Elgg and Known: how deep insight can help you build a better community platform

2 min read

Ten years ago last November, we released the first version of Elgg. An open source social networking platform originally designed for higher education, where it was used by Harvard and Stanford, it spread to organizations like Oxfam, Orange, Hill & Knowlton and the World Bank, as well as national governments in countries like Australia, Canada and the Netherlands.

Not bad for a couple of industry outsiders based in Scotland.

Elgg is still in wide use today. I credit that to a technical emphasis on extensibility and ease of use, as well as our focus on being responsive to the needs of the community - but not too responsive. We never veered from the vision we had of an open social networking infrastructure for organizations.

The web has changed unrecognizably since 2004, and Known takes those changes into account: mobile-first, with an emphasis on streams and shorter bursts of content. You can still run it in an organization, but you can run it as a personal platform, too. Higher education institutions are using it to give self-reflective websites to all their students, and more and more private companies are using it to create social feeds internally, too. Design thinking is core to our process, which helps us stay responsive and build tools that truly solve a deep user need.

Known, Inc goes beyond Known the platform: we're exploring new applications that use design thinking, and our deep community platform knowledge, to solve problems in different verticals.

Most importantly, we offer that experience and toolset to other organizations. If you need platform strategy advice, or even to build a new social website or app for your organization, we can help. We have over a decade of experience in building organizational social platforms, and you can put it to work. To get started, get in touch via our website.

 

The full-stack employer

7 min read

Just over four years since I permanently moved to California, I'm beginning to understand the differences in work style between the US and Europe. America still has a largely time-based view of productivity, even in Silicon Valley. But with tech industries in other nations catching up fast, and remote working becoming a more viable option, you need to compete for talent with companies all over the world. You have to be a full-stack employer.

What is a full-stack employer?

Over the past year in particular, there's been a lot of discussion about "full-stack employees", "full-stack developers" and "full-stack startups". The trend is that employees are expected to have a broader range of skills, and be able to switch between them seamlessly. Employees apply their skills in a more holistic manner, moving away from a dedicated position on an assembly line.

This is arguably related to startup culture, and the growing trend for even larger companies to innovate by creating much smaller, more autonomous internal product teams. It has worked for a number of corporations. But the full-stack expectation places greater demands on employees, which must be met by the employer. Simply put, to innovate, you need support.

I'm shamelessly repurposing the term "full-stack" to mean not just the technology you use to build your products and services, not just the skills you are expected to use in the course of doing business, but also the support mechanisms that humans need in the course of doing their job. A full-stack employer is one that sees their employees as a community of people, and that provides structures, support networks and services for them based on that understanding.

The good news is, treating the people who work for you as human beings has a real effect on productivity, sales and the health of a company.

What it's like to have a full-stack employer

The new reality is that you are expected to use a variety of skills in the course of doing your job. But those skills didn't just come to you, fully-formed. Nobody puts on a headset, Matrix-style, and emerges minutes later knowing kung fu: mastering a new skill requires time, effort and investment. Full-stack employers recognize that providing dedicated training and professional development for their employees creates a measurable return on investment. You're expected to join the company with intelligence, an enthusiasm for learning, and skills that relate to your core role - but the reality is that even those will develop as you continue at your company. Importantly, it's needs-led: as an employee, you can tailor your professional development based on your needs. Training isn't dropped on you from above.

You are not expected to be always-on. Phone calls at 3am, Slack messages late at night, urgent emails that need to be responded to out of hours are not on the table. It comes down to respect: the employer understands that you have your own life, and that your choice to work for a company is a relationship that goes both ways.

The ethics of this are clear, but it turns out that workers are more productive when they are rested and take more breaks. The same is true during working hours. Employees are trusted to do their work, and aren't measured in terms of the amount of time they spend at their desks. In fact, research suggests that they should build some break-time into every hour, and they may be encouraged to do this. Similarly, they may be encouraged to take a full hour for lunch, perhaps with a walk. And they're encouraged to go home after eight hours. It all results in happier, healthier employees, and more productivity.

Employees have some choice over their benefits, but they always have full medical coverage in countries where this isn't a given. Childcare is paid for (because the employer saves money by making it available).

Generous parental leave is provided, for both mothers and fathers, engineered in such a way that both parents take it more or less equally. Studies have shown that equal paternity leave helps to prevent against pay discrimination, and provides happiness (and therefore productivity) boosts across both parents. The company becomes a better place for women to work, allowing it to remain competitive.

Finally, the aspect that may make American managers shake their heads with disbelief. Every employee gets a minimum of six weeks of vacation time a year, and they are strongly incentivized to use it. In order to combat a culture of working all the time, full-stack employers may create a financial bonus for employees that go on holiday, knowing that vacations dramatically increase productivity. Happier workers are more productive.

Why it's great to be a full-stack employer

While it sounds expensive, full-stack employers actually save money. Happier employees are measurably more productive, and arguably more creative, leading to more innovative solutions. These measure also reduce churn, which is important when the cost of employee turnover can be as much as twice their salary.

Providing a better place to work can be a differentiator, which can help companies compete for employees in a cost-effective way. By way of example, I was once offered a position at a very well-known Silicon Valley web company; one whose services people use every day. The salary was great, and it would have looked good on my resumé. At the end of our meeting, the interviewer remarked to me, "you do end up spending a lot of time at work, but it's okay, because your colleagues become like your family." I refused the job, and started noticing when employees posted Instagram photos of their office on Saturdays and after midnight.

Optimizing the workplace for people who have lives outside of work allows for more experienced employees (who are more likely to have families), and people who have outside hobbies and interests. All of these things provide more bang for your salary buck as an employer - as well as creating a far more enjoyable place to work.

What does this mean for employees and managers?

Although some of the benefits sound costly, most of them actually save the company money over time. The biggest adjustment it requires is an attitude shift.

I would argue that the American reliance on time-at-desk as a productivity metric is an ideological, rather than fact-based, approach. German workers, for example, are at least as productive as their US counterparts, while enjoying six week vacations, more regular working hours, and so on.

Therefore, the biggest required change is for managers to respect the time of the people on their teams, and to create conditions where employees don't feel guilty for stepping away from their desks, putting their phones down, and spending regular, quality time away from work. In fact, they should feel empowered to do so, because they will be better workers as a result. The same goes for asking for professional development resources, and expecting fair compensation in both monetary and benefit terms.

It's a seismic shift for a country so deeply involved in the Protestant work ethic.

What of the future of work?

Ubiquitous mobile Internet was supposed to give us more freedom and allow us to live more fulfilling lives. It has not necessarily lived up to this potential.

Just because an employer can contact an employee at midnight on a Thursday night, does not mean that we should do so. We have gained all kinds of new, amazing tools to help us be productive and create more innovative companies. Now it's time to learn to do so responsibly.

After the industrial revolution, Henry Ford and others learned that five-day weeks and eight-hour days allow us to be more productive. After the information revolution, it seems we now have to relearn these lessons.

 

Convoy is a new kind of progressive enhancement for self-hosted web applications.

2 min read

We just released Convoy, an add-on service for Known that lets you use our servers to more easily share content with social media.

Previously, self-hosted site owners needed to create individual developer accounts on Twitter, Facebook, LinkedIn, etc, and manage API integrations with each one. It was a pain, and lots of people told us that they'd prefer to avoid it.

You still can mess around with API integrations if you really want to. But Convoy gives you another option: connect your site, and then log into each service as easily as you would with any centralized cloud application. You still own all your data on your own server, but we handle the fiddly technical bits.

Service integrations aren't the only things that add value to a self-hosted site. Typically, shared hosts aren't good at search: there's no great dynamic search engine in the LAMP stack, and we get lots of complaints about MySQL's build-in full-text search. So we're looking at how we can add this to Convoy, too. The same goes for notifications and a host of other services that can help your self-hosted site use all the great new web technologies that the centralized services do.

I think of this as progressive enhancement: your site will still work without them, and you still store all your data. These services serve to add to the user experience without taking away any of your agency.

We're not removing functionality from the open source codebase: you can self-host everything if you have the technical ability. But if you'd prefer not to, Convoy is here for you.

And of course, it needn't be limited to Known at all ...

You can learn more about self-hosted Known on our open source site, or get started with our free hosted service.

 

Forget the mass market: the untribe is the new normal.

9 min read

There was one conversation I used to hate more than any other. I used to brace myself for it; grit my teeth in anticipation.

Here's how it would happen.

"Where are you from?" someone would ask, detecting that my accent wasn't quite British; something else was lurking just underneath.

"That's a long story," I would start to say, hoping to leave it at that and turn to some other, more interesting topic. But once someone has the scent that you're not a part of the tribe, that perhaps you don't belong, they never let it go. So I would explain. "My mother's Ukrainian / American, my dad's Dutch / Swiss / Indonesian, I grew up here, and -"

"Oh," they would say, stopping me. "You could become a British citizen, you know."

Then I would have to nod and smile, and perhaps bumble something along the lines of, "oh, well, yes, I suppose I could, now that you mention it, that's a rather good idea ..." Hugh Grant style, a polite stream of bashfulness that stood in for the lies, "nobody has ever suggested this before" and "clearly that's exactly what I need to do".

The implication was: "you could do this one thing and then you would belong!" It was as if being a part of the tribe would elevate me, somehow. The implication was that having the right sort of passport would make me the right sort of person, and I despised it.

There was exactly one time, every five years or so, when I ever wished I had been a British citizen. Although I could vote in local elections, I wasn't able to take part in the general elections that would help pick who would run the country. I couldn't help select a Prime Minister, but I cared deeply. I would pay close attention to the campaign pledges, flinch into my real ale when a politician mentioned immigration reform, and, once the polls were closed and results were announced, suck it up until next time.

Perhaps I could have become British, but that would have required - literally, in this case - giving up a part of who I was.

I grew up in Oxford, a few miles east of the university's picturesque dreaming spires, in a pebbledash duplex between a pub and a gas station. My high school's catchment area covered both my side of town - arguably the bad side, with its tiny houses and tower blocks - and the fancy North Oxford Victorians where the professors raised their children. High school is notorious for nurturing cliques, and England is notorious for class awareness. One friend's professor parent was very open about looking down on me because I came from the wrong side of town, and in a perverse way I'm thankful to him for his honesty; I'm not sure how many others did so behind my back. Meanwhile, many of the kinds from my end of town openly despised me for being visibly interested in learning. My parents are both highly academic, and I was overtly a computer geek who loved writing.  As is the high school way, everyone picked on everyone else for the ways in which they didn't fit their ideal archetype.

By the end of high school, I was a nervous wreck, but I had also found the people I identified most strongly with: the people who were not easily described. I guess you could call us the people who weren't part of the other cliques. In some ways, that was a tribe, too, and we found strength in our friendships. These are people I love dearly and I still talk to some of them every day.

But I had also discovered the Internet, which felt like a magical, invisible layer on top of the world. Hidden in invisible corners there, where no-one else could find us, on newsgroups and IRC, not limited by geography, space or time, we reached out to each other. I believe we were the first generation of teenagers to make friends in this way. I think we were also probably the last to be allowed to travel and meet each other without supervision. We traveled across Britain to show up at "meets", where we acted like British teenagers do, loitering outside pubs, hanging out in parks, and cementing friendships that could not have been created any other way.

