A few friends convinced me to join HabitRPG a few weeks ago. Since then, I’ve become an enthusiastic convert!

The idea behind HabitRPG is that we can treat our to-do lists like a game. We can get points for knocking items off the list, level up, and even help friends defeat bigger monsters. HabitRPG offers a little motivation for the things we know we need to do.

For me, the biggest win is that I’m ‘playing’ in a group. If I let down my party — if I fail to complete my tasks, leading us to take damage as a group from whatever monster we’re currently fighting — I feel like a jerk. I definitely recommend playing with a group (preferably people you see regularly face-to-face), because the accountability HabitRPG offers is masterful. It’s even an improvement on traditional accountability models in some way, because no one else can see what your tasks are: you get the positive reinforcement from your friends without having to explain any embarrassing tasks you’re struggling with.

HabitRPG is not a task manager or a to-do list in and of itself, though. I’m using it alongside Asana (I’ve forced the rest of my household on to an Asana workspace and I won’t give that up). I would love to see an integration between the two, but I don’t expect that to happen any time soon. And that’s okay: HabitRPG excels at adding a little bit of motivation, not at nagging you about a missed deadline. I’ve found it beneficial because some of my time-insensitive work would normally get ignored, but HabitRPG treats all tasks equally.

HabitRPG is available on a freemium basis and I’m currently on the free plan. So far, I’m not feeling any great push to move over, though I expect that I’ll pay for a plan in order to support the makers. Unfortunately, HabitRPG does seem to have a lot of downtime. However, the underlying software is open source, so you can go fix it if you’re emotionally invested enough.

html

Latin is a strange language. No one speaks it as their first language and few people speak it regularly outside of Vatican City. Yet many schools still offer Latin classes and most of us know a few words (even if we aren’t always aware that we do). We still use Latin roots for forming new words, even in English with its Germanic heritage. Kids studying for the SAT or GRE learn Latin roots to score well on what may be the most important tests of their lives.

We have a certain respect for the language that united scholars and politicians across Europe hundreds of years ago. Latin provided an underlying structure that allowed key ideas to pass communication barriers. Whether or not Latin is regularly spoken in the future, it will still have a lasting impact on the words we use for centuries to come.

The digital age requires a new connective infrastructure. Markup languages, including HTML, are that communication tool. Markup languages are systems of annotating documents in a way that’s both visually different from the text itself and recognizable by computer programs. Learning at least a few HTML tags is rapidly becoming a necessary step to sharing information across borders. HTML, by the way, stands for “HyperText Markup Language.”

The Words Themselves Aren’t So Important Today

As a writer, I hate myself for even suggesting that words themselves aren’t so important. But with translation tools constantly improving, my choice to use English words is far less important than it was even a few years ago. Even the specific words I use are exchangeable for something simpler: I can drop a blog post like this into Hemingway and see where I can change my diction.

I read web pages written in foreign languages every day. Google translates those pages for me automatically. I don’t need a human to translate their work into Latin or another shared language for me to get the gist of it.

But I do need those foreign texts in a format that Google can access. They need to be web pages, written in HTML, so that a machine can access and process the information they contain. Markup languages make our work accessible to the world — the same purpose Latin served centuries ago.

Of course, machine-based translation isn’t perfect. It’s improving, however, especially as the systems handling such translation get access to more text and can learn from experience. The algorithms used to process language are improving every day. In the long-term, it’s possible that we really could have real-time translations whispered into our ears as we talk. In the meanwhile, we can make our work easier to access, both by machines and by humans.

A Little Formatting Makes a World of Difference

Formatting is crucial. When we speak, we can convey our emotions through eye rolls, upbeat tones of voice, and other non-verbal communication. But with the written word, we’re limited to sharing information through words and formatting. Boldness, bullet points, and other visual cues have to do the heavy lifting.

This sort of formatting also conveys information to non-human readers. When a machine processes a document without any formatting, it can guess what the title and topic of the piece are based on comparison to other documents. But if the writer of a document puts a couple of H1 tags around that document’s title, a computer can tell the title of the piece immediately. Doing so also helps human readers focus on the title quickly, as an added benefit.

Unfortunately, formatting isn’t always a simple matter. There are many ways we can share text with the world — a shared Word doc, a WordPress blog post, a plain text comment, and many more. But each of these methods brings its own formatting woes. Our reliance on rich text is to blame. Different tools implement formatting in different ways, making it difficult to copy and paste between systems. These proprietary systems don’t talk to each other as well as they could. Don’t get me wrong. The situation has improved over the past few years: You can copy text from a Microsoft Word document into a WordPress blog post without your formatting going all wonky now (provided you’re using a recent version of WordPress). But there’s still plenty of room for improvement.

Writers Need to Learn Markup Languages

The need to make our work more accessible for both human and machine readers seems like a question of improving technology. Our tools are continuing to evolve. But, as a writer, choosing to learn HTML or another markup language can push your own work much further.

On the most basic level, offering an editor or a publisher a plain text file formatted with HTML can help your career. An editor can get your work published online far faster if you hand them a prepared file. You have a far better shot at being the editor’s favorite writer when you know HTML.

On a deeper level, however, the ability to correctly format your writing in HTML can increase its reach. Search engines have a harder time ranking an incorrectly formatted blog post or web page than one with correctly written HTML. You don’t have to dive too far down the rabbit hole: just being able to format your writing and add a little meta data is enough to make your work much more accessible. Adding in the right HTML is the modern day version of translating your work into Latin so that the folks in the next country over can actually find and understand your work in their library.

I’m not suggesting that you learn how to program. I may personally think that’s a good idea, but I’ve seen other writers get anxious at that sort of suggestion. Rather, writers need to be able to annotate our work to ensure our meanings are clear — we need to add formatting tags and a few other details. It’s possible to get by with using a tool that generates your HTML for you. I actually write in Markdown using a cloud-based word processor that can transform Markdown files into all sorts of other formats. But it’s worth your while to learn some HTML first, if only so you’ll notice if an automated system gets something wrong.

HTML is a Tool of the Cultural Elite

Through the seventeenth century, getting any attention at all required translating your work into Latin. It didn’t matter if you were a member of the Catholic Church or not. Latin was your only choice of languages for communicating with the cultural elite. Even Isaac Newton, who lived in the Protestant country of England, wrote his mathematical treatises in Latin.

Today, reaching the cultural elite means publishing your work online. Online doesn’t mean just tossing up an essay or an article on your blog, by the way. If you want to have any sort of reach, you need to be able to push your work on to a variety of platforms, like the Kindle. Just as writing in Latin meant that any European with a good education could read Newton’s work, marking up your own work with HTML makes spreading it easier. You can immediately push your work out to all the different platforms your readers might use. (The only way to use what Amazon refers to as ‘advanced formatting’ in a Kindle ebook, as it happens, is to format your book using HTML.)

There may always be print versions of particular work, but we’re fast reaching a point where publishers of all stripes push work online first and create a physical copy second. And since HTML, with a little help from CSS, can format text for printing, we should expect the online-first mindset to become even more common.

So Where Should Writers Start?

It’s not uncommon to meet writers who are only interested in perfecting their craft. Personally, I find that mindset to be problematic: If you want to lock yourself in a room all day to write, how can you guarantee that anyone will ever read what you’ve created? If you want to opt out of the world and focus on writing to the exclusion of all other things, though, you do have the option.

But if you’d rather ensure your work reaches an audience, there are a few easy starting points to help you learn a markup language.

  • Start by writing in a rich text editor, such as the one built into WordPress. Write as you would normally, but make a point of switching from rich text to HTML. In WordPress, you just need to click between tabs at the top of the text box where you’re composing your latest magnum opus. Once you see your HTML, you can make a point of checking your formatting against the HTML your editor generates. You’ll pick up simpler formatting, like bold or italic quickly.
  • Consider going through a tutorial or a class. There are hundreds of free tutorials online for HTML and related topics. I’d suggest searching for how to handle specific questions, like ‘how to format a block quote in HTML‘. You can also take more in-depth classes, like those offered by Codecademy.
  • Learn more about markup languages — but only if you really want to. I realize that I’m already bumping up against the limits of what the average writer cares about by writing 2,000 words about why you should care about HTML. If I went down the rabbit hole into topics like metadata, Markdown, and the wide variety of markup languages out in the world, I’d probably lose most of you who have read this far. But for the one or two of you who have an interest, there are all sorts of opportunities out there for writers who really understand markup languages.

You can also consider your tools. We don’t always get the option of choosing how we write. The muse may only strike when you’re looking at an entirely blank screen or even if you’ve just got a pad of paper and a pen. But if you understand your own workflow, you may be able to upgrade your tools so that you’re able to deal with HTML questions and the like with only minimal effort.

At the bare minimum, choose word processing programs capable of exporting HTML without screwing up your carefully planned formatting. Scrivener, for instance, has a much better export track record than Microsoft Word. There are any number of word processors and other tools that will help you write, as well as add HTML to your work in an efficient manner.

Right now, I’m using a tool called Beegit. It gives me a way to share projects with a team, as well as the ability to write with visible markup in my documents. However, Beegit is based on Markdown, rather than HTML, so it’s not necessarily a good switch if you’re still learning about markup languages.

Your Obligation to Experiment

The written word is becoming ever more important: We spend more time with text today than any of our ancestors ever did. But we still haven’t perfected a way of ensuring that a given document is accessible to every single person who wants to read it. Language and cultural barriers still slow down how quickly we can share new ideas, as does issues as simple as file formats.

But the more that we writers can tackle the question of accessibility on our own, the wider our own work will spread. If reaching readers is one of the reasons you bother to put words into a row, take the time to experiment with markup languages, just scholars in centuries past invested the time necessary to learn Latin.

Photo credit: iStylr

Chris Guillebeau’s third book, “The Happiness of Pursuit” is a perfect fit with the themes of his previous books. The logical progression of Guillebeau’s books makes perfect sense:

  • In “The Art of Non-Conformity“, Guillebeau laid out a vision of how readers can choose a more personal path. The book offers insights for deciding what your goals might be and how you might live your life differently.
  • In “The $100 Startup“, Guillebeau offered strategies for funding those different approaches to life. It’s effectively the guide for for how to afford the goals readers set in response to “The Art of Non-Conformity.”
  • In “The Happiness of Pursuit“, Guillebeau has created a guide to actually completing those goals, now that readers have a business that allows for a bigger view of life.

Guillebeau’s new book is an look at pursuing big goals, from visiting every country ontche planet to changing the world. He lays out story after story of people who set big, hairy, audacious goals and then reached them. Guillebeau highlights what those stories have in common, offering some crucial insights into how we all can complete our own quests. “The Happiness of Pursuit” makes incredibly big goals seem accessible. After reading the book (straight through), I wanted to immediately go out and accomplish something. I have a feeling I’ll reread the book when I need motivation to get off the couch. If you’ve ever struggled with motivation, I’d definitely give this book a read.

Full disclosure: I received a free copy of “The Happiness of Pursuit” from the publisher.

Unconference Scheduling

I recently had the pleasure of attending Open Source Bridge and noticed several factors that made it an incredibly useful and enjoyable conference to attend. Open Source Bridge is an annual conference that takes place in Portland, Oregon (just like OSCON). It covers a variety of topics related to open source software, also similarly to OSCON. But while a full-access pass to OSCON runs about $2,000, a ticket to Open Source Bridge is $300. I love community-run conferences!

Full disclosure, I received a press pass for Open Source Bridge. (I’ve also received free passes in the past to other conferences I might reference in this post through volunteering, sponsorships, or client relationships.)

Community-run conferences are a much better opportunity for many people than many other types of events. Don’t get me wrong; there’s plenty of value to be had at mega-conferences and other types of events, as well. But considering the lower prices associated with community-run conferences, I always come away feeling like I’ve gotten so much for my money. Here’s why.

Community-Run Conferences Have More Room for Dissenting Opinions

The voices you hear at big conferences are often those speakers who are well-established authorities within their specialties. Obviously, big events need speakers who the widest possible audience will recognize in order to sell tickets. But when you have the ‘official’ opinion up on the stage, it’s harder for a speaker with a dissenting opinion to get on the schedule. The decision may be as simple as "We’re covering that topic already, so why should we have a second speaker discussing the same material?"

But that process does mean that different points of view are automatically excluded. The same doesn’t hold true at a community-run conference. Because a community-run conference almost always looks to the community first to choose speakers, there are more opportunities for diverse opinions:

  • Community-run conferences are generally more welcoming to newer speakers, including those with very different perspectives from the status quo.
  • Community-run conferences don’t have to toe the sort of party lines that a company-run conference must. This might explain why all the major hacker conferences are actually community-run events. Even big sponsors only have a limited impact on what can be said at a community-run conference.
  • Community-run conferences can afford to take risks on niche topics that may only appeal to ten or twenty people out of the entire set of attendees. Big conferences have to fill rooms to make economic sense.
  • Attendees at community-run conferences are more likely to pay for their own tickets out of pocket, so they don’t have to justify a particular event to a manager who controls the company budget for conferences. In turn, that means that community-run conferences can afford to offer more sessions on non-business topics.

