Why Freelancers Should Embrace Dwolla

Payment processing is something of a pet peeve for me. Getting paid through a site like PayPal is very convenient, but I have to give up 2.9 percent of my income (plus an added 30 cent fee) on every transaction. Consider what that means I’m paying:

Income Payment to PayPal
$100 $3.12
$1,000 $29.30
$10,000 $290.30

That amount doesn’t seem like all that much, but it only ever goes up even as the expense of having a bank account remains the same. I don’t feel like I get all that much for my money, especially since PayPal doesn’t always protect service providers from scams.

The real reason I still use PayPal at all is because all of my clients are familiar with the company. They mostly have accounts already and don’t have to think about the process of making a payment. I generally ask clients to pay with a check over sending a PayPal payment, though, or use Stripe’s integrations with invoicing tools to pay with a credit card.

In an ideal world where clients are willing to try new things, though, I would ask everyone to use Dwolla. Dwolla costs 25 cents per transaction (look at that adorable flat rate!) and has real humans in charge of customer service. Unlike both PayPal and banks (including my nice, local credit union), I’ve heard almost no stories of problems and even those seem to be either resolved to the customer’s satisfaction or be the results of misunderstandings. The main exception seems to involve using Dwolla to purchase Bitcoin, so I’m not too worried. About 35,000 businesses were using Dwolla as of June, along with several state governmental agencies.

Now I just need to convince some clients…

HTML is the New Latin

html

Latin is a strange language. No one speaks it as their first language and few people speak it regularly outside of Vatican City. Yet many schools still offer Latin classes and most of us know a few words (even if we aren’t always aware that we do). We still use Latin roots for forming new words, even in English with its Germanic heritage. Kids studying for the SAT or GRE learn Latin roots to score well on what may be the most important tests of their lives.

We have a certain respect for the language that united scholars and politicians across Europe hundreds of years ago. Latin provided an underlying structure that allowed key ideas to pass communication barriers. Whether or not Latin is regularly spoken in the future, it will still have a lasting impact on the words we use for centuries to come.

The digital age requires a new connective infrastructure. Markup languages, including HTML, are that communication tool. Markup languages are systems of annotating documents in a way that’s both visually different from the text itself and recognizable by computer programs. Learning at least a few HTML tags is rapidly becoming a necessary step to sharing information across borders. HTML, by the way, stands for “HyperText Markup Language.”

The Words Themselves Aren’t So Important Today

As a writer, I hate myself for even suggesting that words themselves aren’t so important. But with translation tools constantly improving, my choice to use English words is far less important than it was even a few years ago. Even the specific words I use are exchangeable for something simpler: I can drop a blog post like this into Hemingway and see where I can change my diction.

I read web pages written in foreign languages every day. Google translates those pages for me automatically. I don’t need a human to translate their work into Latin or another shared language for me to get the gist of it.

But I do need those foreign texts in a format that Google can access. They need to be web pages, written in HTML, so that a machine can access and process the information they contain. Markup languages make our work accessible to the world — the same purpose Latin served centuries ago.

Of course, machine-based translation isn’t perfect. It’s improving, however, especially as the systems handling such translation get access to more text and can learn from experience. The algorithms used to process language are improving every day. In the long-term, it’s possible that we really could have real-time translations whispered into our ears as we talk. In the meanwhile, we can make our work easier to access, both by machines and by humans.

A Little Formatting Makes a World of Difference

Formatting is crucial. When we speak, we can convey our emotions through eye rolls, upbeat tones of voice, and other non-verbal communication. But with the written word, we’re limited to sharing information through words and formatting. Boldness, bullet points, and other visual cues have to do the heavy lifting.

This sort of formatting also conveys information to non-human readers. When a machine processes a document without any formatting, it can guess what the title and topic of the piece are based on comparison to other documents. But if the writer of a document puts a couple of H1 tags around that document’s title, a computer can tell the title of the piece immediately. Doing so also helps human readers focus on the title quickly, as an added benefit.

Unfortunately, formatting isn’t always a simple matter. There are many ways we can share text with the world — a shared Word doc, a WordPress blog post, a plain text comment, and many more. But each of these methods brings its own formatting woes. Our reliance on rich text is to blame. Different tools implement formatting in different ways, making it difficult to copy and paste between systems. These proprietary systems don’t talk to each other as well as they could. Don’t get me wrong. The situation has improved over the past few years: You can copy text from a Microsoft Word document into a WordPress blog post without your formatting going all wonky now (provided you’re using a recent version of WordPress). But there’s still plenty of room for improvement.

Writers Need to Learn Markup Languages

The need to make our work more accessible for both human and machine readers seems like a question of improving technology. Our tools are continuing to evolve. But, as a writer, choosing to learn HTML or another markup language can push your own work much further.

On the most basic level, offering an editor or a publisher a plain text file formatted with HTML can help your career. An editor can get your work published online far faster if you hand them a prepared file. You have a far better shot at being the editor’s favorite writer when you know HTML.

On a deeper level, however, the ability to correctly format your writing in HTML can increase its reach. Search engines have a harder time ranking an incorrectly formatted blog post or web page than one with correctly written HTML. You don’t have to dive too far down the rabbit hole: just being able to format your writing and add a little meta data is enough to make your work much more accessible. Adding in the right HTML is the modern day version of translating your work into Latin so that the folks in the next country over can actually find and understand your work in their library.

