Skip to main content
 

Decentralizing the cloud: separating software from infrastructure

Ladders to the cloud

Much of the last decade or two of the tech industry has been dominated by the idea of the cloud: the simple, powerful idea that all of your applications and data can be accessed from any device with an internet connection. Enterprise businesses around the world have decommissioned server rooms in favor of subscribing to services maintained by other people, reducing overheads of all kinds. Even companies that once built and operated vast datacenters now rely on cloud providers. At the same time, cloud services have helped individuals save money upfront (even if subscriptions often cost more in the long run) and have taken the need for installation and troubleshooting out of the picture. Overall, cloud services have saved lots of people huge amounts of time and money.

But this convenience comes with trade-offs, some of which have become more apparent over time.

  • You only ever rent: There’s no real ownership, and vendors can modify, discontinue, or increase prices at will.
  • Privacy concerns: Because your data and activity pass through the provider’s infrastructure, they can be easily monitored, tracked, or even resold.
  • Jurisdictional constraints: Your data often resides in the provider’s chosen region, subjecting it to local laws, which may not align with your needs.
  • Downtime and dependence: If your cloud provider goes down, so does your access — sometimes across multiple services.
  • Vendor lock-in: Moving away from a cloud provider can be complex and expensive, discouraging competition and user control.

These trade-offs become even riskier when your work involves sensitive information. When software and infrastructure are controlled by the same entity, it not only enables easy monitoring and resale of your data but also makes it a prime target for subpoenas. Courts can compel a cloud service provider to produce your data, often without your involvement.

If your work involves sensitive personal information, for example of patients or sources, that could put their privacy and safety at risk. That might be particularly problematic in a situation where, for example, you work on reproductive health issues, and your software is hosted in a jurisdiction that has abortion bans. This risk extends across professions: journalists protecting sources, lawyers safeguarding client data, and healthcare providers managing patient records all face heightened exposure when their software, data, and infrastructure are all controlled by the same party.

At the same time, moving away from the convenience of the cloud is not really an option for most organizations. To date, most have opted to pay for more expensive enterprise contracts, which promise greater data protections alongside features like stronger audit logs and SSO. These provide some legal protections, but still amount to little more than an enforced promise: the vendor physically can inspect your data in most cases, you’re just paying them extra so that they’ll promise not to. These contracts also don’t address jurisdictional issues: if the vendor is based in Texas, your use of their platform is still subject to Texan law. The power dynamics at play remain unaddressed.

This is also problematic when you consider the increasing popularity of LLMs. If you’re dealing with sensitive or proprietary information, you probably don’t want an AI model to be trained on your data. You can pay vendors like OpenAI to promise that they won’t look at your data or train their models on it — but, again, you need to take their word for it.

If we want to retain the benefits of cloud software without its fundamental risks, we need a different model: one that restores control to users and organizations rather than vendors.

  • Retain the ease of deployment, access, and collaboration that makes cloud software so appealing.
  • De-couple software and infrastructure so that the company making the software is not the company that hosts the software.
  • Allow customers to pick an infrastructure host in the jurisdiction of their choice.
  • Ensure that data is encrypted at rest and in transit, so that even the hosting provider cannot access it.

Self-hosted cloud software is, of course, absolutely a thing that already exists. Some of it is even end-to-end encrypted. But it’s also largely free and open source, and requires a fair amount of configuration and maintenance from an organization’s IT department. There’s nothing wrong with open source software (I ran two open source startups!), but the complexity of configuration and lack of clear business model can introduce problems for both the customer and the vendor. Vendors like Cloudron are making this easier for open source software — and they should serve as a model for what could come next.

Some cloud infrastructure providers, like AWS, already host marketplaces of software you can install. The trick is, you usually have to decide which kinds of virtual servers to use — are you going to go for an m3.medium or a t2.xlarge? — and then consider how your private cloud will be configured. AWS also offers self-hosting for LLM models through Amazon Bedrock, but the same problems present themselves. There’s a lot of technical overhead which many organizations can’t easily address — and in stark contrast to a cloud offering like Google Workspace, which is completely turn-key.

But this doesn’t have to be the case. What if we could combine the ease of cloud-based software with the control and flexibility of locally managed applications?

Consider an iPhone: here, your software runs on your device, wherever it might be, but is seamlessly downloaded from an App Store on demand. Some of that software is free; some of it is paid-for, either as a one-off or on a subscription basis. The underlying operating system is a variant of the FreeBSD UNIX system with significant proprietary additions, including some sophisticated sandboxing, but you wouldn’t know it, and you certainly don’t need to configure anything: you request an app, and zip!, there it is on your phone.

Consider this user journey:

  • The customer signs up to a certified provider in the jurisdiction of their choice. There are providers tailored for different levels of customer and different industries.
  • They add their payment information.
  • They choose the software they want to provide to their organization from an App Store accessed through the provider. As soon as they install it, it is near-instantly available to them.
  • They can make it available to every user in their organization or a subset of users.
  • For every user for whom it is available, the app shows up on a web-based dashboard. It can also be configured to automatically show up in providers like Okta.
  • They never have to care about the speed or capacity of the underlying hardware: they just pay for a recurring license to the software.
  • They never have to care about configuring or upgrading the software: as soon as they select it, it’s available. