Seriously, How is Spec Work Still a Thing?

Speculative work is a bad bet, both from the point of view of a creative and from that of an entrepreneur. Asking people to do free work (or doing that work yourself) is rarely the most effective way to move a project forward — and yet I keep seeing calls for spec work.

I would like to think most people understand that spec work isn’t an effective option, but that’s clearly not the case. The best I can do is to continue to refuse to do spec work and to try to convince you to take the same stand.

My Time is My Money

As a creative, a request to submit spec work is disheartening. Your ability to land paying work is based on your ability to win a contest. It’s like hearing that every piece of work in your portfolio is worthless: that your body of past work doesn’t actually prove you’re capable of completing a project. Personally, I find such requests irritating at best. I prefer to assume that suggestions I work on spec are attempts to get me to work for free, because I’d rather be angry than to think that a prospective client doesn’t believe I’m capable of the project in question.

Either way, though, spec work is a clear indicator that a prospective client doesn’t value my time. That worries me because my income is directly tied to the number of hours I can spend on paying work. Despite what these clients seem to think, I’m not working just to have something to do during the day — I need to earn a living. There’s a price tag on every hour in my day.

That lack of respect for my time is worse when a prospective client asks you in person or on the phone. I’ll admit to occasionally ignoring emails asking for a trial post or some examples on spec — ignoring an email is easy. But when someone asks me for a trial post during a phone call, the question trips me up: I’ve set aside time out of my day to talk to this person (time I’m not being paid for), and they want even more of that scarce resource? It gets worse when you consider the amount of unpaid work that can go into pitching a project before you can guess whether you’ll get the gig, like writing proposals and query letters.

A request for spec work in the moment forces me to keep my cool on an issue that actually makes me pretty angry, while talking to someone I hope to impress. Worse, it puts me in a position where I look like I don’t want to work on a project right off the bat. I’m willing to dig in my heels now, but there have been times in the past where I needed the work badly enough to back down.

I’ve always regretted those times, though: perhaps one spec project out of every ten has turned into paying work. And that number is only as high as it is because I’m counting those articles I wrote for publications that refused them, but that I was able to sell elsewhere. Stock article sites will take anything, it turns out, but they pay a fraction of what I would have earned if I had spent that time pitching projects that wouldn’t be done on spec.

Spec Work Means Useless Effort From Everyone

As bad as spec work is from a creative’s perspective, though, it’s a bad business practice for clients as well. It’s time-intensive and requires far more coordination than any other approach to handing out client work.

The source of this particular rant was a conversation with a prospective client, where the individual on the other end of the phone made it clear that they were talking to quite a few different bloggers at this point, implying more than ten. The phone call was being used to winnow down the numbers of respondents. That information is irritating, if only because I’m a big believer in the value of time (I categorize more than five interviews for a contract like this as “doing it wrong”). But then the interviewer said that they were asking allthe bloggers they were considering to provided a trial post.

EXCUSE ME?

I can understand asking for two or three bloggers to put together trial posts, so that you can tell the real differences between a few really good writers. I don’t agree with that approach, but I can understand it. But asking ten or more potential contractors to put together free work is ridiculous on multiple levels:

  • On a purely selfish level, asking for that much work means that you have to go through the results. Even ten short blog posts work out to a lot of reading.
  • Your network will likely suffer. You’re going to irritate people who you might want to work with in the future by asking them for free work and then turning them down for the overall project.
  • You’re taking advantage of people who you need to continue to do their best for you long after they turn in that first post. You’re not exactly starting your relationship off with your best foot forward.

Even when a creative will do spec work, a client probably won’t get the ideal end result. Most spec work projects aren’t perfect because there’s no way to get the sort of back-and-forth collaboration that ensures a client gets what they want. Writing a creative brief that addresses every nuance of a project is impossible — but so is answering project questions from a dozen different creatives. As a result, spec work is more like a sketch than a finished project, even though many people will request spec work with the expectation that they’ll get something they can use right away.

What’s the Practical Alternative?

Running a business is always a question of deciding how to most effectively spend your time. If you’re not careful, a creative project can be a crazy time suck that doesn’t get you the results you need (whether you’re doing the work or commissioning it). So, how can creatives and clients work together without wasting time?

The Client Side of the Equation: There are three factors that will tell you whether you’ll get the results you want far more effectively than asking a creative to do the work on spec.

  • Reputation
  • Communication skills
  • Past work
    Seeing a creative’s portfolio should tell you whether that creative is capable of the level and style of work you need. From there, you need to know whether that creative can do the work in a professional manner in terms of timeliness and responsiveness to criticism. You can get that information from talking to the creative’s past clients — send ten quick emails, rather than trying to go through ten speculative projects. Here, I’ll even give you a template to copy:

So and so,
Creative X has a piece of work in her portfolio that she did for your company. I’m considering hiring her for a project of my own and I was hoping to get your opinion of Creative X’s work. Could you answer a few questions for me?
How was Creative X to work with?
Did Creative X complete the project in a timely fashion?
Would you work with Creative X again?
Thanks!