I’m not suggesting that you learn how to program. I may personally think that’s a good idea, but I’ve seen other writers get anxious at that sort of suggestion. Rather, writers need to be able to annotate our work to ensure our meanings are clear — we need to add formatting tags and a few other details. It’s possible to get by with using a tool that generates your HTML for you. I actually write in Markdown using a cloud-based word processor that can transform Markdown files into all sorts of other formats. But it’s worth your while to learn some HTML first, if only so you’ll notice if an automated system gets something wrong.

HTML is a Tool of the Cultural Elite

Through the seventeenth century, getting any attention at all required translating your work into Latin. It didn’t matter if you were a member of the Catholic Church or not. Latin was your only choice of languages for communicating with the cultural elite. Even Isaac Newton, who lived in the Protestant country of England, wrote his mathematical treatises in Latin.

Today, reaching the cultural elite means publishing your work online. Online doesn’t mean just tossing up an essay or an article on your blog, by the way. If you want to have any sort of reach, you need to be able to push your work on to a variety of platforms, like the Kindle. Just as writing in Latin meant that any European with a good education could read Newton’s work, marking up your own work with HTML makes spreading it easier. You can immediately push your work out to all the different platforms your readers might use. (The only way to use what Amazon refers to as ‘advanced formatting’ in a Kindle ebook, as it happens, is to format your book using HTML.)

There may always be print versions of particular work, but we’re fast reaching a point where publishers of all stripes push work online first and create a physical copy second. And since HTML, with a little help from CSS, can format text for printing, we should expect the online-first mindset to become even more common.

So Where Should Writers Start?

It’s not uncommon to meet writers who are only interested in perfecting their craft. Personally, I find that mindset to be problematic: If you want to lock yourself in a room all day to write, how can you guarantee that anyone will ever read what you’ve created? If you want to opt out of the world and focus on writing to the exclusion of all other things, though, you do have the option.

But if you’d rather ensure your work reaches an audience, there are a few easy starting points to help you learn a markup language.

  • Start by writing in a rich text editor, such as the one built into WordPress. Write as you would normally, but make a point of switching from rich text to HTML. In WordPress, you just need to click between tabs at the top of the text box where you’re composing your latest magnum opus. Once you see your HTML, you can make a point of checking your formatting against the HTML your editor generates. You’ll pick up simpler formatting, like bold or italic quickly.
  • Consider going through a tutorial or a class. There are hundreds of free tutorials online for HTML and related topics. I’d suggest searching for how to handle specific questions, like ‘how to format a block quote in HTML‘. You can also take more in-depth classes, like those offered by Codecademy.
  • Learn more about markup languages — but only if you really want to. I realize that I’m already bumping up against the limits of what the average writer cares about by writing 2,000 words about why you should care about HTML. If I went down the rabbit hole into topics like metadata, Markdown, and the wide variety of markup languages out in the world, I’d probably lose most of you who have read this far. But for the one or two of you who have an interest, there are all sorts of opportunities out there for writers who really understand markup languages.

You can also consider your tools. We don’t always get the option of choosing how we write. The muse may only strike when you’re looking at an entirely blank screen or even if you’ve just got a pad of paper and a pen. But if you understand your own workflow, you may be able to upgrade your tools so that you’re able to deal with HTML questions and the like with only minimal effort.

At the bare minimum, choose word processing programs capable of exporting HTML without screwing up your carefully planned formatting. Scrivener, for instance, has a much better export track record than Microsoft Word. There are any number of word processors and other tools that will help you write, as well as add HTML to your work in an efficient manner.

Right now, I’m using a tool called Beegit. It gives me a way to share projects with a team, as well as the ability to write with visible markup in my documents. However, Beegit is based on Markdown, rather than HTML, so it’s not necessarily a good switch if you’re still learning about markup languages.

Your Obligation to Experiment

The written word is becoming ever more important: We spend more time with text today than any of our ancestors ever did. But we still haven’t perfected a way of ensuring that a given document is accessible to every single person who wants to read it. Language and cultural barriers still slow down how quickly we can share new ideas, as does issues as simple as file formats.

But the more that we writers can tackle the question of accessibility on our own, the wider our own work will spread. If reaching readers is one of the reasons you bother to put words into a row, take the time to experiment with markup languages, just scholars in centuries past invested the time necessary to learn Latin.

Photo credit: iStylr

Review: Happiness of Pursuit

Chris Guillebeau’s third book, “The Happiness of Pursuit” is a perfect fit with the themes of his previous books. The logical progression of Guillebeau’s books makes perfect sense:

  • In “The Art of Non-Conformity“, Guillebeau laid out a vision of how readers can choose a more personal path. The book offers insights for deciding what your goals might be and how you might live your life differently.
  • In “The $100 Startup“, Guillebeau offered strategies for funding those different approaches to life. It’s effectively the guide for for how to afford the goals readers set in response to “The Art of Non-Conformity.”
  • In “The Happiness of Pursuit“, Guillebeau has created a guide to actually completing those goals, now that readers have a business that allows for a bigger view of life.