The sort of variety that a community-run conference offers is more fun (at least for me). I’m far more likely to wind up at a session covering something I know very little about but that will dramatically change the way I see a particular issue. One of the first sessions I attended at Open Source Bridge, for instance, was on OpenMRS — an open source software project I was entirely unfamiliar with — which offers open source medical record management software. I chose the talk because I’m interested technology and health, but I learned a great deal about the problems international open source projects face, how a project can create software that’s usable in places with limited power and internet access, and even the unexpected localization issues that a hospital in Somalia might have as opposed to a hospital in Kenya. Perhaps more importantly, I got a very different perspective on open source technology as a whole that I can already tell will influence my own work.

Community-Run Conferences Have More Opportunity for New Connections

The argument that smaller conferences are easier to meet people at than their larger counterparts seems counter-intuitive. But large conferences are overwhelming even for the most outgoing people. We’re more likely to find a few people to hang out with at a time, to provide a buffer against the thousands of attendees at a conference like OSCON. It’s a paralysis caused by too many people. Personally, at particularly large conferences, I tend to find a "conference buddy" who I cling to to make sure I don’t get washed away in the sea of humanity.

At smaller conferences, however, I’m more likely to go around and introduce myself. I noticed at Open Source Bridge that I knew a large number of attendees and, as a result, I felt very comfortable and was better able to introduce myself to new people. After all, if I were to encounter a problem, I could always retreat to talk with people who I already knew.

Those connections occur outside of the actual length of the conference, as well. Conference organizers have varying levels of passion for the events they create. On the less passionate end of the spectrum, those individuals who are paid to organize particular conferences probably care about the events they manage, but not to the point where they’re talking about their next conference constantly. In contrast, someone organizing a conference out of sheer passion is going to tell everyone they know about the next event. Even the problems will be more visible, because that organizer’s friends will get to hear every last detail about the argument with the venue staff (whether anyone wants to or not).

The community is more long-lived as a result. Rather than moving on to the next conference at their employer, the organizer of a community-run conference’s next event is likely to be either next year’s conference or a closely related event. The organizers can pull the community along, maintaining excitement throughout the year between conferences.

Community-Run Conferences Have More Room to Experiment with New Improvements

A code of conduct seems like such a simple thing. And, yet, many large conferences of every type seem to struggle with implementing such codes.

Of course, there are community-run conferences without codes of conduct still. But many are more open to the idea of adding on a code of conduct — and seem more willing to adopting an existing, proven code without feeling that they need to develop a new code entirely from scratch. Those communities who aren’t willing to add such codes, well, that information can be valuable, too.

Because a community-run conference has the ability to quickly evolve from event to event, such conferences have more opportunities to experiment with better practices. As a for instance, when attendees registered for this year’s Open Source Bridge, they each had the opportunity to choose between three colors of badge lanyards: blue, yellow, and red.

  • A red lanyard indicates that the wearer does not want their photo taken at all.
  • A yellow lanyard indicates that would-be photographers need to ask before taking the wearer’s photo.
  • A blue lanyard indicates that the wearer is comfortable with having their photograph taken at the conference.

It’s a simple visual cue that can make a world of difference in making a wider variety of attendees comfortable with a particular event. There are a whole host of reasons that people may not wish to be photographed even if they’re at a public event. The default for most events is that everyone who happens to be carrying a camera (which you can read as all of us) can take photos and even recordings of anyone who happens to be at the event. I’m not entirely sure how this became the norm, but it’s not actually a reasonable approach. Event organizers may ask for a bulk permission to photograph or otherwise record attendees, but other attendees don’t usually take any steps to make sure that their photography subjects are comfortable with the situation.

This year’s lanyards aren’t Open Source Bridge’s first experiment in providing visual cues about appropriate behavior. Last year, the conference offered stickers for people to place on their name badges to express photography preferences

I can’t categorically state that lanyards are the best way to communicate these sorts of preferences; the only way to figure out such factors is to run an experiment or two. Community-run events seem more willing to do so, if only because the logistics of testing a new approach with a few hundred attendees is far easier than with a few thousand. Even better, most community-run events are put together by passionate people — and passion is rarely exclusive. If you are willing to do the hard work to bring information about your topic of choice to a wider audience, perhaps you’re also more willing to figure out the mechanics of running inclusive events.

Support Your Local Community-Run Conferences

I’ve always been lucky to be parts of communities where community-run conferences happen regularly. I grew up going to conventions for various bits of science fiction and fantasy fandoms. I used my student status in college to get cheap passes to all sorts of conferences (including a ton of writing events). When I started learning more about technology (especially programming), I went to BarCamps and other unconferences, as well as other small community-run conferences of a more traditional nature.