You can usually find the email addresses you need on websites or LinkedIn. You don’t even need to go through the creative you’re checking up on.

The Creative Side of the Equation: Give prospective clients your portfolio. It should stand on its own. If your portfolio isn’t effective, invest the time you would otherwise spend on spec work into improving your portfolio. Given how inexpensive it is to put work up online, consider just launching some projects of your own. Write your own blog, launch your own web app, or design your own line of motivational posters. If that scares you, here are a few other options:

  • Do pro bono work for a cause you believe in.
  • Create stock work for the many marketplaces online (most have lists of types of work that are most in demand).
  • Offer yourself as an intern or apprentice (paid) to a creative already working in the industry who does a high volume of work.

Avoid Spec Work, Please

Spec work is bad for business, whether you’re a creative or a client (or both). Tempting as the idea may be, either as a way to get in with a new client or as a way to see a bunch of work from different creatives, just say ‘no.’ There are always better ways to get what you want.

One Weekend, One App

friendshipapi logo

Over the weekend, my husband and I put together FriendshipAPI.com. He did all the coding, while I wrote copy, designed a logo, and did a little bit of marketing. Christopher wrote up the technical side of launching an app in one weekend, so I figured a rundown of how I spent my time would be useful as well.

The Overall Goal

I saw a contest last week for creating apps based on Context.io’s API (which is especially good at analyzing big chunks of email). We decided to see what we could come up with on short notice; luckily, we already had a few ideas in the pipeline. Christopher and I have talked about how to stay in better touch with some of our friends, especially since we’ve moved cross-country a few times.

Because we were building Friendship API as a contest entry, rather than a business that we expect to be quickly self-sustaining, our goals were:

  • create an app that functions correctly
  • make an attractive site that showcases the app
  • get a little traffic to the site (mostly to get people to test out the app)

Getting more traffic might be nice, because the contest does have an award specifically for whoever grows their traffic the most. But, honestly, too much traffic would be a pain in the posterior for us because the app is running on Heroku’s free plan. If we actually got a serious number of visitors, we’d have to pay for a better plan.

A Full-Fledged Web App

Building a web app requires a fair amount of work, but just writing code is not enough. This is a big pet peeve of mine: hackathons, school projects, and all the other various quickie apps you might write have the same crappy look.

And before anyone tries to tell me that a weekend is too short a period of time to put together a design, let me tell you what we did: we bought a design from ThemeForest — this one, in fact. Starting from scratch on a design is tough in this short a timespan (although not impossible if you actually have access to a designer). But modifying an existing design is pretty doable.

If you do have some design skills and trying to move fast, I always recommend putting together three creative assets first off:

  1. A color palette
  2. A set of typefaces
  3. A logo

You can polish up an existing design quickly if you know what colors and typefaces you want to use and if you have a logo to add to the design. Super short on time? Use a typeface you don’t plan to use anywhere else on your website to make a text-only logo of your app’s name.

Friendship API is done in blues and gray; I used the blue built into the design already and added a darker shade for the logo and some design elements.

The logo is set in Unica One, which is available under an open license through Google Web Fonts.

A Quick Bit of Marketing

The real goal of our marketing Friendship API was to get some feedback on what we were doing: a weekend isn’t long enough to do real UX testing, but you can get people to tell you what they don’t like about your app through Twitter.

We were specifically looking for the sorts of people who will be judging the contest: startup nerds. That informed where we put our energy.

Our marketing plan broke down like this:

Twitter: I created a Twitter account for the site (mostly for tracking purposes on Twitter) and tweeted about the launch on the day of. I retweeted that tweet, along with writing a couple of original tweets for my account and my husband’s.

Blog: We launched with two blog posts — one on my husband’s site and one on Medium. I was able to write tweets about the blog posts, as well as share them on sites like Hacker News.

Private Channels: I wrote a couple of short messages to post on a few different private channels I have access to (Facebook groups, Slack teams, and the like).

We got about 100 visitors in the first day. Just like every other time I’ve launched a project, private channels brought us the most traffic — over two-thirds. Twitter came in a distant second.

We also got quite a bit of feedback, which is exactly what we were hoping for. We were able to make a couple of crucial adjustments before sending in our contest entry.

My Template for Technical Resumes

Offline, I spend a lot of time helping friends with their resumes. I’ve even given a couple of workshops about technical resumes.

This is the template I use in helping someone get started in creating a technical resume:

You can also access the document here. You may notice a lot of comments in this particular document — I’ve laid out the logic and options for each section in the file so that anyone using it doesn’t have to refer to anywhere else. With that in mind, I strongly recommend copying the file to your own Google Drive and then editing that copy.

A Brief Review of PyCon 2015, Based Entirely on Swag

Last week, I flew up to Montreal for PyCon. I’m now home, without any new international incidents to add to my record. It was my first PyCon, but it won’t be my last.

If Python (or open source development in general) is your thing, all of the talks from this weekend appear to already be on YouTube. Since I mostly stuck to the hallway track, I’ll be watching a lot of these videos myself and don’t feel qualified to offer a review. However, the hallway track was fantastic and I would recommend it in future years.