Our untribe grew with the Internet. It turns out that everybody is a niche. Everyone has their own complicated mix of interests, background, skills and personality, which is unique to us like a fingerprint. The fact that I have an individual background is not, in itself, unique to me. We all do. With the accessibility of international travel, as well as the ubiquity of international communication, more and more people have backgrounds and contexts that cross traditional borders.

Chris Anderson called this endless parade of uniqueness "the long tail". I don't know if it's a tail: over time, mainstream demographics have revealed themselves to be a ruse, a kind of statistical slight of hand that allows us to dehumanize collections of people, remove the characteristics that make them real, and average them out into buckets so they can be marketed to efficiently. Desires and demographic groups have been manufactured in order to sell; their glue is a kind of peer pressure, the desire to belong bringing with it manufactured social norms. But it's not a tail. In reality, there is no mass market. We are all part of an untribe.

As the Internet has matured, marketers are discovering new ways to sell and to target their messages. Commerce has adapted to the untribe. But a further cultural shift is still to come.

"I don't think you want to belong," someone once said to me, in reference to my outside-ness with respect to nationality. I think it was meant as a criticism, but it was completely true. I had always felt that by bending myself into the social norms of a particular group, I would lose - at least to an extent - the part of myself that didn't fit into those norms, unless it was nurtured in some other way. Most importantly, in a world where we can all make connections based on our individuality, why should an artificial group membership based on where we are born matter at all? To make the point bluntly, if we get along, why should I give a shit where you're from?

Nationality is an artificial demographic. There are more differences within nationalities than between them. Because of the Internet, the friendships we make, the business we negotiate, the media we consume and even the people we fall in love with are not bound by these borders. In this context, being proud of being from a particular place is ridiculous. One might as well be proud of rolling a double 6 in a game of Backgammon, and there are uncomfortable implications. By being born in the United States, say, are you inherently a better person than someone who was born in India? Would you give preference to someone from your home country over someone who wasn't? This is no longer a hypothetical question.

Nationalities no longer make sense as a tribe. In contrast, the Internet has allowed people to define themselves by their passionate interest groups. Consider fandoms, which always existed but previously had been relegated to photocopied fanzines and minor conventions. Those conventions are booming; fanzines are now major publications. Rather than define ourselves by things entirely out of our control, we can use the things we really care about; the tribes we have chosen for ourselves. Nobody will reject you from a convention. There is no entrance requirement.

Really what we're defining ourselves by are our values, of which our interests are a subset. It could be argued that this is one reason why politics have become more divided on the web: increasingly, we are either liberal or conservative. But I think this is an artifact of our moment in time, between the Internet's demographic fracturing and a necessary split from a two-party system. Representative democracy is a good idea, but our parties no longer represent us. If we are all part of an untribe, we need a more granular way of thinking about our values. Our governments are likely to fracture, too, to coalitions of smaller representative groups, but the result will be political structures that more closely resembles who we are as populations. I have to wonder if the same could be true of religions.

In a world where I can have a conversation with someone in Iran as easily as someone in Palo Alto, clinging to traditional borders is an anachronism. Traditional flag-waving patriotism feels like a relic from the past, because it is. We don't need to let go of these traditions and backgrounds entirely - history is a crucial part of who we are, and there's nothing wrong with advocating for a place you love - but we do need to accept our new reality. I am not arguing that ethnicities or sexualities are not a part of who we are, or that they should not be acknowledged, but I do think the aspects of ourselves that we choose are more important than the ones we do not. There is no need to pledge allegiance to a demographic, or discriminate against people who are not of ours. We are all people, connected to each other by our interests, our skills and our personalities.

There is so much to be gained by embracing this, and so little value - as always - in clinging meaninglessly to the past, and robbing people of their individuality. We are all different. The world is so much richer when we think of it in those terms.

 

Introducing the Indie Dash Button! #indieweb #vrm

4 min read

I wish I knew how to quit youWe've all been there: you're standing by the washing machine, about to start a load, and you realize you're out of laundry detergent. Or you're getting ready for bed and you realize you've forgotten to buy more mouthwash. Less often, you find yourself wondering how to fly to a particular destination cheaply, or needing a good deal on a new car.

You don't want to deal with a single vendor for each of these things, but you also don't want to spend ages doing price comparisons. What would be great is if you had a personal shopper that would find the best version of these things and automatically get them for you.

For regular, low ticket value essentials - laundry soap, mouthwash, diapers - wouldn't it be nice if you could get these products in a vendor-agnostic way by pushing a single button?

Here's how it works.

What you'll need

A website running on your own domain, with the ability to accept webmentions. Hey, Known does this! So do a variety of other projects!

The request

First, you need to publish a request on your own site. To you, it's a simple statement: something like, "I need some more laundry soap". (The button could make this statement for you.)

On the back-end, the statement is marked up using microformats, and a note is made to a PubSubHubbub hub that there's new content.

A product request aggregator is subscribed to your request, and is notified immediately via PubSubHubbbub. Your request is pushed to an aggregated feed of requests from all over the web. Vendors can subscribe to the requests, or filter them by location, or other profile characteristics that you have published on your own website. Again, these profile fields are just published as HTML, using microformats; there's nothing fancy or proprietary here.

Over time, as vendors build relationships with individual consumers, they can subscribe to their feed of requests directly. There's no requirement for a middle-man.

Making an offer

Vendors can then respond with an offer.

Offers are written as HTML statements too: product details, the quantity, and the price. For example, a statement could include a box of Tide at a particular price.

This statement is published as a reply to your original request using webmentions. In other words, your request to buy something - an item on your personal URL - is answered by a corresponding offer, which is an item on the vendor's personal URL.