I’m happy to pay money for these sorts of conferences, but it’s also important to support them in other ways. Even small conferences take a ton of work, especially when they’re first starting up. Helping on even basic tasks like setting up chairs in a conference space is good. Open Source Bridge ran smoothly because around 70 volunteers put in their time. Some of those volunteers worked for months to handle every detail of the conference; some put in a few hours of work in exchange for a free ticket. Either way, they made the conference possible.

Especially if you come from a community that doesn’t have a strong tradition of organizing its own conferences, consider what you can do to volunteer. You never know — you might wind up organizing one of those community-run conferences yourself.

Image by Flickr user Reid Beels

One of my current projects is to more effectively track my time. While I keep decent track of the time I spend on clients’ projects, I’m not so good about watching my own time. After all, there’s less of a financial incentive at play.

The question of that financial incentive is part of the problem, though: since I’m building more projects without a client paying directly for more time, I need to know if I’m making a good investment of my minutes and hours. Tracking this time requires a mental shift. But I’m already seeing the value of even the small amount of data I’ve already collected.

Beyond the matter of mindset, the biggest difficulty is actually remembering to switch on a timer or another tracking device. I’ve had to resort to sticky notes and other visual reminders that ask if I’m tracking my time. It’s like developing a little bit of OCD on purpose. Once the habit is in place, time-tracking does get easier.

In fact, I expect that part of my work to get dramatically easier over the next few years. I can already track the websites I spend my time on with RescueTime; if I could see the particular page (like what email folder I’m spending the most time in) I might be able to translate that data into effective time-tracking pretty easily.

I would pay big bucks if I got an extra day a week to work. I always have more to do than I can actually squeeze in and I’m sure I’m not the only one. But while I can’t actually add more hours into my day, I have found that automating my schedule both saves me some time and makes my life easier to manage.

While there’s no way to set up a perfect schedule that you can always stick to — life likes throwing curve balls — having a general routine that you follow is useful. Meetings are the biggest curve balls in my day. I try to limit them, in general, but I’ve also taken some steps so that meetings won’t have such an impact.

I try to focus on writing work in the mornings and limit meetings to the afternoons. Since I’m on Pacific time and I work with plenty of people on the East Coast and in other time zones, I also set aside all day Wednesday for meetings, so that I can make sure there are some morning hours available for people in different places. With that sort of routine, I can narrow down a workable time with a contact without a bunch of back and forth emails. I can also say ‘no’ to meetings that don’t fit in my calendar. If my time is already committed to writing or other work, I can’t meet with people.

Further automation is possible: I’ve used appointment-setting apps in the past to coordinate meeting times without so much human interaction. I’m in the process of testing out a couple of new options, but I still haven’t found something that replaces Tungle to the full extent I’m hoping for.

Cubicle farm

When talking to entrepreneurs, it seems like everyone has a ‘crap job’ story: the tale of the a job so bad that it forced the person telling it to decide how to get out of a situation she absolutely hated.

I have held a few crap jobs over the years. They all had their own part in driving me away from situations in which I would have to work to someone else’s expectations. I’m not the only one, either: I’ve talked to plenty of entrepreneurs who reached their breaking point in some awful job before they struck out on their own; for some of us, an awful job is bit like a mother bird pushing us out of the nest. We can see the ground coming and we know we have to figure out how to fly before we crash into the ground.

And we do. When I worked a summer wearing a tomato suit, I figured out pretty quickly that not only was a walking tomato a less-than-perfect marketing tool, but also that I needed to develop some serious skills so that my time was too valuable to force me to dress up and walk around a neighborhood.

A Case in Point: Ramon de la Fuente’s Incredibly Bad Boss

Ramon de la Fuente, of Future500.nl had one of those ‘crap’ jobs that did lead him directly to his own endeavors. He notes, “I started a web development company — and in my old job I was a PHP developer.”

But to get to the point where de la Fuente was ready to launch a new business, he had to go through an incredibly painful process first. “I got asked by a friend, to join him in a new job he landed. He knew the owner from a previous business arrangement and he felt it was a good opportunity. I think we both had no idea what we were getting into.”

The new company processed internet payments, primarily for the adult industry — an incredibly lucrative opportunity if handled correctly. That’s why de la Fuente joined the company, along with another tempting opportunity: “…the owner was planning to retire so we would have the opportunity to take over the company within ‘a few years of hard work.’ I’m not sure if the intention was ever there, but needless to say that didn’t happen.”