I can review the swag I gathered at PyCon, though. Based on t-shirts alone, I’m pretty pleased. I found not one, not two, but three ladies tees that I liked enough to take home. Considering that booths at most other tech conferences only offer men’s shirts, the availability of ladies’ tees is a good indicator of an inclusive community.

Even better, though, there was plenty of non-shirt swag. Since I’m trying to make sure my wardrobe doesn’t entirely look like it came from a trade show hall, I’m always excited to see other swag that I’m actually interested in. I’m now stocked up on small notebooks for quite awhile, including a few that have a variety of pages for sketching different types of wireframes. I’m also up a beer glass, breath mints in reusable tins, and some pretty cool fake tattoos that I’ll actually wear.

I’d like to note that I’m totally cool with the booths that didn’t offer a whole lot of swag (or any at all) — I’m just as thrilled to just talk about cool products that I didn’t know about in advance and see some demos. I don’t have to have swag, but if it’s on offer, I like to see a variety that’s appealing to all sorts of conference attendees, rather than just to stereotypes.

And, as an added bonus, next year’s PyCon is here in Portland. If you’re interested in attending, keep an eye on the PyCon website. Just a head’s up, though: my couch is already booked for PyCon 2016 and tickets are guaranteed to sell out.

Investors Always Want to Be The Coolest Kids in the Room

16651427749_19a457f155_z

Investing in an amazing startup is like buying the hot new gadget that’s just come on the market. Just being able to lay down your cash, either for an investment or a gadget is a good social signal, telling the rest of the herd that you’re cool.

But sometimes you get the iPod and sometimes you get the Microsoft Zune. (Here’s a Wikipedia link in case you don’t remember the Zune, the necessity of which may just drive home this particular point.) One tells the world that you have taste and money and one of them tells the world that, well, you bought a gadget that turned out to be not nearly as cool as something else on the market.

Venture Capital Works the Same Way

There’s not really a good way to predict precisely what investment opportunities are going to do better than others: putting your money into a company that has barely an idea of what they may offer customers, let alone any source of revenue, is risky. If it wasn’t risky, after all, we’d all be startup billionaires.

But that means that investors still have to make a decision to invest in this opportunity but to pass on that one.

Investors can weed out some of the options on the table. Details like potential audience size and the relative spending power of that audience can help an investor exclude anyone that can’t make the risk worthwhile. But there’s still far more startups looking for capital than there are investors ready to put money on the line.

That leaves gut instinct to guide an investor through choosing where to invest. Gut instinct, more often than not, takes you to the company you want to see in the world — the seriously cool offer.

The Cool Factor Minimizes Diversity

Choosing companies to invest in based mostly on what seems cool — on what will signal to your friends that you are awesome — limits investments dramatically. What’s cool right now? Well, that depends on your friends. If your friends each have their own bucket load of money and they all live in San Francisco, though, they’re going to define ‘cool’ very specifically. Buying things online is cool, hence all the Bitcoin startups. Being able to pay someone else to deal with the sucky parts of life is cool, hence the appeal of getting things done by Magic. Wine, beer, and whiskey are all cool, hence more startups around those beverages than non-alcoholic drinks.

What’s not cool? How many apps have you seen get funding for simplfying divorces? What about effective logistics management? What about anything for the unexotic underclass?

The lack of diversity isn’t just a question of picking startups with ideas that seem cool to the right people, either. What people are most likely to have ideas that you think are cool? People who are very similar to you across a spectrum of characteristics.

Is There a Solution?

The venture capital system is based, ultimately, on gut instinct. There’s no real way to predict that one startup will succeed or another will fail, which means that investors have to decide based on whatever criteria they choose. Coolness is no better and no worse than any other decision-making tool, especially when someone is deciding how to invest their own money.

Want to see a dramatic uptick in diversity among venture-backed startups? Get investors with a much wider collective definition of cool — more women, more people of color, more parents, more military veterans, and so on. Of coures, there’s a chicken and an egg problem that people who do not already match investors’ ideas of good founders are less likely to have money to invest. That’s a harder problem, though I can see some options (though all come with their own particular problems):

  • Figure out a way to encourage more people to bundle small investments together into startups
  • Add more diverse decision makers at investment firms
  • Use governments and non-profits to come up with investment capital

A more practical option may be to look for more opportunities to opt out of the venture capital system in general. There are plenty of arguments for other strategies: venture capital is likely creating another bubble, it’s creating businesses focused only on exits, and it’s definitely driving price wars.

Bootstrapping, or taking only a small round of investment from friends and family, is the fastest route away from venture capital. It won’t work for all companies — anything needing a big upfront investment in research or equipment is out — but bootstrapping is always worth considering. And the number of ideas that can be bootstrapped today is surprising; 3D printers, marketplaces offering time on expensive equipment, and amazingly cheap software tools have brought down the cost of building anything.

Image by Flickr user Got Credit

A New Use for Hemingway: Ghostwriting

I’ve been finding Hemingway surprisingly useful when working on ghost-writing projects lately. It’s a useful sort of a writing hack to get some quick insights when you’re trying to mimic someone else’s writing style.