Accepting an offer

You can peruse all the offers that have been made on your request. But you could also tell the platform that runs your URL to automatically accept offers within a certain range (for example, if you're offered Tide at a reasonable price, or airfare from SFO to LHR under $800).

To accept an offer, another statement is made, again written as HTML marked up with microformats. This just says something to the effect of, "yes please". Using webmentions, it is attached as a response both to the vendor's offer, and to your original request. That means that any vendor can see that you have accepted an offer, and the vendor can see that their offer has been accepted.

All of this happens behind the scenes, and although the formats involved are very simple, the user gets to use their phone, their browser, or another familiar interface. Again, it could all be done with a simple button.

And then the connection is made. If you have no prior arrangement with the vendor, they get in touch with you (via contact methods published on your URL) to arrange payment and delivery. Otherwise, if the arrangement is already set up, you're good to go.

Finally, another webmention is sent when the product has been shipped - or if the order had to be canceled or changed for any reason.

Why does this make the world better?

This model for commerce - commonly referred to as Vendor Relationship Management, or VRM - turns traditional advertising on its head, and removes the need for complicated targeting technology. Customers readily identify themselves, creating more valuable sales channels where guesswork is all but eliminated.

Additionally, the use of indieweb technologies like webmention and microformats here removes the need for complex or proprietary identity technology. The customer can use the platform of their choice, without the risk of a single vendor locking stakeholders into a single service and impeding commerce and innovation over time.

The customer says they need to buy something; vendors respond with their best offer; money is made, products are sold, and everyone walks away happy, with almost no friction.

 

Marc Benioff is doing the right thing. Every founder should take note.

2 min read

Marc Benioff, the CEO at Salesforce, is cancelling all programs in Indiana:

Salesforce CEO Marc Benioff says he doesn’t want his employees subjected to discrimination as part of their work for the San Francisco-based company, and he is cancelling all required travel to the state of Indiana following the signing of a religious freedom law that some say allows business to exclude gay customers.

As CNN reports, the bill is extremely regressive:

On his website, Miller highlighted examples of the law's effect: Christian bakers, florists and photographers won't have to participate in "homosexual marriage," he wrote, while Christian businesses won't be punished for "refusing to allow a man to use the women's restroom."

It's a law for bigots and shouldn't be protected by any claims of freedom of religion (just as racism isn't).

There's always pressure as a company founder to not reveal your political values, but I believe this case is clear, and taking a stand against it is the right thing to do. The technology industry is often too apolitical in cases where it could make a difference. I'm glad that Benioff is taking a stand and bringing Salesforce with him; I hope the industry follows suit. More than that, I hope more founders feel that it is safe for them to publicly declare their values, and follow them up with action.

 

Facebook wants to own our news and communications. Here's why it has to fail.

2 min read

TV News

Earlier this week, it emerged that Facebook was in talks to host the content from publications like the New York Times, Buzzfeed and National Geographic. Today, it "opened up" their Messenger app into a platform that can be incorporated into a host of other apps and services, as well as a raft of other new features around identity and communications.

As a society, we tend to raise a skeptical eyebrow at nations with state-controlled media. But a world where one major entity controls the distribution of news, not just nationally but internationally, is arguably more harmful. I don't believe that Facebook as a company has nefarious intent here, but the precedent is worrying. News and information are important to democracy; informed voters are better voters. The implications of a single algorithm controlling how a population gets its news goes far beyond a web company trying to increase its market share.

Even if you don't buy that argument, Facebook's history with censorship should give any news outlet pause for thought. And that's the real danger: if someone other than you is hosting your content, can you trust them to treat it responsibly?

Brands looking to incorporate Facebook Messenger should have similar worries. It's a seamless-looking platform, but what if Facebook changes the rules, or changes its features, somewhere down the line? What if they choose to monetize the conversations you have with your customers?

Brands and news outlets need more audience. In that light, it makes sense to put your money behind the largest social networking platform on the planet, at least on the face of it. But the web remains the largest content network that is, with no single gatekeeper controlling how you use it. For identity, nothing beats a well-made website. For chat, services like XMPP carry zero business risk, and are easier to integrate than you'd think.

For startups, the opportunity is to provide open solutions that let media companies have all the sharing and integration benefits of the Facebook News Feed, Facebook Profiles and Facebook Messenger, without any of the concerns, and without any of the business uncertainty.

The web stopped being a game some time ago. It's not about whether this web toy or that web toy will win; it's about how we learn about the world, how we talk to each other, and how we represent ourselves to each other.

 

Some thoughts on building a high-growth startup with an open source product

10 min read

Known is my second open source startup. I've spent over a decade working with free and open source software, and have been producing it in a startup context for most of that time. I've had a lot of time to think about the realities of doing this.

I believe that free and open source software is important for both social and technical reasons. In this post, I'd like to explore the implications for running an end-user open source software project from a startup business perspective.

What is free and open source software?

First, let's back up a second and talk about "free software". This was defined by Richard Stallman as giving you the following four freedoms:

  • The freedom to run the program as you wish, for any purpose (freedom 0).
  • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
  • The freedom to redistribute copies so you can help your neighbor (freedom 2).
  • The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

Note that "free" refers to "freedom", and doesn't necessarily mean "free of cost". However, this is not immediately obvious to newcomers. "Open source", in contrast, is purely a development methodology rather than a social movement. Because of that, and because the wording is unambiguous, I prefer to use this term. There's a lot of disagreement on this, and my preference shouldn't be construed as me prescribing this for other people.

Why is free and open source software desirable?

