Posted on

Want to hire and retain high-quality developers? Give them stimulating work

Software developers are some of the most in-demand workers on the planet. Not only that, they’re complex creatures with unique demands in terms of how they define job fulfillment. With demand for developers on the rise (the number of jobs in the field is expected to grow by 22% over the next decade), companies are under pressure to do everything they can to attract and retain talent.

First and foremost — above salary — employers must ensure that product teams are made up of developers who feel creatively stimulated and intellectually challenged. Without work that they feel passionate about, high-quality programmers won’t just become bored and potentially seek opportunities elsewhere, the standard of work will inevitably drop. In one survey, 68% of developers said learning new things is the most important element of a job.

The worst thing for a developer to discover about a new job is that they’re the most experienced person in the room and there’s little room for their own growth.

Yet with only 32% of developers feeling “very satisfied” with their jobs, there’s scope for you to position yourself as a company that prioritizes the development of its developers, and attract and retain top talent. So, how exactly can you ensure that your team stays stimulated and creatively engaged?

Allow time for personal projects

78% of developers see coding as a hobby — and the best developers are the ones who have a true passion for software development, in and out of the workplace. This means they often have their own personal passions within the space, be it working with specific languages or platforms, or building certain kinds of applications.

Back in their 2004 IPO letter, Google founders Sergey Brin and Larry Page wrote:

We encourage our employees, in addition to their regular projects, to spend 20% of their time working on what they think will most benefit Google. [This] empowers them to be more creative and innovative. Many of our significant advances have happened in this manner.

At DevSquad, we’ve adopted a similar approach. We have an “open Friday” policy where developers are able to learn and enhance their skills through personal projects. As long as the skills being gained contribute to work we are doing in other areas, the developers can devote that time to whatever they please, whether that’s contributing to open-source projects or building a personal product. In fact, 65% of professional developers on Stack Overflow contribute to open-source projects once a year or more, so it’s likely that this is a keen interest within your development team too.

Not only does this provide a creative outlet for developers, the company also gains from the continuously expanding skillset that comes as a result.

Provide opportunities to learn and teach

One of the most demotivating things for software developers is work that’s either too difficult or too easy. Too easy, and developers get bored; too hard, and morale can dip as a project seems insurmountable. Within our team, we remain hyperaware of the difficulty levels of the project or task at hand and the level of experience of the developers involved.

Read More

Posted on

Unpacking the Sumo Logic S-1 filing

Sumo Logic is going public, so let’s dig into its financial results

Setting our dive into Palantir’s gross margins aside for another day, Sumo Logic filed to go public this morning. The Redwood City-based, former startup raised around $340 million while private, according to Crunchbase data.

The Exchange explores startups, markets and money. You can read it every morning on Extra Crunch, or get The Exchange newsletter every Saturday.

Sumo Logic parses information collected from its customers’ enterprise apps and integrations to help them pinpoint operational and security issues and lets them dashboard additional elements as they wish. The company claims in its S-1 that its code is “continuous intelligence,” which it brands as “a new category of software.”

Our own Ron Miller summarized Sumo Logic as a “cloud data analytics and log analysis company” when it raised a $110 million Series G last May. At the time, it was valued at north of $1 billion, making it a unicorn.

Sumo Logic’s IPO has been in its plans for some time. We can see this in a 2017 TechCrunch headline noting that Sumo had then raised $75 million, and was “on path” to a public offering. So, how healthy is the company, and what have its investors bought with about a third of a billion dollars in capital? Let’s find out.

Sumo Logic’s financial performance

Up top: Sumo Logic operates on a fiscal calendar that ends January 31 of each calendar year. This is super standard for SaaS companies as it allows the firm to not wrap its year during the holiday period. This is good for sales teams and so forth.

Read More

Posted on

Decrypted: Police hack criminal phone network; Randori raises $20M Series A

Last week was, for most Americans, a four-day work week. But a lot still happened in the security world.