Guillebeau’s new book is an look at pursuing big goals, from visiting every country ontche planet to changing the world. He lays out story after story of people who set big, hairy, audacious goals and then reached them. Guillebeau highlights what those stories have in common, offering some crucial insights into how we all can complete our own quests. “The Happiness of Pursuit” makes incredibly big goals seem accessible. After reading the book (straight through), I wanted to immediately go out and accomplish something. I have a feeling I’ll reread the book when I need motivation to get off the couch. If you’ve ever struggled with motivation, I’d definitely give this book a read.

Full disclosure: I received a free copy of “The Happiness of Pursuit” from the publisher.

Community-Run Conferences: The Most Bang for Your Conference Buck

Unconference Scheduling

I recently had the pleasure of attending Open Source Bridge and noticed several factors that made it an incredibly useful and enjoyable conference to attend. Open Source Bridge is an annual conference that takes place in Portland, Oregon (just like OSCON). It covers a variety of topics related to open source software, also similarly to OSCON. But while a full-access pass to OSCON runs about $2,000, a ticket to Open Source Bridge is $300. I love community-run conferences!

Full disclosure, I received a press pass for Open Source Bridge. (I’ve also received free passes in the past to other conferences I might reference in this post through volunteering, sponsorships, or client relationships.)

Community-run conferences are a much better opportunity for many people than many other types of events. Don’t get me wrong; there’s plenty of value to be had at mega-conferences and other types of events, as well. But considering the lower prices associated with community-run conferences, I always come away feeling like I’ve gotten so much for my money. Here’s why.

Community-Run Conferences Have More Room for Dissenting Opinions

The voices you hear at big conferences are often those speakers who are well-established authorities within their specialties. Obviously, big events need speakers who the widest possible audience will recognize in order to sell tickets. But when you have the ‘official’ opinion up on the stage, it’s harder for a speaker with a dissenting opinion to get on the schedule. The decision may be as simple as "We’re covering that topic already, so why should we have a second speaker discussing the same material?"

But that process does mean that different points of view are automatically excluded. The same doesn’t hold true at a community-run conference. Because a community-run conference almost always looks to the community first to choose speakers, there are more opportunities for diverse opinions:

  • Community-run conferences are generally more welcoming to newer speakers, including those with very different perspectives from the status quo.
  • Community-run conferences don’t have to toe the sort of party lines that a company-run conference must. This might explain why all the major hacker conferences are actually community-run events. Even big sponsors only have a limited impact on what can be said at a community-run conference.
  • Community-run conferences can afford to take risks on niche topics that may only appeal to ten or twenty people out of the entire set of attendees. Big conferences have to fill rooms to make economic sense.
  • Attendees at community-run conferences are more likely to pay for their own tickets out of pocket, so they don’t have to justify a particular event to a manager who controls the company budget for conferences. In turn, that means that community-run conferences can afford to offer more sessions on non-business topics.

The sort of variety that a community-run conference offers is more fun (at least for me). I’m far more likely to wind up at a session covering something I know very little about but that will dramatically change the way I see a particular issue. One of the first sessions I attended at Open Source Bridge, for instance, was on OpenMRS — an open source software project I was entirely unfamiliar with — which offers open source medical record management software. I chose the talk because I’m interested technology and health, but I learned a great deal about the problems international open source projects face, how a project can create software that’s usable in places with limited power and internet access, and even the unexpected localization issues that a hospital in Somalia might have as opposed to a hospital in Kenya. Perhaps more importantly, I got a very different perspective on open source technology as a whole that I can already tell will influence my own work.

Community-Run Conferences Have More Opportunity for New Connections

The argument that smaller conferences are easier to meet people at than their larger counterparts seems counter-intuitive. But large conferences are overwhelming even for the most outgoing people. We’re more likely to find a few people to hang out with at a time, to provide a buffer against the thousands of attendees at a conference like OSCON. It’s a paralysis caused by too many people. Personally, at particularly large conferences, I tend to find a "conference buddy" who I cling to to make sure I don’t get washed away in the sea of humanity.

At smaller conferences, however, I’m more likely to go around and introduce myself. I noticed at Open Source Bridge that I knew a large number of attendees and, as a result, I felt very comfortable and was better able to introduce myself to new people. After all, if I were to encounter a problem, I could always retreat to talk with people who I already knew.

Those connections occur outside of the actual length of the conference, as well. Conference organizers have varying levels of passion for the events they create. On the less passionate end of the spectrum, those individuals who are paid to organize particular conferences probably care about the events they manage, but not to the point where they’re talking about their next conference constantly. In contrast, someone organizing a conference out of sheer passion is going to tell everyone they know about the next event. Even the problems will be more visible, because that organizer’s friends will get to hear every last detail about the argument with the venue staff (whether anyone wants to or not).

The community is more long-lived as a result. Rather than moving on to the next conference at their employer, the organizer of a community-run conference’s next event is likely to be either next year’s conference or a closely related event. The organizers can pull the community along, maintaining excitement throughout the year between conferences.

Community-Run Conferences Have More Room to Experiment with New Improvements

A code of conduct seems like such a simple thing. And, yet, many large conferences of every type seem to struggle with implementing such codes.