The job turned out to be problem after problem:

  • The employer was both paranoid and a workaholic. When de la Fuente and the rest of the team were working twelve hours a day, the employer felt comfortable calling them at midnight because “he felt something was off.”
  • The employees working for the company didn’t consider themselves members of a team, because they were constantly in defense-mode to avoid being blamed for any problem.
  • When the company hired an outside consultant to address the morale issues and set up team-building sessions, one of the employees was secretly ordered to record the sessions for the boss.

Talk about a poisonous culture! Luckily, de la Fuente didn’t take the brunt of the pain, because the company’s developers were somewhat insulated from the rest of the team. But the situation couldn’t last: “In the end, the company went down a dead-end path. They chose immediate cash instead of future stability, against our advice at every turn. The owner’s son was put on a fast track to ownership. My friend and I refused to work with him for various reasons, and that was the end of that. I did get the opportunity to fire the people I had worked with (the company was in financial trouble by then) — also not a very happy moment. Quitting was such a freedom… that last month was the longest one ever.”

But it wasn’t the horrible environment that causes de la Fuente the most regret today. It was one particular result of that ‘pass the blame’ culture: “There was no innovation. Anything new was suspect, and for any change there was the possibility that you’d have to go back to some version 3 weeks ago when ‘the numbers started getting weird.’ The less you changed the better.”

As he explains, “What pains me, more than anything, is that I have nothing to show for three years of super hard work besides a little cash. I literally learned nothing new (technically), I wasn’t stimulated to seek out community or better myself in any way. Just production-production-production.

That was the real cost, I think.”

But de la Fuente did learn something important (beyond how not to manage a team): “If you watch something going wrong for long enough, you inevitably start to think ‘I can do better.'” He’s never going to work for a boss again and that decision is going to benefit him and his career in the long run.

Working In the Moment

When you’re in the middle of a crap job, seeing past the awful environment can seem impossible. But if you can’t rise above the situation, at least a little bit, you can wind up stuck for what will feel like eternity.

Part of the problem is that most of us don’t have the option to just walk away from a pay check. Even if there’s a little suffering attached to the money, we all have bills to pay. If you have the luxury of leaving an awful job without having to worry about money, you should do so. For the rest of the world, it’s more practical to think about the options.

First, you need to understand the value of your current situation. Even if it’s highly stressful, there are benefits to pull out of any situation. Start with the easy stuff — the financials. Keep going deeper after that, though. Sit down and list out everything you’re getting out of the work you’re doing that you may be able to leverage later on.

  • Income and benefits: If you’re sticking with a stressful situation, you better be benefitting financially. If you haven’t already, go through the entire list of benefits you get from your employer and make sure you’re taking full advantage of them — if you’re eligible for tuition reimbursement, for instance, make sure you’re taking those classes.
  • New abilities and responsibilities: Whether you have a newly honed ability to keep calm in a crisis or you’re doing the work of two employees, a crap job can turn into some serious resume candy.
  • Opportunities for autonomy: In my experience, crap jobs tend to involve either obsessively controlling managers or managers who give you absolutely no guidance at all. If you’re in the second situation, grab that autonomy with both hands — you can take advantage of that lack of guidance to experiment with your own work and learn more on your employer’s time. And while I would never recommend you do something unethical, you might also be able to come with some other ideas to fill your unobserved time.
  • A clear picture of where you don’t want to work again: Not only are you gaining experience to help you narrow down the employers or customers you’re willing to work with in the future, you’re getting some clear motivation to improve your overall situation so you won’t find yourself back here again.

Even now, when I’m working with a difficult client, I’m a fan of counting my blessings. Running through that sort of information reminds me of why I need to bother sticking with a tough project — and it helped with the crap jobs I’ve had in the past. If the list is short, that’s motivation in and of itself: a short list is a reminder that you need to be spending all the time you can towards improving your current situation.

Next, you need to consider what resources you have to make those improvements. Going home and doing anything else you can think of besides work may be what’s currently keeping you sane, but it’s probably not moving you towards an exit strategy. You’ve got to decide where you want to head and then take action to get there. You may be considering a path that leads away from ever working for someone else again (including spectacularly bad managers) or you maybe more interested in any other job you can get right way. Either way, set aside time to actually take action.

If your crap job includes the problem of an employer who doesn’t respect your time outside of work, that process is a lot harder. Attempting to set new boundaries with an employer can be a way to find yourself without that crap job faster than you were intending to quit. In most states, you can’t collect unemployment insurance if you’re fired for calling in sick too often or for refusing to work overtime. The best advice I can offer is to take advantage of every minute away from work you can; even if you go a little crazy with both work and the effort you’re putting into reaching a point where you can leave your current job, getting out probably needs to be a priority.

