking for the best efficiency in each step of development, so it is worth finding something better.
Secondly, this type of communication needs lots of effort in Rails and Python. It results in more time needed to build a stable communication solution. In the case of Ruby on Rails, it is quite straightforward, but we also need an endpoint in Python. If we chose HTTP, we would have to use an additional tool to build it on the Python side. It breaks Single Responsibility Principle which we are aware of.
Overall, HTTP is quite complex itself. We need a really simple and efficient way.

RabbitMQ

The second option is a tool called RabbitMQ. It is stable, fast and it is growing in popularity among developers. The communication model is simpler and faster than the HTTP protocol. An outstanding documentation and examples ensure that developers easily start using this tool. Another important advantage is the presence of truly solid Ruby and Python libraries providing RabbitMQ communication in these languages. It makes the usage really easy and stable.
Using RabbitMQ is a good choice for connecting the Rails web application and Python microservice.

Wrap-up

The proposed architecture of web application using Machine Learning features has both its strong and weak sides. Web application development is stable, and it’s possible to use Ruby gems to build a web application fast. It ensures great efficiency of Machine Learning computations thanks to the Python and Tensorflow library. Finally, the connection between both services is fast and safe.

On the other hand, you should consider the downsides as well. It has a bit more complex architecture model at the cost of creating an almost perfect solution.

In the case of Machine Learning ecosystem, it is better to mix different technologies and select the best tools to support them than rely on standalone choices which are not always as good as they seem.

Pebble’s founder is back on Kickstarter with an iPhone battery case that also charges AirPods

Pebble’s founder and former CEO Eric Migicovsky is back with his first new product since the smartwatch maker got rolled up into Fitbit last year. The PodCase doesn’t have the same sort of grand ambitions as his last project, but the new case is the kind of clever one-off product Kickstarter was designed to deliver.

Up top, a pair of AirPod slots sit just to the right of the case’s camera cut out, so users can charge Apple’s Bluetooth earbuds using the same 2,500 mAh battery that keeps the phone powered. The industrial design certainly looks solid, courtesy of Pebble lead designer Steve Johns — though the Mophie comparisons are pretty much unavoidable right out of the gate.

And, of course, between the two Pebble alum and Allen Evans, a co-founder of Glyph video headset makers Avegant, the PodCase has a pretty solid foundation. After all, during its half-decade existence, Pebble claimed three of the top five Kickstarter campaigns of all time — though, admittedly, the latest didn’t ultimately end up well for anyone, save, of course, for Fitbit.

In a conversation with TechCrunch, Migicovsky is quick to point out the team’s somewhat unorthodox approach to this release. It’s a cautious take on a product launch from a team of folks who have witnessed the ups and downs of launching a hardware startup firsthand. The trio has provided the initial funding to help bring the product to Kickstarter, and then it will play things by ear from there. In fact, the group refuses to refer to itself as a proper company, instead calling Nova Technologies, “a small group of technologists” on its new Kickstarter page.

“There are some products that don’t need an entire company around them,” says  Migicovsky. “We probably won’t need to scale up to meet demand, but if we do, we can scale up to meet that demand. We’re not building a company that’s selling more and more of these cases every year or having to have a hit in order to meet our revenue numbers. If it sells, great. If it doesn’t, it’s not the end of the world. We have a lot of other projects behind this, waiting in the backlog.”

It’s a fairly zen approach from founders who have been through the wringer, but PodCase is a pretty clever first step that alleviates having to carry around an additional AirPod charging case. And the fact that it keeps the headphones with the user’s iPhone when not in use should lessen the likelihood of leaving them behind.

The PodCase Kickstarter page is live, offering up the accessory in both iPhone 7 and iPhone 7 Plus sizes, with the option to switch an order to the iPhone 8 after the phone is announced next week. If the group hits its $300,000 goal, it expects to start shipping in February.