Of course, there are community-run conferences without codes of conduct still. But many are more open to the idea of adding on a code of conduct — and seem more willing to adopting an existing, proven code without feeling that they need to develop a new code entirely from scratch. Those communities who aren’t willing to add such codes, well, that information can be valuable, too.

Because a community-run conference has the ability to quickly evolve from event to event, such conferences have more opportunities to experiment with better practices. As a for instance, when attendees registered for this year’s Open Source Bridge, they each had the opportunity to choose between three colors of badge lanyards: blue, yellow, and red.

  • A red lanyard indicates that the wearer does not want their photo taken at all.
  • A yellow lanyard indicates that would-be photographers need to ask before taking the wearer’s photo.
  • A blue lanyard indicates that the wearer is comfortable with having their photograph taken at the conference.

It’s a simple visual cue that can make a world of difference in making a wider variety of attendees comfortable with a particular event. There are a whole host of reasons that people may not wish to be photographed even if they’re at a public event. The default for most events is that everyone who happens to be carrying a camera (which you can read as all of us) can take photos and even recordings of anyone who happens to be at the event. I’m not entirely sure how this became the norm, but it’s not actually a reasonable approach. Event organizers may ask for a bulk permission to photograph or otherwise record attendees, but other attendees don’t usually take any steps to make sure that their photography subjects are comfortable with the situation.

This year’s lanyards aren’t Open Source Bridge’s first experiment in providing visual cues about appropriate behavior. Last year, the conference offered stickers for people to place on their name badges to express photography preferences

I can’t categorically state that lanyards are the best way to communicate these sorts of preferences; the only way to figure out such factors is to run an experiment or two. Community-run events seem more willing to do so, if only because the logistics of testing a new approach with a few hundred attendees is far easier than with a few thousand. Even better, most community-run events are put together by passionate people — and passion is rarely exclusive. If you are willing to do the hard work to bring information about your topic of choice to a wider audience, perhaps you’re also more willing to figure out the mechanics of running inclusive events.

Support Your Local Community-Run Conferences

I’ve always been lucky to be parts of communities where community-run conferences happen regularly. I grew up going to conventions for various bits of science fiction and fantasy fandoms. I used my student status in college to get cheap passes to all sorts of conferences (including a ton of writing events). When I started learning more about technology (especially programming), I went to BarCamps and other unconferences, as well as other small community-run conferences of a more traditional nature.

I’m happy to pay money for these sorts of conferences, but it’s also important to support them in other ways. Even small conferences take a ton of work, especially when they’re first starting up. Helping on even basic tasks like setting up chairs in a conference space is good. Open Source Bridge ran smoothly because around 70 volunteers put in their time. Some of those volunteers worked for months to handle every detail of the conference; some put in a few hours of work in exchange for a free ticket. Either way, they made the conference possible.

Especially if you come from a community that doesn’t have a strong tradition of organizing its own conferences, consider what you can do to volunteer. You never know — you might wind up organizing one of those community-run conferences yourself.

Image by Flickr user Reid Beels

The Value Of A Crap Job

Cubicle farm

When talking to entrepreneurs, it seems like everyone has a ‘crap job’ story: the tale of the a job so bad that it forced the person telling it to decide how to get out of a situation she absolutely hated.

I have held a few crap jobs over the years. They all had their own part in driving me away from situations in which I would have to work to someone else’s expectations. I’m not the only one, either: I’ve talked to plenty of entrepreneurs who reached their breaking point in some awful job before they struck out on their own; for some of us, an awful job is bit like a mother bird pushing us out of the nest. We can see the ground coming and we know we have to figure out how to fly before we crash into the ground.

And we do. When I worked a summer wearing a tomato suit, I figured out pretty quickly that not only was a walking tomato a less-than-perfect marketing tool, but also that I needed to develop some serious skills so that my time was too valuable to force me to dress up and walk around a neighborhood.

A Case in Point: Ramon de la Fuente’s Incredibly Bad Boss

Ramon de la Fuente, of Future500.nl had one of those ‘crap’ jobs that did lead him directly to his own endeavors. He notes, “I started a web development company — and in my old job I was a PHP developer.”

But to get to the point where de la Fuente was ready to launch a new business, he had to go through an incredibly painful process first. “I got asked by a friend, to join him in a new job he landed. He knew the owner from a previous business arrangement and he felt it was a good opportunity. I think we both had no idea what we were getting into.”

The new company processed internet payments, primarily for the adult industry — an incredibly lucrative opportunity if handled correctly. That’s why de la Fuente joined the company, along with another tempting opportunity: “…the owner was planning to retire so we would have the opportunity to take over the company within ‘a few years of hard work.’ I’m not sure if the intention was ever there, but needless to say that didn’t happen.”

The job turned out to be problem after problem:

  • The employer was both paranoid and a workaholic. When de la Fuente and the rest of the team were working twelve hours a day, the employer felt comfortable calling them at midnight because “he felt something was off.”
  • The employees working for the company didn’t consider themselves members of a team, because they were constantly in defense-mode to avoid being blamed for any problem.
  • When the company hired an outside consultant to address the morale issues and set up team-building sessions, one of the employees was secretly ordered to record the sessions for the boss.