Photo Credit: mikecogh

From a business perspective (along with a whole bunch of other points of view), Apple has won. One piece of proof in particular has me convinced, though: consumers have opened nearly 800 million accounts on iTunes, most of which have credit cards attached.

Since most people don’t bother adding a credit card to an online account until they actually have to (i.e. to complete a purchase), it’s safe to assume that nearly 800 million people have bought something from Apple. Furthermore, that number means that nearly 800 million people can make additional purchases from Apple with almost no friction — they can buy from Apple with minimal effort or opportunity to change their minds.

To make matters more interesting, Apple has managed to create an ecosystem where buyers are more willing to spend money than their counterparts using Android and other alternatives. Technomadia just published a particularly interesting breakdown of how their recent app launch did in the iOS and Android marketplaces, if you want a closer look at how buyers really make their app purchasing decisions. The TL;DR? The sales numbers worked to about 3 iOS sales for every 1 Android sale.

Heartbleed

We all know that we need to take our online security seriously, but we rarely do anything to improve our own situations. Even when we hear about data breaches, the odds that we’ll go and change passwords are relatively slim. We might get occasional emails and updates from the sites we log into about our security, but we tend not to get worked up for anything less than proof someone has been messing around with our personal bank accounts.

But Heartbleed has been different.

From the first moment I heard about Heartbleed, everyone I know has been taking it fairly seriously. Part of that is due to the nature of this particular security breach: the amount of data that was made accessible by a vulnerability in OpenSSL is enormous. It would be easier to list which major websites weren’t affected than which were. But while the details of the Heartbleed breach are enough to get programmers and website publishers worked up, they’re probably too technical to really intrigue the average person browsing the web. So why do so many people seem to know about Heartbleed?

A Well-Branded Security Breach

Fundamentally, Heartbleed is different from security breaches that have come before. It’s been branded and marketed, something that no one has really tried to do historically. The traditional approach to announcing you’ve found a security exploit was to write out a brief description of the problem and send it around to everyone you expect the problem affected. There wasn’t exactly an incentive to take action.

For the researchers who uncover security breaches, there isn’t necessarily a clear benefit to promote their work in other ways, however: the status quo was enough to get them credit for their work and collect any financial rewards (like rewards offered by companies to researchers who found security breaches in their systems before those problems could be exploited).

Heartbleed’s branding may prove to be a turning point in what we expect from a security breach announcement.

That branding wasn’t a particularly major effort from the organization that launched Heartbleed.com. That company, Codenomicon, didn’t discover the vulnerability, but does help other organizations secure their systems against malicious attacks.

Miia Vuontisjärvi, a security analyst at Codenomicon, told TechCrunch that the site started as an internal Q&A that Codenomicon’s experts wrote in an effort to get a handle on Heartbleed’s potential impact.

“Experiencing the pain of the bug first hand we got a nagging feeling that this calls for a ‘Bugs 2.0′ approach in getting the message out in an emergency. Ossi, one of our experts came up with Heartbleed as an internal codeame and from there on thing lead to the other. The domain was available and our artist Leena Snidate did a an excellent job in putting our pain into the logo. It all went much faster than expected.

“When the vulnerability became public we realized that this is going to be a crisis communication. We said what we had to say in the Q&A with as little litter as possible. We put it available on a low latency and high bandwidth content delivery network so that it is very accessible for anyone in the need. Based on initial reactions we did some minor edits but we quickly saw the Internet community picked the issue up in an astonishing way.”

Crisis Management in Open Source

One of the most noteworthy points about Codenomicon’s efforts is that OpenSSL is an open source project; Codenomicon had the opportunity to step in because the developers behind OpenSSL are all volunteers. When software is developed by a single company as a proprietary product, there are typically more concrete procedures to handle bugs and security breaches — usually developed in order to minimize liability for the company in question. I can’t imagine an established company being able to vet and publish information about a security breach in this fashion.

But while Codenomicon stepped up and helped make information about a particular security exploit easier to understand and share, there have been plenty of problems with open source code in the past where no one took on that sort of leadership role. That’s partly because taking a leadership role in the middle of a crisis is tough; contributing to open source code bases doesn’t automatically enable you to field questions from the press, manage a user notification process, or brand an exploit so that users will upgrade their systems.