Kickstarter’s most successful fundraiser shares lessons from a failed campaign

PodCase’s search for $300,000 on Kickstarter has ended — not with a bang but a whimper. Earlier this week, the company posted an update to its page, explaining that it would not be continuing the campaign after having pulled in less than a tenth of its goal, with around three days left.

“As I’m sure you can see, this project was way less successful than we had intended,” the product’s creators noted. “Unfortunately it will not be funded and we will not be able to manufacture PodCase as it stands today, at least on the timeline that we were aiming for.”

The project was notable not just for its clever solution to the problem of carrying around an extra AirPods case, but also for the team involved. The project was the work of Avegant co-founder Allen Evans, Pebble lead designer Steve Johns and the bygone smartwatch startup’s founder, Eric Migicovsky. With that sort of pedigree, it was a bit of a surprise to see the project come up so short.

After all, Pebble currently commands three of the top five Kickstarter projects of all time (joined by a “cooperative nightmare horror game experience” and, naturally, a party cooler). Of course, PodCase hedged its bets a bit with an early press push, noting that the company wasn’t actually a company, per se. It was more the work of a few industry vets attempting to change the conversation around what it means to be a hardware startup.

As Migicovsky told me early last month, “There are some products that don’t need an entire company around them.” The idea behind the PodCase’s launch was to get all of the required funding in one fell swoop. In other words, the team would never seek outside investor funding and instead it would simply treat each product as its own self-contained project. Create a product, fund it, release it, repeat.

“We were trying to run this experiment where we were trying to see if we could fund this entire experiment on the back of one Kickstarter campaign,” Migicovsky told me on the phone earlier today. “I think the answer is no, at least for these products. Imagine if we had done it the other way, where people see the barrier really low and spend a lot of money on advertising and it’s not successful. Then you’re stuck holding the bag. You need to either find investors that will post up the cash to fund the same operation that you’d already promise your Kickstarter backers. I think we were a little more honest and upfront with people.”

Of course, such an undertaking also requires a lot of money upfront, which is the primary reason behind the PodCase’s lofty $300,000 all or nothing goal. Launching a Kickstarter campaign always requires a level of mental math, weighing demand against financial need. And when you’re rejecting the possibility of external funding, the latter increases dramatically. In the case of this campaign, the ultimate number missed the mark — by a lot.

It’s not that there was no demand for the product. It was certainly a clever approach, and the company pulled in 325 backers, but a lot of different pieces have to line up perfectly to make someone a potential customer for a product like this.

 “We [overestimated] the number of people that were interested in solving this problem at the expense of another case on top of their phone,” Migicovsky says. “The majority of the AirPod base we were going after didn’t overlap with the group of people who were interested in putting cases on their phone, at least in the configuration that we showed off.”

To the casual observer, it also appears as though the team’s intentional lack of resources came into play here. Migicovsky waves off the notion that a proper PR team is necessary to a successful Kickstarter campaign, but when you’re looking for a minimum of hundreds of thousands, it’s certainly a big help.

The team’s relative nonchalance about the whole thing means, perhaps, that its inability to meet the goal is a little less heartbreaking — for them, at least. At the very least, it leaves fewer people in the lurch — the all or nothing approach means that backers are disappointed, but not out $70 or $80. Instead, Migicovsky is approaching the whole thing as a sort of learning experience.

“We treated it like a fishing expedition,” he says. “We tried to just see if people were interested. The other way was what we did with Pebble, where we’d already been working on it for four years, we’d already launched our first version, we already had a couple thousand users, and we knew that we’d take the feedback from the early versions and funnel it into Pebble. This was the first shot in the dark with this concept and we got the feedback we needed.”

As far as what that means for the future of this project specifically, the team isn’t ruling out the possibility of another go at the PodCase, perhaps with a focus on the iPhone X. The overlap between iPhone X and AirPod users is probably pretty large. And people are likely going to want a case to protect their $1,000 phone.

“I have no idea one way or another,” says Migicovsky, “but it doesn’t represent a blocker for me. I spent four years launching various versions of what would become Pebble before launching it on Kickstarter. That was never a mental blocker for us.”