The U.S. government’s cybersecurity agencies warned of two critical vulnerabilities — one in Palo Alto’s networking tech and the other in F5’s gear — that foreign, nation state-backed hackers will “likely” exploit these flaws to get access to networks, steal data or spread malware. Plus, the FCC formally declared Chinese tech giants Huawei and ZTE as threats to national security.

Here’s more from the week.


How police hacked a massive criminal phone network

Last week’s takedown of EncroChat was, according to police, the “biggest and most significant” law enforcement operation against organized criminals in the history of the U.K. EncroChat sold encrypted phones with custom software akin to how BlackBerry phones used to work; you needed one to talk to other device owners.

But the phone network was used almost exclusively by criminals, allowing their illicit activities to be kept secret and go unimpeded: drug deals, violent attacks, corruption — even murders.

That is, until French police hacked into the network, broke the encryption and uncovered millions of messages, according to Vice, which covered the takedown of the network. The circumstances of the case are unique; police have not taken down a network like this before.

But technical details of the case remain under wraps, likely until criminal trials begin, at which point attorneys for the alleged criminals are likely to rest much of their defense on the means — and legality — in which the hack was carried out.

Read More

Posted on

How Have I Been Pwned became the keeper of the internet’s biggest data breaches

When Troy Hunt launched Have I Been Pwned in late 2013, he wanted it to answer a simple question: Have you fallen victim to a data breach?

Seven years later, the data-breach notification service processes thousands of requests each day from users who check to see if their data was compromised — or pwned with a hard ‘p’ — by the hundreds of data breaches in its database, including some of the largest breaches in history. As it’s grown, now sitting just below the 10 billion breached-records mark, the answer to Hunt’s original question is more clear.

“Empirically, it’s very likely,” Hunt told me from his home on Australia’s Gold Coast. “For those of us that have been on the internet for a while it’s almost a certainty.”

What started out as Hunt’s pet project to learn the basics of Microsoft’s cloud, Have I Been Pwned quickly exploded in popularity, driven in part by its simplicity to use, but largely by individuals’ curiosity.

As the service grew, Have I Been Pwned took on a more proactive security role by allowing browsers and password managers to bake in a backchannel to Have I Been Pwned to warn against using previously breached passwords in its database. It was a move that also served as a critical revenue stream to keep down the site’s running costs.

But Have I Been Pwned’s success should be attributed almost entirely to Hunt, both as its founder and its only employee, a one-man band running an unconventional startup, which, despite its size and limited resources, turns a profit.

As the workload needed to support Have I Been Pwned ballooned, Hunt said the strain of running the service without outside help began to take its toll. There was an escape plan: Hunt put the site up for sale. But, after a tumultuous year, he is back where he started.

Ahead of its next big 10-billion milestone mark, Have I Been Pwned shows no signs of slowing down.

‘Mother of all breaches’

Even long before Have I Been Pwned, Hunt was no stranger to data breaches.

By 2011, he had cultivated a reputation for collecting and dissecting small — for the time — data breaches and blogging about his findings. His detailed and methodical analyses showed time and again that internet users were using the same passwords from one site to another. So when one site was breached, hackers already had the same password to a user’s other online accounts.

Then came the Adobe breach, the “mother of all breaches” as Hunt described it at the time: Over 150 million user accounts had been stolen and were floating around the web.

Hunt obtained a copy of the data and, with a handful of other breaches he had already collected, loaded them into a database searchable by a person’s email address, which Hunt saw as the most common denominator across all the sets of breached data.

And Have I Been Pwned was born.

It didn’t take long for its database to swell. Breached data from Sony, Snapchat and Yahoo soon followed, racking up millions more records in its database. Have I Been Pwned soon became the go-to site to check if you had been breached. Morning news shows would blast out its web address, resulting in a huge spike in users — enough at times to briefly knock the site offline. Hunt has since added some of the biggest breaches in the internet’s history: MySpace, Zynga, Adult Friend Finder, and several huge spam lists.