Of course, Hemingway is fundamentally intended to help writers sound more like the man himself. But it does that by highlighting certain characteristics of writing:

  • passive voice
  • adverbs
  • vocabulary

By putting in writing samples from a client who I need to mimic, I can see pretty quickly how they use words. I can do that sort of analysis by hand, but it’s tedious enough that I don’t actually do so except on really well paying projects.

If you’re trying to mimic the style of someone’s writing, I suggest looking at several examples of someone’s writing through Hemingway’s lens, not just one. Getting the style right on a ghost writing project is hard enough when you’ve got multiple samples — getting style right off of just one sample is impossible.

Putting in several samples can be time-consuming, though. I do wish Hemingway had an API so that I could integrate it with some of my other writing tools, as well as automate the process of putting writing samples into the app. But I don’t absolutely need an API to keep finding new ways to use Hemingway — it’s just something that would be nice to have.

HTML is the New Latin

html

Latin is a strange language. No one speaks it as their first language and few people speak it regularly outside of Vatican City. Yet many schools still offer Latin classes and most of us know a few words (even if we aren’t always aware that we do). We still use Latin roots for forming new words, even in English with its Germanic heritage. Kids studying for the SAT or GRE learn Latin roots to score well on what may be the most important tests of their lives.

We have a certain respect for the language that united scholars and politicians across Europe hundreds of years ago. Latin provided an underlying structure that allowed key ideas to pass communication barriers. Whether or not Latin is regularly spoken in the future, it will still have a lasting impact on the words we use for centuries to come.

The digital age requires a new connective infrastructure. Markup languages, including HTML, are that communication tool. Markup languages are systems of annotating documents in a way that’s both visually different from the text itself and recognizable by computer programs. Learning at least a few HTML tags is rapidly becoming a necessary step to sharing information across borders. HTML, by the way, stands for “HyperText Markup Language.”

The Words Themselves Aren’t So Important Today

As a writer, I hate myself for even suggesting that words themselves aren’t so important. But with translation tools constantly improving, my choice to use English words is far less important than it was even a few years ago. Even the specific words I use are exchangeable for something simpler: I can drop a blog post like this into Hemingway and see where I can change my diction.

I read web pages written in foreign languages every day. Google translates those pages for me automatically. I don’t need a human to translate their work into Latin or another shared language for me to get the gist of it.

But I do need those foreign texts in a format that Google can access. They need to be web pages, written in HTML, so that a machine can access and process the information they contain. Markup languages make our work accessible to the world — the same purpose Latin served centuries ago.

Of course, machine-based translation isn’t perfect. It’s improving, however, especially as the systems handling such translation get access to more text and can learn from experience. The algorithms used to process language are improving every day. In the long-term, it’s possible that we really could have real-time translations whispered into our ears as we talk. In the meanwhile, we can make our work easier to access, both by machines and by humans.

A Little Formatting Makes a World of Difference

Formatting is crucial. When we speak, we can convey our emotions through eye rolls, upbeat tones of voice, and other non-verbal communication. But with the written word, we’re limited to sharing information through words and formatting. Boldness, bullet points, and other visual cues have to do the heavy lifting.

This sort of formatting also conveys information to non-human readers. When a machine processes a document without any formatting, it can guess what the title and topic of the piece are based on comparison to other documents. But if the writer of a document puts a couple of H1 tags around that document’s title, a computer can tell the title of the piece immediately. Doing so also helps human readers focus on the title quickly, as an added benefit.

Unfortunately, formatting isn’t always a simple matter. There are many ways we can share text with the world — a shared Word doc, a WordPress blog post, a plain text comment, and many more. But each of these methods brings its own formatting woes. Our reliance on rich text is to blame. Different tools implement formatting in different ways, making it difficult to copy and paste between systems. These proprietary systems don’t talk to each other as well as they could. Don’t get me wrong. The situation has improved over the past few years: You can copy text from a Microsoft Word document into a WordPress blog post without your formatting going all wonky now (provided you’re using a recent version of WordPress). But there’s still plenty of room for improvement.

Writers Need to Learn Markup Languages

The need to make our work more accessible for both human and machine readers seems like a question of improving technology. Our tools are continuing to evolve. But, as a writer, choosing to learn HTML or another markup language can push your own work much further.

On the most basic level, offering an editor or a publisher a plain text file formatted with HTML can help your career. An editor can get your work published online far faster if you hand them a prepared file. You have a far better shot at being the editor’s favorite writer when you know HTML.

On a deeper level, however, the ability to correctly format your writing in HTML can increase its reach. Search engines have a harder time ranking an incorrectly formatted blog post or web page than one with correctly written HTML. You don’t have to dive too far down the rabbit hole: just being able to format your writing and add a little meta data is enough to make your work much more accessible. Adding in the right HTML is the modern day version of translating your work into Latin so that the folks in the next country over can actually find and understand your work in their library.

I’m not suggesting that you learn how to program. I may personally think that’s a good idea, but I’ve seen other writers get anxious at that sort of suggestion. Rather, writers need to be able to annotate our work to ensure our meanings are clear — we need to add formatting tags and a few other details. It’s possible to get by with using a tool that generates your HTML for you. I actually write in Markdown using a cloud-based word processor that can transform Markdown files into all sorts of other formats. But it’s worth your while to learn some HTML first, if only so you’ll notice if an automated system gets something wrong.