Talk about a poisonous culture! Luckily, de la Fuente didn’t take the brunt of the pain, because the company’s developers were somewhat insulated from the rest of the team. But the situation couldn’t last: “In the end, the company went down a dead-end path. They chose immediate cash instead of future stability, against our advice at every turn. The owner’s son was put on a fast track to ownership. My friend and I refused to work with him for various reasons, and that was the end of that. I did get the opportunity to fire the people I had worked with (the company was in financial trouble by then) — also not a very happy moment. Quitting was such a freedom… that last month was the longest one ever.”

But it wasn’t the horrible environment that causes de la Fuente the most regret today. It was one particular result of that ‘pass the blame’ culture: “There was no innovation. Anything new was suspect, and for any change there was the possibility that you’d have to go back to some version 3 weeks ago when ‘the numbers started getting weird.’ The less you changed the better.”

As he explains, “What pains me, more than anything, is that I have nothing to show for three years of super hard work besides a little cash. I literally learned nothing new (technically), I wasn’t stimulated to seek out community or better myself in any way. Just production-production-production.

That was the real cost, I think.”

But de la Fuente did learn something important (beyond how not to manage a team): “If you watch something going wrong for long enough, you inevitably start to think ‘I can do better.'” He’s never going to work for a boss again and that decision is going to benefit him and his career in the long run.

Working In the Moment

When you’re in the middle of a crap job, seeing past the awful environment can seem impossible. But if you can’t rise above the situation, at least a little bit, you can wind up stuck for what will feel like eternity.

Part of the problem is that most of us don’t have the option to just walk away from a pay check. Even if there’s a little suffering attached to the money, we all have bills to pay. If you have the luxury of leaving an awful job without having to worry about money, you should do so. For the rest of the world, it’s more practical to think about the options.

First, you need to understand the value of your current situation. Even if it’s highly stressful, there are benefits to pull out of any situation. Start with the easy stuff — the financials. Keep going deeper after that, though. Sit down and list out everything you’re getting out of the work you’re doing that you may be able to leverage later on.

  • Income and benefits: If you’re sticking with a stressful situation, you better be benefitting financially. If you haven’t already, go through the entire list of benefits you get from your employer and make sure you’re taking full advantage of them — if you’re eligible for tuition reimbursement, for instance, make sure you’re taking those classes.
  • New abilities and responsibilities: Whether you have a newly honed ability to keep calm in a crisis or you’re doing the work of two employees, a crap job can turn into some serious resume candy.
  • Opportunities for autonomy: In my experience, crap jobs tend to involve either obsessively controlling managers or managers who give you absolutely no guidance at all. If you’re in the second situation, grab that autonomy with both hands — you can take advantage of that lack of guidance to experiment with your own work and learn more on your employer’s time. And while I would never recommend you do something unethical, you might also be able to come with some other ideas to fill your unobserved time.
  • A clear picture of where you don’t want to work again: Not only are you gaining experience to help you narrow down the employers or customers you’re willing to work with in the future, you’re getting some clear motivation to improve your overall situation so you won’t find yourself back here again.

Even now, when I’m working with a difficult client, I’m a fan of counting my blessings. Running through that sort of information reminds me of why I need to bother sticking with a tough project — and it helped with the crap jobs I’ve had in the past. If the list is short, that’s motivation in and of itself: a short list is a reminder that you need to be spending all the time you can towards improving your current situation.

Next, you need to consider what resources you have to make those improvements. Going home and doing anything else you can think of besides work may be what’s currently keeping you sane, but it’s probably not moving you towards an exit strategy. You’ve got to decide where you want to head and then take action to get there. You may be considering a path that leads away from ever working for someone else again (including spectacularly bad managers) or you maybe more interested in any other job you can get right way. Either way, set aside time to actually take action.

If your crap job includes the problem of an employer who doesn’t respect your time outside of work, that process is a lot harder. Attempting to set new boundaries with an employer can be a way to find yourself without that crap job faster than you were intending to quit. In most states, you can’t collect unemployment insurance if you’re fired for calling in sick too often or for refusing to work overtime. The best advice I can offer is to take advantage of every minute away from work you can; even if you go a little crazy with both work and the effort you’re putting into reaching a point where you can leave your current job, getting out probably needs to be a priority.

Photo Credit: mikecogh

A Bug With A Logo?

Heartbleed

We all know that we need to take our online security seriously, but we rarely do anything to improve our own situations. Even when we hear about data breaches, the odds that we’ll go and change passwords are relatively slim. We might get occasional emails and updates from the sites we log into about our security, but we tend not to get worked up for anything less than proof someone has been messing around with our personal bank accounts.

But Heartbleed has been different.

From the first moment I heard about Heartbleed, everyone I know has been taking it fairly seriously. Part of that is due to the nature of this particular security breach: the amount of data that was made accessible by a vulnerability in OpenSSL is enormous. It would be easier to list which major websites weren’t affected than which were. But while the details of the Heartbleed breach are enough to get programmers and website publishers worked up, they’re probably too technical to really intrigue the average person browsing the web. So why do so many people seem to know about Heartbleed?