As Have I Been Pwned grew in size and recognition, Hunt remained its sole proprietor, responsible for everything from organizing and loading the data into the database to deciding how the site should operate, including its ethics.

Hunt takes a “what do I think makes sense” approach to handling other people’s breached personal data. With nothing to compare Have I Been Pwned to, Hunt had to write the rules for how he handles and processes so much breach data, much of it highly sensitive. He does not claim to have all of the answers, but relies on transparency to explain his rationale, detailing his decisions in lengthy blog posts.

His decision to only let users search for their email address makes logical sense, driven by the site’s only mission, at the time, to tell a user if they had been breached. But it was also a decision centered around user privacy that helped to future-proof the service against some of the most sensitive and damaging data he would go on to receive.

In 2015, Hunt obtained the Ashley Madison breach. Millions of people had accounts on the site, which encourages users to have an affair. The breach made headlines, first for the breach, and again when several users died by suicide in its wake.

The hack of Ashley Madison was one of the most sensitive entered into Have I Been Pwned, and ultimately changed how Hunt approached data breaches that involved people’s sexual preferences and other personal data. (AP Photo/Lee Jin-man, File)

Hunt diverged from his usual approach, acutely aware of its sensitivities. The breach was undeniably different. He recounted a story of one person who told him how their local church posted a list of the names of everyone in the town who was in the data breach.

“It’s clearly casting a moral judgment,” he said, referring to the breach. “I don’t want Have I Been Pwned to enable that.”

Unlike earlier, less sensitive breaches, Hunt decided that he would not allow anyone to search for the data. Instead, he purpose-built a new feature allowing users who had verified their email addresses to see if they were in more sensitive breaches.

“The purposes for people being in that data breach were so much more nuanced than what anyone ever thought,” Hunt said. One user told him he was in there after a painful break-up and had since remarried but was labeled later as an adulterer. Another said she created an account to catch her husband, suspected of cheating, in the act.

“There is a point at which being publicly searchable poses an unreasonable risk to people, and I make a judgment call on that,” he explained.

The Ashely Madison breach reinforced his view on keeping as little data as possible. Hunt frequently fields emails from data breach victims asking for their data, but he declines every time.

“It really would not have served my purpose to load all of the personal data into Have I Been Pwned and let people look up their phone numbers, their sexualities, or whatever was exposed in various data breaches,” said Hunt.

“If Have I Been Pwned gets pwned, it’s just email addresses,” he said. “I don’t want that to happen, but it’s a very different situation if, say, there were passwords.”

But those remaining passwords haven’t gone to waste. Hunt also lets users search more than half a billion standalone passwords, allowing users to search to see if any of their passwords have also landed in Have I Been Pwned.

Anyone — even tech companies — can access that trove of Pwned Passwords, he calls it. Browser makers and password managers, like Mozilla and 1Password, have baked-in access to Pwned Passwords to help prevent users from using a previously breached and vulnerable password. Western governments, including the U.K. and Australia, also rely on Have I Been Pwned to monitor for breached government credentials, which Hunt also offers for free.

“It’s enormously validating,” he said. “Governments, for the most part, are trying to do things to keep countries and individuals safe — working under extreme duress and they don’t get paid much,” he said.

“There have been similar services that have popped up. They’ve been for-profit — and they’ve been indicted.”
Troy Hunt

Hunt recognizes that Have I Been Pwned, as much as openness and transparency is core to its operation, lives in an online purgatory under which any other circumstances — especially in a commercial enterprise — he would be drowning in regulatory hurdles and red tape. And while the companies whose data Hunt loads into his database would probably prefer otherwise, Hunt told me he has never received a legal threat for running the service.

“I’d like to think that Have I Been Pwned is at the far-legitimate side of things,” he said.

Others who have tried to replicate the success of Have I Been Pwned haven’t been as lucky.

“There have been similar services that have popped up,” said Hunt. “They’ve been for-profit — and they’ve been indicted,” he said.