Free and open source infrastructure software - things like Linux, the Apache Web Server, OpenSSL and so on - have allowed for highly functional server stacks that aren't limited to a single vendor. Here's a slightly unfair way of looking at it: while Windows Server and similar products are Lunchables, where the whole stack is made by the same group of people, Linux is a picnic, with lots of individual ingredients provided by different organizations that add up to a richer whole. Each ingredient does one thing really well; the jam is really good jam, the cheese is awesome cheese. And because everyone gets the list of ingredients for each item in the picnic, you know that the jam and the cheese don't contain any nasty surprises. With the Lunchables, not so much.

Maybe my analogy needs work. But while free and open source software is particularly suitable for infrastructure software, it has broad implications for end-user software, too.

By end-user software, I mean products that non-technical people will use directly. WordPress is probably the best example: 23% of the web is made up of WordPress sites. Elgg, the social networking platform I founded, is another. Ghost is another, more recent example. And finally, Piwik, the self-hosted web analytics library, is one more.

What if I told you that only one of those projects was a traditional tech startup? And it's probably not the one you're thinking of.

The structure of open source startups

A common misconception is that Automattic, the company founded by WordPress cofounder Matt Mullenweg, is also the company behind WordPress. It's not. WordPress is a non-profit foundation, while Automattic provides the hosted WordPress.com service, as well as anti-spam tools, analytics and other centralized functionality.

Ghost, which was founded by an ex-Automattic employee, is also a not-for-profit organization. John O'Nolan explained his rationale for this in a blog post, where he clearly backs the social movement side of free and open source software:

The point of Open Source is to promote furthering technology for the entire world by not locking down software with patents and charging millions for them. The point of Open Source is that shared technology is better than closed technology because it has so many more people working on it. The point of Open Source is that the software you create benefits not just yourself, but many others - and in return you receive the same.

[...] I wanted to make it completely clear that Ghost is about making great software. I own 0% of the company. Hannah owns 0% of the company. According to our legal documents of incorporation, neither of us can pay ourselves enormous tax-free dividends. Just normal, taxable salaries.

Elgg, the open source social networking platform I cofounded, is also now a non-profit foundation.

Piwik, meanwhile, is a startup, albeit one that was founded significantly later than the project. They're a distributed company, with headquarters in New Zealand and Poland.

Why end-user projects are different to infrastructure projects

Over 80% of Linux kernel patches are written by corporations that use Linux, either as part of the infrastructure that serves their products (e.g. at companies like IBM), or as part of Linux-based end-user projects like embedded devices and Android phones.

By definition, end-user projects are the product, rather than a building block that becomes part of the product. There are far fewer levels of stakeholders downstream from the project to contribute to it, both monetarily and in terms of code patches.

This, however, is not to say that there are far fewer stakeholders overall. For example, there are plenty of people who use WordPress - it powers 23% of the web, remember? There are hosting service providers, web shops, and consumer users who depend on the software. This may represent a less technically-savvy base of people, but it may also be greater in terms of raw numbers.

Creating a self-sustaining project clearly demands a different strategy - particularly if the open source project is going to serve as the core of a startup.

What startups need

Startups need to be more than self-sustaining: their engine is scalable revenue.

In other words, revenue for a startup needs to have several properties:

  • It needs to be recurring
  • It needs to be able to grow non-linearly with the team (in other words, revenue isn't tightly bound to team size)
  • It needs to be subject to experimentation (the startup needs to have freedom to run experiments around pricing, features, angle, and virtually every aspect of their business)

Where is the intersection between this and the four freedoms we discussed at the beginning? That's where an open source startup needs to operate.

Services

One of the first things you learn as a startup founder is that professional services should be avoided, because they're not recurring, and they're not scalable. By professional services in this context I mean customizations, consultancy contracts and so on. They're clearly tightly bound to the size of your team. It can be interesting to offer these services in the beginning in order to learn more about your market, but you need to be careful, because it will stunt your ability to grow quickly.

This isn't to say that it will completely stunt your ability to grow. After all, professional services are the classic open source business model: offer consultancy and support. It's essentially what Red Hat has made its billions on (at the time of writing its market capitalization is $12.77B). But it flies in the face of the startup model where you build something that will rapidly expand.

So let's look at Automattic, which was valued at $1.16B after a round of funding last year. How have they grown?

While Automattic isn't directly responsible for the WordPress open source project, it is directly responsible for the WordPress.com hosted version. The bulk of its revenue comes from premium subscriptions. It does also provide a professional services "VIP" offering for high-value customers. To augment its income, it created an advertising network, and the company was actually founded to provide anti-spam services.

It's a smart mix: a lot of people don't have the expertise or resources to maintain code on their own servers (by way of example, around 10% of Known sites are self-hosted, while the other 90% are on our service). But even if they do, they can certainly use the Akismet anti-spam service, and because Automattic employs many members of the core WordPress team, high-value customers like the New York Times can use their expertise to get the best possible performance out of the platform. Perhaps most importantly, running a service allows platform developers to more quickly learn from its users.

By providing services to self-hosters, Automattic avoids a common pitfall with open source startups, where the most engaged users - the people who really, really care about running the project, and the principles behind it - are the ones who bypass the company entirely. The freedom of the WordPress open source project is not compromised, and all of the services are additive to the overall WordPress ecosystem. Anything that helps WordPress helps the company, and vice versa.

While Ghost is a non-profit, it provides similar services to WordPress.com. Similarly, Piwik Pro is a hosting service for Piwik. And, of course, WithKnown.com is a hosted platform for our open source Known software. (You should try it!)

Free as in free

While the principles of freedom that underly free and open source software are strong and important, it's also fair to say that many people choose it because it's cheaper. Freedom from lock-in also implies a freedom from recurring license costs. WordPress is arguably so popular today because its competitor, Moveable Type, decided to impose a licensing charge a decade ago, prompting a mass exodus.