A Well-Branded Security Breach

Fundamentally, Heartbleed is different from security breaches that have come before. It’s been branded and marketed, something that no one has really tried to do historically. The traditional approach to announcing you’ve found a security exploit was to write out a brief description of the problem and send it around to everyone you expect the problem affected. There wasn’t exactly an incentive to take action.

For the researchers who uncover security breaches, there isn’t necessarily a clear benefit to promote their work in other ways, however: the status quo was enough to get them credit for their work and collect any financial rewards (like rewards offered by companies to researchers who found security breaches in their systems before those problems could be exploited).

Heartbleed’s branding may prove to be a turning point in what we expect from a security breach announcement.

That branding wasn’t a particularly major effort from the organization that launched Heartbleed.com. That company, Codenomicon, didn’t discover the vulnerability, but does help other organizations secure their systems against malicious attacks.

Miia Vuontisjärvi, a security analyst at Codenomicon, told TechCrunch that the site started as an internal Q&A that Codenomicon’s experts wrote in an effort to get a handle on Heartbleed’s potential impact.

“Experiencing the pain of the bug first hand we got a nagging feeling that this calls for a ‘Bugs 2.0′ approach in getting the message out in an emergency. Ossi, one of our experts came up with Heartbleed as an internal codeame and from there on thing lead to the other. The domain was available and our artist Leena Snidate did a an excellent job in putting our pain into the logo. It all went much faster than expected.

“When the vulnerability became public we realized that this is going to be a crisis communication. We said what we had to say in the Q&A with as little litter as possible. We put it available on a low latency and high bandwidth content delivery network so that it is very accessible for anyone in the need. Based on initial reactions we did some minor edits but we quickly saw the Internet community picked the issue up in an astonishing way.”

Crisis Management in Open Source

One of the most noteworthy points about Codenomicon’s efforts is that OpenSSL is an open source project; Codenomicon had the opportunity to step in because the developers behind OpenSSL are all volunteers. When software is developed by a single company as a proprietary product, there are typically more concrete procedures to handle bugs and security breaches — usually developed in order to minimize liability for the company in question. I can’t imagine an established company being able to vet and publish information about a security breach in this fashion.

But while Codenomicon stepped up and helped make information about a particular security exploit easier to understand and share, there have been plenty of problems with open source code in the past where no one took on that sort of leadership role. That’s partly because taking a leadership role in the middle of a crisis is tough; contributing to open source code bases doesn’t automatically enable you to field questions from the press, manage a user notification process, or brand an exploit so that users will upgrade their systems.

The open source community, as a whole, could benefit from establishing some best practices on how to handle this sort of flaw. At a minimum, just creating a check list that researchers can follow to make announcements more useful to the average internet user could be beneficial. While that’s not my area of expertise, there were both good and bad factors in the announcement of Heartbleed that could be used as a starting point for such a response framework:

  • Advance warning: Some large companies got advance warning of Heartbleed, which allowed them to patch their system before the exploit was announced more widely. While I have no problem with offering advance warning to companies likely to be hit hard by these sorts of breaches, there’s definitely room for a more systematic approach to deciding who to contact and how to handle the question of advance warning after the fact (if only so that complaining about not getting advance warning doesn’t become more of a story than the original exploit).
  • Embedded devices: As more devices are are plugged into the internet, security announcements need to at least mention what sort of systems will be affected by a given breach. It isn’t always possible to guess how a given piece of open source software may be used, but such warnings need to be offered to the greatest extent possible.
  • Points of contact: When we’re dealing with a breach in open source, where everyone involved is a volunteer, choosing who will serve as a point of contact is tough. These sorts of situations can require numerous hours to resolve, let alone to handle email. But someone has to do it, even if it’s someone outside the core development team.

Some of these points could be made easier with the application of a little money. With Heartbleed as motivation, several companies are looking at the value of investing some money into the open source infrastructure that drives their business ventures. Google, Facebook, Microsoft, and many other companies are on board to support a new group called The Core Infrastructure Initiative. Hopefully, this initiative will be enough to help major open source projects handle both security and breaches more effectively in the future.

Crying ‘Security Breach’ Too Often?

Heartbleed’s branding may be new, but researchers are starting to embrace the idea. In a post on a new vulnerability, researcher Matthew Green noted:

“First, if Heartbleed taught us one thing, it’s that when it comes to TLS vulnerabilities, branding is key. Henceforth, and with apologies to Bhargavan, Delignat-Lavaud, Pironti, Langley and Ray (who actually discovered the attack), for the rest of this post I will be referring to the vulnerability simply as “3Shake”. I’ve also taken the liberty of commissioning a logo. I hope you like it.”

But we need to consider if embracing this level of branding is a good idea for all security breaches. Embracing this sort of promotion can make it harder to get people to take action in the future: just like a child crying ‘wolf’ may not get attention when it matters, an important security breach can be lost in the mix. Reserving this level of branding for the truly crucial lapses in security is necessary to ensure it still works.

Security expert Bruce Schneier put it bluntly in an interview with the Harvard Business Review: “There’s a risk that we’re going to be accused of “crying wolf.” If there isn’t blood on the streets or planes colliding in midair, people are going to wonder what all the fuss was about — like Y2K. If you slap logos on every vulnerability, people will ignore them and distrust your motives. But it’s like storms. The bad ones get names for a reason.”