LeakedSource was, for a time, one of the largest sellers of breach data on the web. I know, because my reporting broke some of their biggest gets: music streaming service, adult dating site AdultFriendFinder, and Russian internet giant to name a few. But what caught the attention of federal authorities was that LeakedSource, whose operator later pleaded guilty to charges related to trafficking identity theft information, indiscriminately sold access to anyone else’s breach data.

“There is a very legitimate case to be made for a service to give people access to their data at a price.”

Hunt said he would “sleep perfectly fine” charging users a fee to access their data. “I just wouldn’t want to be accountable for it if it goes wrong,” he said.

Project Svalbard

Five years into Have I Been Pwned, Hunt could feel the burnout coming.

“I could see a point where I would be if I didn’t change something,” he told me. “It really felt like for the sustainability of the project, something had to change.”

He said he went from spending a fraction of his time on the project to well over half. Aside from juggling the day-to-day — collecting, organizing, deduplicating and uploading vast troves of breached data — Hunt was responsible for the entirety of the site’s back office upkeep — its billing and taxes — on top of his own.

The plan to sell Have I Been Pwned was codenamed Project Svalbard, named after the Norweigian seed vault that Hunt likened Have I Been Pwned to, a massive stockpile of “something valuable for the betterment of humanity,” he wrote announcing the sale in June 2019. It would be no easy task.

Hunt said the sale was to secure the future of the service. It was also a decision that would have to secure his own. “They’re not buying Have I Been Pwned, they’re buying me,” said Hunt. “Without me, there’s just no deal.” In his blog post, Hunt spoke of his wish to build out the service and reach a larger audience. But, he told me, it was not about the money

As its sole custodian, Hunt said that as long as someone kept paying the bills, Have I Been Pwned would live on. “But there was no survivorship model to it,” he admitted. “I’m just one person doing this.”

By selling Have I Been Pwned, the goal was a more sustainable model that took the pressure off him, and, he joked, the site wouldn’t collapse if he got eaten by a shark, an occupational hazard for living in Australia.

But chief above all, the buyer had to be the perfect fit.

Hunt met with dozens of potential buyers, and many in Silicon Valley. He knew what the buyer would look like, but he didn’t yet have a name. Hunt wanted to ensure that whomever bought Have I Been Pwned upheld its reputation.

“Imagine a company that had no respect for personal data and was just going to abuse the crap out of it,” he said. “What does that do for me?” Some potential buyers were driven by profits. Hunt said any profits were “ancillary.” Buyers were only interested in a deal that would tie Hunt to their brand for years, buying the exclusivity to his own recognition and future work — that’s where the value in Have I Been Pwned is.

Hunt was looking for a buyer with whom he knew Have I Been Pwned would be safe if he were no longer involved. “It was always about a multiyear plan to try and transfer the confidence and trust people have in me to some other organizations,” he said.

Hunt testifies to the House Energy Subcommittee on Capitol Hill in Washington, Thursday, Nov. 30, 2017. (AP Photo/Carolyn Kaster)

The vetting process and due diligence was “insane,” said Hunt. “Things just drew out and drew out,” he said. The process went on for months. Hunt spoke candidly about the stress of the year. “I separated from my wife early last year around about the same time as the [sale process],” he said. They later divorced. “You can imagine going through this at the same time as the separation,” he said. “It was enormously stressful.”

Then, almost a year later, Hunt announced the sale was off. Barred from discussing specifics thanks to non-disclosure agreements, Hunt wrote in a blog post that the buyer, whom he was set on signing with, made an unexpected change to their business model that “made the deal infeasible.”

“It came as a surprise to everyone when it didn’t go through,” he told me. It was the end of the road.

Looking back, Hunt maintains it was “the right thing” to walk away. But the process left him back at square one without a buyer and personally down hundreds of thousands in legal fees.

After a bruising year for his future and his personal life, Hunt took time to recoup, clambering for a normal schedule after an exhausting year. Then the coronavirus hit. Australia fared lightly in the pandemic by international standards, lifting its lockdown after a brief quarantine.