HTML is a Tool of the Cultural Elite

Through the seventeenth century, getting any attention at all required translating your work into Latin. It didn’t matter if you were a member of the Catholic Church or not. Latin was your only choice of languages for communicating with the cultural elite. Even Isaac Newton, who lived in the Protestant country of England, wrote his mathematical treatises in Latin.

Today, reaching the cultural elite means publishing your work online. Online doesn’t mean just tossing up an essay or an article on your blog, by the way. If you want to have any sort of reach, you need to be able to push your work on to a variety of platforms, like the Kindle. Just as writing in Latin meant that any European with a good education could read Newton’s work, marking up your own work with HTML makes spreading it easier. You can immediately push your work out to all the different platforms your readers might use. (The only way to use what Amazon refers to as ‘advanced formatting’ in a Kindle ebook, as it happens, is to format your book using HTML.)

There may always be print versions of particular work, but we’re fast reaching a point where publishers of all stripes push work online first and create a physical copy second. And since HTML, with a little help from CSS, can format text for printing, we should expect the online-first mindset to become even more common.

So Where Should Writers Start?

It’s not uncommon to meet writers who are only interested in perfecting their craft. Personally, I find that mindset to be problematic: If you want to lock yourself in a room all day to write, how can you guarantee that anyone will ever read what you’ve created? If you want to opt out of the world and focus on writing to the exclusion of all other things, though, you do have the option.

But if you’d rather ensure your work reaches an audience, there are a few easy starting points to help you learn a markup language.

  • Start by writing in a rich text editor, such as the one built into WordPress. Write as you would normally, but make a point of switching from rich text to HTML. In WordPress, you just need to click between tabs at the top of the text box where you’re composing your latest magnum opus. Once you see your HTML, you can make a point of checking your formatting against the HTML your editor generates. You’ll pick up simpler formatting, like bold or italic quickly.
  • Consider going through a tutorial or a class. There are hundreds of free tutorials online for HTML and related topics. I’d suggest searching for how to handle specific questions, like ‘how to format a block quote in HTML‘. You can also take more in-depth classes, like those offered by Codecademy.
  • Learn more about markup languages — but only if you really want to. I realize that I’m already bumping up against the limits of what the average writer cares about by writing 2,000 words about why you should care about HTML. If I went down the rabbit hole into topics like metadata, Markdown, and the wide variety of markup languages out in the world, I’d probably lose most of you who have read this far. But for the one or two of you who have an interest, there are all sorts of opportunities out there for writers who really understand markup languages.

You can also consider your tools. We don’t always get the option of choosing how we write. The muse may only strike when you’re looking at an entirely blank screen or even if you’ve just got a pad of paper and a pen. But if you understand your own workflow, you may be able to upgrade your tools so that you’re able to deal with HTML questions and the like with only minimal effort.

At the bare minimum, choose word processing programs capable of exporting HTML without screwing up your carefully planned formatting. Scrivener, for instance, has a much better export track record than Microsoft Word. There are any number of word processors and other tools that will help you write, as well as add HTML to your work in an efficient manner.

Right now, I’m using a tool called Beegit. It gives me a way to share projects with a team, as well as the ability to write with visible markup in my documents. However, Beegit is based on Markdown, rather than HTML, so it’s not necessarily a good switch if you’re still learning about markup languages.

Your Obligation to Experiment

The written word is becoming ever more important: We spend more time with text today than any of our ancestors ever did. But we still haven’t perfected a way of ensuring that a given document is accessible to every single person who wants to read it. Language and cultural barriers still slow down how quickly we can share new ideas, as does issues as simple as file formats.

But the more that we writers can tackle the question of accessibility on our own, the wider our own work will spread. If reaching readers is one of the reasons you bother to put words into a row, take the time to experiment with markup languages, just scholars in centuries past invested the time necessary to learn Latin.

Photo credit: iStylr

Community-Run Conferences: The Most Bang for Your Conference Buck

Unconference Scheduling

I recently had the pleasure of attending Open Source Bridge and noticed several factors that made it an incredibly useful and enjoyable conference to attend. Open Source Bridge is an annual conference that takes place in Portland, Oregon (just like OSCON). It covers a variety of topics related to open source software, also similarly to OSCON. But while a full-access pass to OSCON runs about $2,000, a ticket to Open Source Bridge is $300. I love community-run conferences!

Full disclosure, I received a press pass for Open Source Bridge. (I’ve also received free passes in the past to other conferences I might reference in this post through volunteering, sponsorships, or client relationships.)

Community-run conferences are a much better opportunity for many people than many other types of events. Don’t get me wrong; there’s plenty of value to be had at mega-conferences and other types of events, as well. But considering the lower prices associated with community-run conferences, I always come away feeling like I’ve gotten so much for my money. Here’s why.