It’s also worth noting that Codenomicon helps its clients handle security issues. Making those security issues easier to understand and respond to is a brilliant piece of marketing work (along with a good deed that benefits internet users as a whole). But this sort of marketing effort is easy to exploit by companies that choose to do so. Whipping up a frenzy over relatively minor security breaches might make sense for some companies’ bottom lines. That’s absolutely not the case with Heartbleed and I’m not trying to make Codenomicon’s motives sound suspect, but it is a factor to consider as we see more security vulnerabilities branded for easy consumption.

Photo Credit: Leena Snidate

The Value Of Routine

Building routines into your day is rarely an easy process. I’ve gone out of my way to structure my life so that following my routine is the easiest option; I walk to my office because I picked a location that is a pain in the posterior to find parking around, for example.

It’s worth going to those sorts of lengths to build the right routines. Jesse Pollak wrote up taking a low-paying job (while in the process of building a startup). He considers it a valuable experience, in part because of the structure it imposes:

Since I left college and started working for myself, finding structure in my day to day life has become very important. The biggest change I’ve made has been adjusting my schedule: in the middle of last summer, I switched to an early morning wake up (between 5:30 and 7am, optimizing for 6 hours of sleep). Unfortunately, despite the promises of proponents of this approach, my body has not adapted well to the shift: every day, getting out of bed is one of the hardest things I do. Having an early morning job provides a concrete task that I need to get up and do, making the mental battle of escaping my blankets much easier.

Taking a second job just to impose more order on your life isn’t an option for everyone, but it does provide an interesting perspective on what value a busy person can place on routine.

A Few Thoughts on Profanity

I’m a writer; the thought of excluding even a part of the rich vocabulary that makes up the tools of my trade tends to make me pause. But most people don’t find profanity particularly appealing, especially in professional communications. I tend to avoid certain words as a result, only occasionally dusting them off to really drive a point home.

But that doesn’t mean that I personally think writers should dump those words out of our dictionaries universally. Hillary Crosley offered an impassioned defense of the use of profanity, particularly in situations when journalists are directly quoting a source. (Warning: This link contains oodles of profanity.) I agree wholeheartedly; dancing around the subject makes it less clear. Furthermore, doing so lets publications judge the value of other people’s choice of words. I’m just not comfortable with that.

Dancing around the meaning of a dirty word shouldn’t be necessary, provided that word is the right word to use in the moment. There are times and places when expletives are the only way to drive home the true meaning of what you’re trying to say.

A Pioneer Nation Follow Up

I spent a few days at Pioneer Nation, a small conference geared towards entrepreneurs here in Portland. I heard a few comments over and over again, to the point that I wanted to bring them to your attention:

It’s so amazing to talk to people who get what I’m going through. My family just doesn’t understand.

Being willing to make the leap into running your own business isn’t easy. Even if no one in your family is ready to jump off that sort of cliff with you, t’s crucial to find a community of support — hopefully with people who you can talk to on a regular basis, rather than once a year. Going it alone isn’t impossible, but if you’re going to do something as demanding as starting a new business, why make the process harder?

I know what I need to do. I’m just having trouble doing it.

I’m pretty sure that this is an ongoing problem for most entrepreneurs; I know it’s something I suffer from on a regular basis. For most of us, the next step is pretty obvious: Maybe we need to launch a product, send a proposal, or set up a marketing campaign but we haven’t. Part of the problem is usually finding the time. It’s a legitimate problem, by the way — there is a hard limit on how many hours you can work in a day. But part of the problem is often that we’re a little afraid to move forward, especially if we feel overwhelmed by the successes we’ve already had. I don’t have a solution for this problem, except to power on through whenever you have a rush to move forward. Just do as much as you can, when you can.

I have to think bigger!

In my line of work, I have to tell a lot of my clients that they need to think a little smaller — that their budgets won’t support the high-minded plans they’ve been making. But at Pioneer Nation, several people told me that they’d realized they need to think bigger. Part of that may have been the audience; it included a lot of people who were shooting for businesses that would first and foremost support their lives. But part of that is also that it’s tempting to focus on what we know we can accomplish with the resources we currently have, and let the big opportunities pass us by. But it’s good to think big and chase goals that seem a little audacious. Otherwise, we can’t tell what we’re capable of.

Pioneer Nation was a great conference, both to present at and attend. I just want to take a moment here to thank Chris Guillebeau and the legions of folks involved in putting Pioneer Nation on. Great job! I look forward to seeing where you take it next year!

The Age Of The Uncredentialed Curator

Stacks 2

Tumblrs full of kitten pictures, websites ranking the helpfulness of individual restaurant reviews, Pinterest pages full of tasty ways to prepare vegetables you’ve never even heard of — at its core, the internet is about collections. We find topics we care about or people who we want to connect with and we build lists.

Some of these collections contain original contributions, like blog posts or memes. Others are purely an organization of what the collector in question finds online. The same has held true of most information management over the years: a library is also a curated collection of books judged to be worth consulting, as well as records or other information the library may have gathered or even created. It’s how we handle anything complex.