It's hard to charge for end-user software, whether it's open source or not. Non-free platforms tend to get away with this by running advertising - and in fact, even WordPress.com runs ads on free sites for non-logged-in site visitors. A lot of open source campaigners are also pro-privacy, and don't believe in the invasive tracking that modern targeted advertising typically uses. Yet, at the same time, they often won't pay to use a platform, which obviously leaves the startup in an interesting bind.

Of course, if a platform is free and open source, you have a choice of where to run it. WordPress.com isn't the only place where you can get a hosted WordPress blog, so if you don't like their advertising policies, you don't have to use them. It could be argued that choice gives Automattic an ethical get-out clause: if you don't want advertising, go ahead and host your blog elsewhere or pay a subscription fee. When we ran a customer survey a few weeks ago, a fair proportion wanted us to run ads on the platform. So far, we have chosen not to do this.

Free software is a social movement, which is sometimes seen as being in line with anti-capitalist movements. If you have chosen to run a startup, you are probably a capitalist: you've chosen the route of revenue growth and creating business value. I believe that this is compatible with having strong social values (which I believe I do), but many people disagree. Ultimately, as a founder, you have to accept that you won't be able please everybody, and you have to be able to pay the people who work for you. Luckily, with open source software, everyone who runs the platform has a choice about who to run it with.

There is power in a movement

I do think that making your software open source gives your users more control and power, while allowing you to build a high value, scaleable business. It also more easily allows you to create an ecosystem around your software, allowing other people and companies to make money out of it too (potentially leading to even stronger growth). The trick is being aware of what open source entails, and what the implications are for your business, but you can absolutely build a high-growth, ethical business. We're on our way.

 

Venture capital isn't evil.

3 min read

I enjoyed this episode of This Week in Startups with USV's Fred Wilson. It's a fairly candid conversation from this year's Launch Festival, and Fred comes across as having both integrity and a very practical approach to investing in startups.

The story that jumps out at me is that of Tumblr's acquisition by Yahoo!. There are two important details: the first is that Tumblr's initial investment round was less than a million dollars. The second is Fred's disclosure that the acquisition happened at a time when Tumblr had spent a lot of money on growth, and would have to either raise a huge round to make up the shortfall, significantly diluting the existing shareholders in the process, or raise unrealistic amounts of revenue. So selling to Yahoo! for $1.1 billion made sense for them.

There has been a great deal of backlash against venture capital in data ownership circles over the last year. Certainly, VC money gravitates towards a certain kind of company strategy, where designing for extremely rapid growth is a hallmark, and a profitable exit - either to IPO or acquisition - is desired. Rapid, sustainable growth is very difficult to achieve without a budget. It also overwhelmingly leads to strategies like revenue through advertising, where user growth isn't hampered by having to pay to use a service. Advertising is often criticized for requiring people to give up some personal privacy so that advertisements can be more targeted, and therefore more valuable to the service.

I think it's worth considering that services like Tumblr, Twitter and Facebook have also connected us and become a part of the cultural landscape in ways that wouldn't have been possible if people had needed to pay for them. Assuming that everyone should pay for a service is not realistic if you want to build a global community. Again, a resource-strapped startup is also more likely to see slower growth than one with millions of dollars in the bank: their box of tricks is necessarily more limited.

If you're opposed to this kind of financing, it's worth asking: would you pay for Tumblr, or Twitter, or Facebook? If not, why not? How many services do you actually pay for?

Venture capital isn't the only way. Notably, O'Reilly Alpha Tech Ventures created Indie.vc in order to explore a more revenue-centric funding model (and I hope more will follow). But I do think VC is a legitimate funding tactic for a particular kind of highly-available, free-to-use mass-market tool, and it seems to me that whether it has a detrimental effect on a startup's service has more to do with the individuals at the startup, and the personalities of the VC investors they choose, than the model as a whole.

 

Why the secure web isn't ready for primetime (but we need to use it anyway)

6 min read

Keys.

In today's climate, it's important that we secure communications with our servers. For example, if you're on open wifi (at a coffee shop, for example, or at a conference), it's trivial to steal the unsecured logins of the people around you. Using secured connections also helps protect against people monitoring your communications further up the chain, at an infrastructure level. In the era of the Snowden revelations, protecting your privacy is an obviously good idea - but there is also an immediate practical value in preventing people from stealing your passwords and credit card details, too. Security is so important that Google recently said that they would rank secure sites higher in their index.

But it's so hard to implement that today, most peoples' websites are nowhere near secure - and it's the technology's fault.

First, let's talk about secure websites work.

Here's a summary version.

When you visit a secure website, your browser and the site's web server discuss which secure encryption protocols and algorithms they both support. The server also sends your browser a security certificate, which contains the website address, as well as details about a central certificate signing authority that can verify that the certificate is authentic. The certificate is cryptographically signed by the digital signing authority. Every browser comes with the cryptographic keys of all the major certificate signing authorities, which it uses to verify the certificate's authenticity. Only once the secure protocols have been chosen and the certificate is verified as being both authentic and for this website does the page load.

Even the summary is kind of technical, so if your eyes glazed over, just take away these two things:

  1. Secure websites are only accessible if they have been certified by one of a handful of central organizations, and the certificates contain the address of the website they pertain to.
  2. There are lots of different algorithms that can be used to secure the traffic between your web browser and the website, and some of them are more secure than others.

So how do I secure my website?

Let's back up a little bit. Here's how a lot of people create their websites:

  1. Sign up with WordPress.com or Squarespace (or Known Pro, of course!)
  2. Pay for a custom domain name

If they've chosen to self-host, here's how most individuals create their websites:

  1. Sign up for a shared host like Dreamhost or Fasthosts
  2. Click on their server control panel to install WordPress or Known

I mean, it could be easier, but it's short of being an ordeal, right?