Community-Run Conferences Have More Room for Dissenting Opinions

The voices you hear at big conferences are often those speakers who are well-established authorities within their specialties. Obviously, big events need speakers who the widest possible audience will recognize in order to sell tickets. But when you have the ‘official’ opinion up on the stage, it’s harder for a speaker with a dissenting opinion to get on the schedule. The decision may be as simple as "We’re covering that topic already, so why should we have a second speaker discussing the same material?"

But that process does mean that different points of view are automatically excluded. The same doesn’t hold true at a community-run conference. Because a community-run conference almost always looks to the community first to choose speakers, there are more opportunities for diverse opinions:

  • Community-run conferences are generally more welcoming to newer speakers, including those with very different perspectives from the status quo.
  • Community-run conferences don’t have to toe the sort of party lines that a company-run conference must. This might explain why all the major hacker conferences are actually community-run events. Even big sponsors only have a limited impact on what can be said at a community-run conference.
  • Community-run conferences can afford to take risks on niche topics that may only appeal to ten or twenty people out of the entire set of attendees. Big conferences have to fill rooms to make economic sense.
  • Attendees at community-run conferences are more likely to pay for their own tickets out of pocket, so they don’t have to justify a particular event to a manager who controls the company budget for conferences. In turn, that means that community-run conferences can afford to offer more sessions on non-business topics.

The sort of variety that a community-run conference offers is more fun (at least for me). I’m far more likely to wind up at a session covering something I know very little about but that will dramatically change the way I see a particular issue. One of the first sessions I attended at Open Source Bridge, for instance, was on OpenMRS — an open source software project I was entirely unfamiliar with — which offers open source medical record management software. I chose the talk because I’m interested technology and health, but I learned a great deal about the problems international open source projects face, how a project can create software that’s usable in places with limited power and internet access, and even the unexpected localization issues that a hospital in Somalia might have as opposed to a hospital in Kenya. Perhaps more importantly, I got a very different perspective on open source technology as a whole that I can already tell will influence my own work.

Community-Run Conferences Have More Opportunity for New Connections

The argument that smaller conferences are easier to meet people at than their larger counterparts seems counter-intuitive. But large conferences are overwhelming even for the most outgoing people. We’re more likely to find a few people to hang out with at a time, to provide a buffer against the thousands of attendees at a conference like OSCON. It’s a paralysis caused by too many people. Personally, at particularly large conferences, I tend to find a "conference buddy" who I cling to to make sure I don’t get washed away in the sea of humanity.

At smaller conferences, however, I’m more likely to go around and introduce myself. I noticed at Open Source Bridge that I knew a large number of attendees and, as a result, I felt very comfortable and was better able to introduce myself to new people. After all, if I were to encounter a problem, I could always retreat to talk with people who I already knew.

Those connections occur outside of the actual length of the conference, as well. Conference organizers have varying levels of passion for the events they create. On the less passionate end of the spectrum, those individuals who are paid to organize particular conferences probably care about the events they manage, but not to the point where they’re talking about their next conference constantly. In contrast, someone organizing a conference out of sheer passion is going to tell everyone they know about the next event. Even the problems will be more visible, because that organizer’s friends will get to hear every last detail about the argument with the venue staff (whether anyone wants to or not).

The community is more long-lived as a result. Rather than moving on to the next conference at their employer, the organizer of a community-run conference’s next event is likely to be either next year’s conference or a closely related event. The organizers can pull the community along, maintaining excitement throughout the year between conferences.

Community-Run Conferences Have More Room to Experiment with New Improvements

A code of conduct seems like such a simple thing. And, yet, many large conferences of every type seem to struggle with implementing such codes.

Of course, there are community-run conferences without codes of conduct still. But many are more open to the idea of adding on a code of conduct — and seem more willing to adopting an existing, proven code without feeling that they need to develop a new code entirely from scratch. Those communities who aren’t willing to add such codes, well, that information can be valuable, too.

Because a community-run conference has the ability to quickly evolve from event to event, such conferences have more opportunities to experiment with better practices. As a for instance, when attendees registered for this year’s Open Source Bridge, they each had the opportunity to choose between three colors of badge lanyards: blue, yellow, and red.

  • A red lanyard indicates that the wearer does not want their photo taken at all.
  • A yellow lanyard indicates that would-be photographers need to ask before taking the wearer’s photo.
  • A blue lanyard indicates that the wearer is comfortable with having their photograph taken at the conference.

It’s a simple visual cue that can make a world of difference in making a wider variety of attendees comfortable with a particular event. There are a whole host of reasons that people may not wish to be photographed even if they’re at a public event. The default for most events is that everyone who happens to be carrying a camera (which you can read as all of us) can take photos and even recordings of anyone who happens to be at the event. I’m not entirely sure how this became the norm, but it’s not actually a reasonable approach. Event organizers may ask for a bulk permission to photograph or otherwise record attendees, but other attendees don’t usually take any steps to make sure that their photography subjects are comfortable with the situation.