The open source community, as a whole, could benefit from establishing some best practices on how to handle this sort of flaw. At a minimum, just creating a check list that researchers can follow to make announcements more useful to the average internet user could be beneficial. While that’s not my area of expertise, there were both good and bad factors in the announcement of Heartbleed that could be used as a starting point for such a response framework:

  • Advance warning: Some large companies got advance warning of Heartbleed, which allowed them to patch their system before the exploit was announced more widely. While I have no problem with offering advance warning to companies likely to be hit hard by these sorts of breaches, there’s definitely room for a more systematic approach to deciding who to contact and how to handle the question of advance warning after the fact (if only so that complaining about not getting advance warning doesn’t become more of a story than the original exploit).
  • Embedded devices: As more devices are are plugged into the internet, security announcements need to at least mention what sort of systems will be affected by a given breach. It isn’t always possible to guess how a given piece of open source software may be used, but such warnings need to be offered to the greatest extent possible.
  • Points of contact: When we’re dealing with a breach in open source, where everyone involved is a volunteer, choosing who will serve as a point of contact is tough. These sorts of situations can require numerous hours to resolve, let alone to handle email. But someone has to do it, even if it’s someone outside the core development team.

Some of these points could be made easier with the application of a little money. With Heartbleed as motivation, several companies are looking at the value of investing some money into the open source infrastructure that drives their business ventures. Google, Facebook, Microsoft, and many other companies are on board to support a new group called The Core Infrastructure Initiative. Hopefully, this initiative will be enough to help major open source projects handle both security and breaches more effectively in the future.

Crying ‘Security Breach’ Too Often?

Heartbleed’s branding may be new, but researchers are starting to embrace the idea. In a post on a new vulnerability, researcher Matthew Green noted:

“First, if Heartbleed taught us one thing, it’s that when it comes to TLS vulnerabilities, branding is key. Henceforth, and with apologies to Bhargavan, Delignat-Lavaud, Pironti, Langley and Ray (who actually discovered the attack), for the rest of this post I will be referring to the vulnerability simply as “3Shake”. I’ve also taken the liberty of commissioning a logo. I hope you like it.”

But we need to consider if embracing this level of branding is a good idea for all security breaches. Embracing this sort of promotion can make it harder to get people to take action in the future: just like a child crying ‘wolf’ may not get attention when it matters, an important security breach can be lost in the mix. Reserving this level of branding for the truly crucial lapses in security is necessary to ensure it still works.

Security expert Bruce Schneier put it bluntly in an interview with the Harvard Business Review: “There’s a risk that we’re going to be accused of “crying wolf.” If there isn’t blood on the streets or planes colliding in midair, people are going to wonder what all the fuss was about — like Y2K. If you slap logos on every vulnerability, people will ignore them and distrust your motives. But it’s like storms. The bad ones get names for a reason.”

It’s also worth noting that Codenomicon helps its clients handle security issues. Making those security issues easier to understand and respond to is a brilliant piece of marketing work (along with a good deed that benefits internet users as a whole). But this sort of marketing effort is easy to exploit by companies that choose to do so. Whipping up a frenzy over relatively minor security breaches might make sense for some companies’ bottom lines. That’s absolutely not the case with Heartbleed and I’m not trying to make Codenomicon’s motives sound suspect, but it is a factor to consider as we see more security vulnerabilities branded for easy consumption.

Photo Credit: Leena Snidate

Economic bubbles are fascinating, provided you don’t have your own money tied up in a given market. There tends to be an element of true ridiculousness about most of these bubbles: during the first ‘official’ economic bubble, people were willing to pay up to ten times as much as they made in a year for a single tulip bulb.

Right now, there’s a lot of debate on whether we’re facing a new startup bubble. David Einhorn made a good argument in favor of treating the current investment situation as a “second tech bubble.” The argument he makes, including how easy it is for companies with minimal income potential to get investment right now, sounds solid to me. The general sense of ridiculousness in startup culture right now just serves to reinforce the sense that the culture around tech isn’t sustainable.

So what, though?

A burst bubble means a lot less investment money to go around. However, many of the companies that already have cash in hand will be able to reduce their costs and stay afloat until they hit profitability. The cost of starting a new company has also dropped dramatically, so a lack of investment capital won’t keep people from launching new startups, either. Some companies — the ones without even a hint of how they can make money in the long-term — will die, but perhaps not as many as investors are suggesting. The bubble will burst, but it may not be enough to purge that many startups out of the herd. Rather, something more drastic than a lack of capital will be necessary to make many of these companies truly sustainable.