Meanwhile, here's what you have to do if you want to install a secure certificate to make sure your self-hosted website uses encrypted connections:

  1. Log into your server using an SSH terminal
  2. On the command line, create a certificate signing request by following the command-line instructions for your particular web server
  3. Specify a cryptographic key of appropriate length (don't know what that is? too bad)
  4. Enter your address details on the command line
  5. Open the certificate signing request file
  6. Copy and paste the contents
  7. Go to a certificate authority website
  8. Click to buy a certificate for your domain
  9. Paste your certificate signing request
  10. Download the certificate and what are called the certificate chain files, which describe to the browser how to validate the certificate
  11. Install them on your server, probably using command line tools
  12. Make sure your server is set to use strong encryption algorithms in its configuration files
  13. Check your website's security score to see how well you did

To be fair, some hosts, like DreamHost, take care of many of these steps for you. But it's still not easy.

And as far as using SSL on custom domains on managed services like WordPress.com and SquareSpace? Here's the truth: you can't.

Why SSL is hard for custom domains on managed services

Remember when I said that the certificates were issued for a domain? Multi-domain certificates can also be bought, but in all cases, the domains have to be specified at the point when you buy the certificate. If you already know you have 50 domains that you want to secure, then that's great - but if you're providing a service where you know you want to secure domains you will host in the future, you're stuck. You would need to request and buy a new certificate for every new domain, or do it in batches.

Because each certificate needs to be separately requested and installed, this is a hard process to automate. To make matters worse, most virtualized server environments - for example, Amazon Elastic Beanstalk - only support one SSL certificate per instance. That means you've literally got to set up a new clone of an application environment every time you want to support a new SSL domain.

That's unsustainable, and because most services like WordPress.com and SquareSpace use these kinds of virtualized environments so they can add and remove servers to cope with changing demand, they have trouble supporting secure websites for their custom domain users.

We need security, so it needs to be easier to deploy

Security is vital. A clue that it isn't easy enough are those website security scores: a letter grade for your website that describes how secure it is. I've seen engineers ooh and aah at sites that managed an A+ grade.

If we want everyone to use this kind of security, it needs to be totally brainless. Trusted encryption needs to be there by default in every web server and adding new domains programmatically needs to be simple.

The certificates are also difficult because they are trusted by central authorities - which themselves need to be trusted. Not only is the secure web cumbersome to maintain, it's actually potentially insecure. We have certificates to prevent against man in the middle attacks, but maybe there's an alternative? Could the blockchain help, for example?

There's no dispute that you should secure your site, and you should strive to use secure sites. But it's difficult. You'll note that at the time of writing, I haven't secured my own site yet (although the Known service does use secure connections). I don't think the existing technology is cutting it, and to protect all of our security, we need to find something new.

 

Homogeneity is for wimps. Let's all be ourselves.

5 min read

"The thing about alternative people," a coworker once said to me, many jobs ago, "is that they act like the mainstream isn't good enough for them. It's like they're saying they're better than us." He was talking about a receptionist at our office, who was kind of off-kilter, but not at all unprofessional. He didn't like her.

I think about this conversation a lot.

I like "alternative people". With all due respect to everyone else, they're my favorites. For me, the people who are off at an angle to the rest of the world are the most interesting. People who think differently and see things differently are more likely to arrive at solutions and ideas that everyone else can't. They're opinionated. They make more interesting art. They're better engineers. They find new ways to live. They don't give a shit about fashion or traditional success, or whether challenging the status quo is offensive. They are, by definition, more creative, because they're not following the herd.

I look up to them. For one thing, I do kind of think that mainstream culture isn't good enough. It shouldn't be good enough for any of us. Traditional ideas around things like gender roles and sexuality have a potent power to oppress; correspondingly, choosing not to adhere to them, or to give them respect solely for being incumbent, is a kind of empowerment.

As Winnie Lim wrote in a wonderful piece recently:

It takes courage to be ourselves, it takes a lot of hard work and self-awareness. But we are continually building a world that other people live in, that means at every step of the road, we need to continually ask ourselves, what kind of world do we want our kids to live in? Do we want a world where they have to disown their beautiful personalities just to fit in our idea of what it takes to succeed? That it is celebrated that we spend our formative years disowning who we are?

The thing that bugged me most of all about my colleague's comment is that we are all "alternative people". at least to some extent, with individual desires, histories, interests, skills and contexts, which bind together to help us become who we are. Our lives are unique tapestries woven from those threads. For everything we have in common as humans, there is so much variation between us, too, and I don't think there should ever be pressure to present as "normal". None of us are normal; we all reveal our true selves to different degrees. That's awesome.

People are amazing. The only reason to try and homogenize them is so you can dehumanize them: make neat little demographic groups that allow you to sell to them, or count them, or process them, or some combination of all three. It's an abstracted model of the world for marketing purposes, and it shouldn't be how we interact with each other in real life.

Facebook is, in many ways, like my old coworker. By insisting on legal names, they are saying that we all should present ourselves using one set of rules, regarless of our desires and contexts. What's good enough for upper middle class white kids from Palo Alto, the thinking goes, should be good enough for everyone else. The same goes for the kinds of content you can post, or how you want your profile to look.

But look: if you want the page that represents you to the world to spin around and have pink sparkles with a Carly Rae Jepson song that autoplays on load, why shouldn't you have that? It's your profile. Here's a hint: your social profile design is optimized for advertising and site engagement, not your own self-representation. Here's a follow-on question: why can't you post breastfeeding photos on Facebook? Could it be that advertisers object?

The world is much richer than the things that sell ads, but this isn't just a post about why an independent web is a good idea (although it is).