Hunt said he will keep running Have I Been Pwned. It wasn’t the outcome he wanted or expected, but Hunt said he has no immediate plans for another sale. For now it’s “business as usual,” he said.

In June alone, Hunt loaded over 102 million records into Have I Been Pwned’s database. Relatively speaking, it was a quiet month.

“We’ve lost control of our data as individuals,” he said. But not even Hunt is immune. At close to 10 billion records, Hunt has been ‘pwned’ more than 20 times, he said.

Earlier this year Hunt loaded a massive trove of email addresses from a marketing database — dubbed ‘Lead Hunter’ — some 68 million records fed into Have I Been Pwned. Hunt said someone had scraped a ton of publicly available web domain record data and repurposed it as a massive spam database. But someone left that spam database on a public server, without a password, for anyone to find. Someone did, and passed the data to Hunt. Like any other breach, he took the data, loaded it in Have I Been Pwned, and sent out email notifications to the millions who have subscribed.

“Job done,” he said. “And then I got an email from Have I Been Pwned saying I’d been pwned.”

He laughed. “It still surprises me the places that I turn up.”

Related stories:

Read More

Posted on

IBM Cloud suffers prolonged outage

The IBM Cloud is currently suffering a major outage, and with that, multiple services that are hosted on the platform are also down, including everybody’s favorite tech news aggregator, Techmeme.

It looks like the problems started around 2:30pm PT and spread from there. Best we can tell, this is a worldwide problem and involves a networking issue, but IBM’s own status page isn’t actually loading anymore and returns an internal server error, so we don’t quite know the extent of the outage or what triggered it. IBM Cloud’s Twitter account has also remained silent, though we found a status page for IBM Aspera hosted on a third-party server, which seems to confirm that this is likely a worldwide networking issue.

IBM Cloud, which published a paper about ensuring zero downtime in April, also suffered a minor outage in its Dallas data center in March.

We’ve reached out to IBM’s PR team and will update this post once we get more information.

Update #1 (5:06pm PT): we are seeing some reports that IBM Cloud is slowly coming back online, but the company’s status page also now seems to be functioning again and still shows that the cloud outage continues for the time being.

Update #2 (5:25pm PT): IBM keeps adding additional information to its status page, though networking issues seem to be at the core of this issue.

Read More

Posted on

Decrypted: DEA spying on protesters, DDoS attacks, Signal downloads spike

This week saw protests spread across the world sparked by the murder of George Floyd, an unarmed Black man, killed by a white police officer in Minneapolis last month.

The U.S. hasn’t seen protests like this in a generation, with millions taking to the streets each day to lend their voice and support. But they were met with heavily armored police, drones watching from above, and “covert” surveillance by the federal government.

That’s exactly why cybersecurity and privacy is more important than ever, not least to protect law-abiding protesters demonstrating against police brutality and institutionalized, systemic racism. It’s also prompted those working in cybersecurity — many of which are former law enforcement themselves — to check their own privilege and confront the racism from within their ranks and lend their knowledge to their fellow citizens.


DEA allowed ‘covert surveillance’ of protesters

The Justice Department has granted the Drug Enforcement Administration, typically tasked with enforcing federal drug-related laws, the authority to conduct “covert surveillance” on protesters across the U.S., effectively turning the civilian law enforcement division into a domestic intelligence agency.

The DEA is one of the most tech-savvy government agencies in the federal government, with access to “stingray” cell site simulators to track and locate phones, a secret program that allows the agency access to billions of domestic phone records, and facial recognition technology.

Lawmakers decried the Justice Department’s move to allow the DEA to spy on protesters, calling on the government to “immediately rescind” the order, describing it as “antithetical” to Americans’ right to peacefully assembly.