This year’s lanyards aren’t Open Source Bridge’s first experiment in providing visual cues about appropriate behavior. Last year, the conference offered stickers for people to place on their name badges to express photography preferences

I can’t categorically state that lanyards are the best way to communicate these sorts of preferences; the only way to figure out such factors is to run an experiment or two. Community-run events seem more willing to do so, if only because the logistics of testing a new approach with a few hundred attendees is far easier than with a few thousand. Even better, most community-run events are put together by passionate people — and passion is rarely exclusive. If you are willing to do the hard work to bring information about your topic of choice to a wider audience, perhaps you’re also more willing to figure out the mechanics of running inclusive events.

Support Your Local Community-Run Conferences

I’ve always been lucky to be parts of communities where community-run conferences happen regularly. I grew up going to conventions for various bits of science fiction and fantasy fandoms. I used my student status in college to get cheap passes to all sorts of conferences (including a ton of writing events). When I started learning more about technology (especially programming), I went to BarCamps and other unconferences, as well as other small community-run conferences of a more traditional nature.

I’m happy to pay money for these sorts of conferences, but it’s also important to support them in other ways. Even small conferences take a ton of work, especially when they’re first starting up. Helping on even basic tasks like setting up chairs in a conference space is good. Open Source Bridge ran smoothly because around 70 volunteers put in their time. Some of those volunteers worked for months to handle every detail of the conference; some put in a few hours of work in exchange for a free ticket. Either way, they made the conference possible.

Especially if you come from a community that doesn’t have a strong tradition of organizing its own conferences, consider what you can do to volunteer. You never know — you might wind up organizing one of those community-run conferences yourself.

Image by Flickr user Reid Beels

A Bug With A Logo?

Heartbleed

We all know that we need to take our online security seriously, but we rarely do anything to improve our own situations. Even when we hear about data breaches, the odds that we’ll go and change passwords are relatively slim. We might get occasional emails and updates from the sites we log into about our security, but we tend not to get worked up for anything less than proof someone has been messing around with our personal bank accounts.

But Heartbleed has been different.

From the first moment I heard about Heartbleed, everyone I know has been taking it fairly seriously. Part of that is due to the nature of this particular security breach: the amount of data that was made accessible by a vulnerability in OpenSSL is enormous. It would be easier to list which major websites weren’t affected than which were. But while the details of the Heartbleed breach are enough to get programmers and website publishers worked up, they’re probably too technical to really intrigue the average person browsing the web. So why do so many people seem to know about Heartbleed?

A Well-Branded Security Breach

Fundamentally, Heartbleed is different from security breaches that have come before. It’s been branded and marketed, something that no one has really tried to do historically. The traditional approach to announcing you’ve found a security exploit was to write out a brief description of the problem and send it around to everyone you expect the problem affected. There wasn’t exactly an incentive to take action.

For the researchers who uncover security breaches, there isn’t necessarily a clear benefit to promote their work in other ways, however: the status quo was enough to get them credit for their work and collect any financial rewards (like rewards offered by companies to researchers who found security breaches in their systems before those problems could be exploited).

Heartbleed’s branding may prove to be a turning point in what we expect from a security breach announcement.

That branding wasn’t a particularly major effort from the organization that launched Heartbleed.com. That company, Codenomicon, didn’t discover the vulnerability, but does help other organizations secure their systems against malicious attacks.

Miia Vuontisjärvi, a security analyst at Codenomicon, told TechCrunch that the site started as an internal Q&A that Codenomicon’s experts wrote in an effort to get a handle on Heartbleed’s potential impact.

“Experiencing the pain of the bug first hand we got a nagging feeling that this calls for a ‘Bugs 2.0′ approach in getting the message out in an emergency. Ossi, one of our experts came up with Heartbleed as an internal codeame and from there on thing lead to the other. The domain was available and our artist Leena Snidate did a an excellent job in putting our pain into the logo. It all went much faster than expected.

“When the vulnerability became public we realized that this is going to be a crisis communication. We said what we had to say in the Q&A with as little litter as possible. We put it available on a low latency and high bandwidth content delivery network so that it is very accessible for anyone in the need. Based on initial reactions we did some minor edits but we quickly saw the Internet community picked the issue up in an astonishing way.”

Crisis Management in Open Source

One of the most noteworthy points about Codenomicon’s efforts is that OpenSSL is an open source project; Codenomicon had the opportunity to step in because the developers behind OpenSSL are all volunteers. When software is developed by a single company as a proprietary product, there are typically more concrete procedures to handle bugs and security breaches — usually developed in order to minimize liability for the company in question. I can’t imagine an established company being able to vet and publish information about a security breach in this fashion.

But while Codenomicon stepped up and helped make information about a particular security exploit easier to understand and share, there have been plenty of problems with open source code in the past where no one took on that sort of leadership role. That’s partly because taking a leadership role in the middle of a crisis is tough; contributing to open source code bases doesn’t automatically enable you to field questions from the press, manage a user notification process, or brand an exploit so that users will upgrade their systems.