I'm lucky to have friends who very much are themselves, and who believe in diversity and not just tolerance, but proactive kindness. I'm lucky that I was raised by people who shun traditional norms and have spent their lives thinking about better, fairer ways to live. Collectively, they're my role models and my inspirations. And more than anything, I hate the idea that it might be acceptable to judge someone who - like so many of the people that I love - has chosen to present themselves as different to you.

Being different is, in my world, something to be celebrated. Cherished, even. It's what makes us human. Correspondingly, to force someone to deny their identity is to deny them a piece of their humanity. As entrepreneurs, as citizens, engineers, designers, businesspeople, whatever we are - let's maybe try not to do that.

 

Why I'm excited about Known Pro (and what's next for us)

2 min read

We launched Known Pro today. It's the best way to reach your audience, wherever they are on the web, from a single platform. It's also the culmination of a lot of work over the last few months.

We made an important decision, back in November: we were going to test whether a premium version of our service was viable. Traditionally, one of the ways this is done is through crowdfunding, but we decided we would put another twist on it. We would run a pre-sale, and we'd only collect money once the product was ready to roll out.

Earlier this year, we rolled Known Pro out to our pre-sale customers. They've helped us learn, given us great feedback, and enabled the product to be fully released. This morning, we pushed the button.

You can publish to an unlimited number of social profiles and pages from a single platform. You can use your own JavaScript and CSS to customize your site. You can publish from any device. And most importantly of all, you can export your data, self-host the entire platform on your own server, and be - in the Internet sense - the master of your own domain. In particular, I'm not aware of another web service that will give you a full database export of your content in a way that you can use directly on your own server.

So what's next?

There are more people signing up to the free Known service, and creating their own self-hosted sites, than ever before. For an open source project that emerged from the indieweb community not long ago, it's exciting to be in a place with recurring revenue, excitement, and an awesome community of its own. We're strong participants in the indieweb community, but we're also exploring other places where people need to own their own data: in particular, groups who need a truly private place to share resources. More on that soon.

We'll be working on a new design for the Known platform. We'll also be looking at other ways that individuals need to interact with content that they publish elsewhere on the web. And mostly, we'll be working on our mission to make Known the best place to communicate from your own space on the Internet.

Check out Known Pro. Let us know what you think. And stick with us: we're really just getting started.

 

Some unpopular opinions about the Bay Area tech industry

2 min read

Large tech companies like Google and Facebook should be aware of the effect they're having on their cities and neighboring communities and invest in social infrastructure to protect against poverty and create healthier cities.

A single-payer healthcare system would not only be more efficient, but would support startups and other small entrepreneurs.

Equalizing maternity and paternity leave, and making both substantial, would also help equalize working environments.

That there is an enormous homeless problem in San Francisco isn't a good reason to not live there. It is a great reason to try and solve the causes of the problem, so we can all have better lives in our communities.

If you're going to promote standardized, computerized testing in public schools, maybe also think about promoting increased resources to support teachers, who are stretched to breaking point, and modernize facilities.

Smart freeways are a good idea, but smarter, integrated public transport is a better one.

Startups are great, but not everything should be a startup. Some things should be services that government provides, and we should pressure them to do so. Privatizing public services is not a positive thing.

Libraries will never stop being important, and they deserve our tax dollars.

The State of California should work with private industry to make museum entry free, every day (although it would be better if this was fully publicly funded).

We should understand that we are all connected, and enriching our communities enriches us, too.

 

I have the best job in the world.

3 min read

I'm incredibly proud of what we've accomplished at Known so far.

We're one of the few social web apps where you can use our cloud service or host it yourself - or move at any time, in either direction.

We have an active and growing open source community.

More and more university educators are using Known as part of their teaching, and we're seeing more people pick it up for use inside companies, too. It turns out there are lot of organizations that need to own their own data, but want to have the kind of user experience you find on the consumer web.

I use it for my personal website, as a private site for my extended family to share news and photos, and as an official company space.

I post content on my own site, and syndicate to Twitter, Facebook, LinkedIn, Foursquare, Flickr, SoundCloud and Slack. Via brid.gy, all my interactions across all my social profiles are stored on my own site. But more and more, even without those things, it's become an important space for me in its own right. I can search for everything I've ever written on the web; I can talk to my family in a private space that belongs to us; I can promote my company across the web with a push of a button.

I use it dozens of times a day, and lots of other people do, too. That's really neat. I'm grateful for our amazing community, and for the people who have taken interest in what we're building. Many of them have become our friends.

We're going to make some product announcements this week, which we'll do on the Known Stream. Mostly, I wanted to express gratitude for what I get to do every day. But we're still a small company, and there is so much more we plan to do.

Whether you're an individual, a class, an organization or a company, we want Known to be the best way to communicate from your own space on the Internet.

We believe everyone should own their own space on the Internet. The web should be all of ours. We should all own our content and conversations online, and the software that makes it happen should be beautiful and easy to use.

It's a mission I personally believe in, and I'm grateful to work on it. Thanks for being a part of it so far - now wait and see where we'll take it next.

 

Homebrew Website Club: March 11, 2015

Discuss progress; meet up; make new friends.

Location: The Creamery, 685 4th St, San Francisco

Time:

Ends:

Are you building your own website? Indie reader? Personal publishing web app? Or some other digital magic-cloud proxy? If so, come on by and join a gathering of people with like-minded interests. Bring your friends that want to start a personal web site. Exchange information, swap ideas, talk shop, help work on a project ...

See the Homebrew Website Club Newsletter Volume 1 Issue 1 for a description of the first meeting.

Originally posted on indiewebcamp.com.

Here's the Facebook event, if you prefer.