You Don’t Need Credentials to Buy a Domain Name

But while it’s tough to get the money to build a new library without a degree in library science, you can set up a new website for under a hundred dollars. Calling the curators who are building the information collections we base our lives on these days ‘uncredentialed’ may be overly kind: not to be cruel, but the only requirements for getting a Tumblr or Pinterest account is a valid email address.

That low barrier to entry isn’t a problem, but it is a fact we need to acknowledge if we’re going to talk about curation. When anyone can publish their curational efforts, effectively by accident, there’s a question of how useful those efforts are to anyone else. I’ve seen plenty of Pinterest boards that are meant to be intensely personal — it’s where people plan weddings and pick out tattoos for themselves, far more than they focus on sharing what they’ve found with other people, no matter what its creators intended.

There is value in that sort of collecting; I spend plenty of time browsing through other peoples’ Pinterest boards myself. They’re sources of things I might be interested in, based on my connection with the curator, as well as information about what my friends and family enjoy.

But there is a lot of noise coming through these channels, as well as through all the various options we have for publishing any sort of collection. No one can pay attention to every single channel that we can access. We have to be selective in a way that a scholar who had to physically go to wherever information happened to be never was.

Who Curates the Curators?

When finding the right piece of information or viewing the right piece of art required days of travel, there was (perhaps surprisingly) less of a problem in figuring out what information to pursue. With only one expert to talk to, you got a good pair of boots and headed out to talk to him.

Today, the wealth of information we can access is dangerous. How many times have you looked at one article on Wikipedia, only to find yourself engrossed in articles about Pleistocene megafauna or glam metal music hours later? We no longer face questions about what information is worth preserving or worth traveling days to learn. Rather, we have the problem of deciding which information is worth paying attention to. The job of the curator is far different right now than it was a few centuries ago.

Personal curation solves some small element of this question: quietly saving links that will help you go back and cook exactly the recipe you’re after or purchase the perfect outfit can let us handle a lot of the small questions in our lives. But when we’re taking on a new topic, either personally or professionally, curators have to provide more information. I recently read an article that covered the entire history of a musical genre I had no familiarity with; when I went looking for information, I was quickly overwhelmed. No single curator had taken it upon herself to create an introductory guide to the genre or even to suggest ten albums a new listener should pick up.

There may be a fan of that particular genre with a great playlist on a website devoted to music somewhere, but that hypothetical playlist doesn’t show up through a cursory web search — all that I’m really prepared to do if I have anything else on my plate I really need to be working on. There isn’t a lot of incentive for someone curating resources for her private consumption to bother publicizing that sort of resource, by the way: it’s rare that such a specialized list will earn the author any money, though a small amount of niche fame can be possible. Even that level of fame can be a double-edged sword: I have a friend who is an expert in an incredibly esoteric topic (as a life-long hobbyist who has published about his work online, he’s essentially one of a handful of experts in the world). He gets oddball questions all the time, to the point where it would take him significant effort to field these questions — but people aren’t willing to pay him for the answers. While a few people will continue sharing information out of love for a topic, there are more who will discontinue their work because of the effort involved.

To get the information we need, then, we’re left looking to a secondary level of curators: people who will seek out those awesome playlists and other collections and point attention to them. I’m not so sure that this is a long-term solution, however: while there are certain bloggers and other online curators making a living from ‘finding cool crap on the internet’ (the folks behind BoingBoing and Dooce come to mind as very different examples), those people are few and far between. In the meanwhile, however, there are plenty of people who aspire to that role or to otherwise make a living on the internet. There are not so many, however, that I can find playlists for somewhat obscure musical niches.

Expert Curation is Getting Expensive

There is an understood value of some sorts of curation: particularly talented curators who can make topics interesting and relevant have already found a variety of business models online. But if an expert curator is willing to specialize in certain fields, the money associated with their work can increase.

In fact, the amount some companies are willing to pay certain types of expert curators keeps going up. This obviously includes people who can curate interesting information to create an alluring social media feed — most companies are happy to pump money into marketing if it results in a corresponding increase in sales. However, other types of curation are in high demand. Anyone who can effectively parse and contextualize information about complicated topics (like business and finance) is very employable these days. Whether they’re writing broad advice for the masses or telling an individual company when to jump, an expert who can pull together different sources of data is incredibly valuable.

But the expense of accessing expert curators is going up, no matter what job description you have in mind. Collecting data is a time intensive process, full of time spent pursuing potentially useful tidbits only to find that they don’t really fit in with what you’re curating. I track all sorts of topics and just evaluating sources can be intense: when anyone can post anything to the internet, you can’t exactly assume that each piece of information you find is equally reliable. The more information a curator needs to sort through, the more expensive that sort of work is going to become.

It’s understandable that with the added cost of hiring someone as a curator, an employer or a client is going to want to see credentials as proof that the curator in question can handle the work. But that sort of proof may not be necessary, at least for any curator who can build a collection before hunting for work. An appealing collection of information, whether it’s a blog, a Pinterest board, or a book speaks for a curator’s ability far more than any other credential might — at least in this era of too-easily accessible information.

What do you curate? Do you feel like credentials make it easier to collect the ideas and items you focus on? Or do credentials just get in the way of the work you want to do?

Photo credit: Ginny