The open source community, as a whole, could benefit from establishing some best practices on how to handle this sort of flaw. At a minimum, just creating a check list that researchers can follow to make announcements more useful to the average internet user could be beneficial. While that’s not my area of expertise, there were both good and bad factors in the announcement of Heartbleed that could be used as a starting point for such a response framework:

  • Advance warning: Some large companies got advance warning of Heartbleed, which allowed them to patch their system before the exploit was announced more widely. While I have no problem with offering advance warning to companies likely to be hit hard by these sorts of breaches, there’s definitely room for a more systematic approach to deciding who to contact and how to handle the question of advance warning after the fact (if only so that complaining about not getting advance warning doesn’t become more of a story than the original exploit).
  • Embedded devices: As more devices are are plugged into the internet, security announcements need to at least mention what sort of systems will be affected by a given breach. It isn’t always possible to guess how a given piece of open source software may be used, but such warnings need to be offered to the greatest extent possible.
  • Points of contact: When we’re dealing with a breach in open source, where everyone involved is a volunteer, choosing who will serve as a point of contact is tough. These sorts of situations can require numerous hours to resolve, let alone to handle email. But someone has to do it, even if it’s someone outside the core development team.

Some of these points could be made easier with the application of a little money. With Heartbleed as motivation, several companies are looking at the value of investing some money into the open source infrastructure that drives their business ventures. Google, Facebook, Microsoft, and many other companies are on board to support a new group called The Core Infrastructure Initiative. Hopefully, this initiative will be enough to help major open source projects handle both security and breaches more effectively in the future.

Crying ‘Security Breach’ Too Often?

Heartbleed’s branding may be new, but researchers are starting to embrace the idea. In a post on a new vulnerability, researcher Matthew Green noted:

“First, if Heartbleed taught us one thing, it’s that when it comes to TLS vulnerabilities, branding is key. Henceforth, and with apologies to Bhargavan, Delignat-Lavaud, Pironti, Langley and Ray (who actually discovered the attack), for the rest of this post I will be referring to the vulnerability simply as “3Shake”. I’ve also taken the liberty of commissioning a logo. I hope you like it.”

But we need to consider if embracing this level of branding is a good idea for all security breaches. Embracing this sort of promotion can make it harder to get people to take action in the future: just like a child crying ‘wolf’ may not get attention when it matters, an important security breach can be lost in the mix. Reserving this level of branding for the truly crucial lapses in security is necessary to ensure it still works.

Security expert Bruce Schneier put it bluntly in an interview with the Harvard Business Review: “There’s a risk that we’re going to be accused of “crying wolf.” If there isn’t blood on the streets or planes colliding in midair, people are going to wonder what all the fuss was about — like Y2K. If you slap logos on every vulnerability, people will ignore them and distrust your motives. But it’s like storms. The bad ones get names for a reason.”

It’s also worth noting that Codenomicon helps its clients handle security issues. Making those security issues easier to understand and respond to is a brilliant piece of marketing work (along with a good deed that benefits internet users as a whole). But this sort of marketing effort is easy to exploit by companies that choose to do so. Whipping up a frenzy over relatively minor security breaches might make sense for some companies’ bottom lines. That’s absolutely not the case with Heartbleed and I’m not trying to make Codenomicon’s motives sound suspect, but it is a factor to consider as we see more security vulnerabilities branded for easy consumption.

Photo Credit: Leena Snidate

A Pioneer Nation Follow Up

I spent a few days at Pioneer Nation, a small conference geared towards entrepreneurs here in Portland. I heard a few comments over and over again, to the point that I wanted to bring them to your attention:

It’s so amazing to talk to people who get what I’m going through. My family just doesn’t understand.

Being willing to make the leap into running your own business isn’t easy. Even if no one in your family is ready to jump off that sort of cliff with you, t’s crucial to find a community of support — hopefully with people who you can talk to on a regular basis, rather than once a year. Going it alone isn’t impossible, but if you’re going to do something as demanding as starting a new business, why make the process harder?

I know what I need to do. I’m just having trouble doing it.

I’m pretty sure that this is an ongoing problem for most entrepreneurs; I know it’s something I suffer from on a regular basis. For most of us, the next step is pretty obvious: Maybe we need to launch a product, send a proposal, or set up a marketing campaign but we haven’t. Part of the problem is usually finding the time. It’s a legitimate problem, by the way — there is a hard limit on how many hours you can work in a day. But part of the problem is often that we’re a little afraid to move forward, especially if we feel overwhelmed by the successes we’ve already had. I don’t have a solution for this problem, except to power on through whenever you have a rush to move forward. Just do as much as you can, when you can.

I have to think bigger!

In my line of work, I have to tell a lot of my clients that they need to think a little smaller — that their budgets won’t support the high-minded plans they’ve been making. But at Pioneer Nation, several people told me that they’d realized they need to think bigger. Part of that may have been the audience; it included a lot of people who were shooting for businesses that would first and foremost support their lives. But part of that is also that it’s tempting to focus on what we know we can accomplish with the resources we currently have, and let the big opportunities pass us by. But it’s good to think big and chase goals that seem a little audacious. Otherwise, we can’t tell what we’re capable of.

Pioneer Nation was a great conference, both to present at and attend. I just want to take a moment here to thank Chris Guillebeau and the legions of folks involved in putting Pioneer Nation on. Great job! I look forward to seeing where you take it next year!