Read More

Posted on

Tesla resurrects long-range RWD Model 3 for the Chinese market

Tesla is now producing and selling the long-range rear-wheel drive version of its Model 3 electric vehicle at its Shanghai factory, a month after receiving approval from the Chinese government.
The move might not be a milestone, but it’s notable because Tesla discontinued production of the long-range RWD Model 3 in the U.S. and now only offers that variant as a dual-motor all-wheel drive. It also marks a shift from Tesla’s initial plan to sell a more basic version of the Model 3 in China.
The company updated its China website showing the standard range plus — the first vehicle to …

Read More

Posted on

How accelerates social good with artificial intelligence

After realizing the potential to affect change while studying systems engineering at the University of Virginia, Brigitte Hoyer Gosselink began her journey to discover how technology might have a scalable impact on the world.Gosselink worked within international development and later did strategy consulting for nonprofits before joining, …

Read More

Posted on

ICT spending in Kuwait will reach US$10.1bn by 2024

ICT spending in Kuwait is estimated to grow at a compound annual growth rate (CAGR) of 10.2% between 2019 and 2024, reaching US$10.1bn by 2024. Growth will be driven by the increasing adoption of advanced technologies including artificial intelligence (AI), big data, cloud computing and Internet of Things (IoT), according to GlobalData, a …

Read More

Posted on

Why Silicon Valley is taking a big interest in trees

From the set of investors in Pachama’s $4.1 million seed round, which closed earlier this year, you wouldn’t think it’s a company that specializes in analyzing forests. 

The lead backer is Ryan Graves, a member of Uber’s founding team, and other funders include a who’s who of accomplished entrepreneurs and investors from across Silicon Valley. To list just a few: there’s the founder of the famed Y Combinator accelerator; a co-founder of livestreaming platform Twitch; the head of an autonomous vehicle startup; and an early investor in tech giants such as Twitter, Instagram and Stripe.

So why are all these big names interested in forests? Trees aren’t exactly a new technology. They haven’t been “the next big thing” since they first spread across earth’s landscape 360 million years ago.

The reason for Silicon Valley’s interest is simple: carbon. Trees naturally capture and store carbon from the atmosphere, which helps to mitigate climate change. New technologies have unlocked opportunities for large-scale carbon removal through improved forest management, due to converging advances in satellite imagery, artificial intelligence and data analysis.

Breakthroughs in verification and valuation

Pachama takes full advantage of the technology boom that has occurred over the last several years. The San Francisco-based startup has a dual mission. First, it verifies and monitors carbon credits. The company uses satellite data to ensure that projects store as much carbon as they claim and then continue to store that carbon over time.

In addition to two-dimensional satellite images, Pachama also receives data from LiDAR (light detection and ranging), which is like radar but uses visible light waves instead of radio waves. The LiDAR shows not only where the trees are but also how tall they are. Together, satellite images and LiDAR give Pachama a three-dimensional, color picture of forests, without anyone ever setting foot on the ground. 

Pachama gets much of its imagery from Planet, a company that has dozens of small satellites in orbit collecting high-resolution images of the entire earth every day. “In general, there’s been an explosion in the cost-effectiveness of remote sensing,” said Tara O’Shea, director of forest programs at Planet. “We’re getting more data and of higher quality.”

But remote measurements can’t do everything. To understand how much carbon is stored in a given plot, it’s necessary to understand the age, species and size of the trees on that plot; that information has to be collected on the ground, at least initially. That’s where artificial intelligence comes in.

Pachama’s algorithm uses machine learning to take in a few data points, and then extrapolate how much carbon is stored in similar areas of a given shape and color in the 3-D picture. This type of system is called a neural network because it mimics the way that neurons comprehend information in a human brain. For North America, Pachama’s network is able to predict the amount of carbon stored in a given area of forest with less than 2 percent error.

Even when land managers are able to verify the carbon they store, they can’t always find someone willing to pay for them to keep storing it. That’s why the second part of Pachama’s mission is to create a marketplace for buyers and sellers. Those buyers might be governments looking to comply with public policies such as the Paris Agreement or they might be private companies looking to offset their emissions.

One of Pachama’s investors is Tobias Lutke, chief executive officer of Shopify, whose company has committed to buying $1 million of sequestered carbon every year. That’s a small amount, given that Shopify’s operating expenses are well over $1 billion, but it’s meant to kickstart a still-nascent market. Shopify is one of several companies already buying credits on Pachama’s platform.

“We started with technology companies because we knew that they were going to understand how our system works in terms of online purchasing and in terms of validating the claims of the project with AI and satellite images,” said Diego Saez-Gil, founder of Pachama. 

Another of Pachama’s buyers, Microsoft, recently announced an ambitious commitment to not only become carbon neutral by 2030 but also to cancel out all of its historical emissions by 2050. To get there, it will need to find methods to economically remove large quantities of carbon dioxide from the atmosphere, and it has launched a $1 billion carbon innovation fund to help make that happen.

Measuring and mapping a market

Even before making its carbon commitments, Microsoft was proactively putting its technological resources to use through its AI for Earth program, which provides cloud computing power and technical support to startups and research organizations that are applying artificial intelligence to environmental challenges.

For instance, Microsoft offered up its cloud computing platform and technical know-how to help startup SilviaTerra to create a “basemap” of every acre of forest in North America, including an estimate of the species and size of every single tree. SilviaTerra used machine learning to build the map, based on satellite and sensor data from sources such as NASA, trained with field measurements from the U.S. Forest Service.

“There’s no Zillow for trees or there hasn’t been until us,” said Max Nova, a co-founder of SilviaTerra. “A lot of people are shocked that we don’t really know what’s on every acre. It seems a little crazy that we’re in 2020 and that’s still a mystery.”

SilviaTerra’s basemap is more than just enlightening. It lays critical groundwork for landowners to participate in markets for carbon storage and other ecosystem benefits. Forest managers can easily cut down their trees and sell them at the local sawmill, but it’s much harder to find a market for the services provided by keeping forests intact, particularly on small amounts of land.

“People get paid for timber right now,” Nova said. “Very few people are getting paid for things like carbon and wildlife. By measuring those things and giving buyers confidence that they can get what they paid for, we stand to unlock a lot of value in these forests.”

SilviaTerra is developing what it calls a “forest carbon rental market,” where landowners can get paid for delaying the harvest for a given year, rather than the entire life of the forest. This method factors in an expected likelihood of harvest, to account for situations where a landowner would have kept the forest intact even without a payment. SilviaTerra’s approach is part of a strategy of “dynamic conservation,” with tailored and flexible decision-making, which is only possible due to the comprehensive and detailed information that it has collected in its base map. 

“At the end of the day, having the data is nice but it’s not enough,” Nova said. “It only really matters if it’s driving different decisions that people are making on the landscape.”

The carbon credit conundrum

For Microsoft, supporting companies such as SilviaTerra and Pachama is a way to build a pipeline of projects that it can use to meet its long-term targets for becoming carbon negative. Although when I spoke with Bonnie Lei, head of global strategic partnerships at AI for Earth, she also identified a deeper existential imperative.

“If you’re considering the future of how you do business … the basic stability of how you’re able to operate is going to be completely dependent on how good of a steward you are of your current environment,” she said.

In spite of a few big commitments, investments in forest carbon storage have been relatively small, compared to the carbon that needs to be removed to limit warming to 2 degrees Celsius. Plus, forests can’t do all the work on their own. Even planting 1 trillion trees isn’t enough to seriously put the brakes on climate change without also drastically reducing emissions from fossil fuels. However, many emissions can’t be stopped right away, which is why carbon credits are particularly crucial.

Diego Saez-Gil founded Pachama with the expectation that there eventually would be a large and thriving demand for carbon removal, and his roster of big tech investors seems to share that vision. “If the planet continues waking up to the reality of climate change and the urgency of action, we believe that carbon markets will continue to expand,” he said.

This article has been updated to correct the name of Pachama’s founder. It is Diego Saez-Gil, not Diego Sanchez-Gil.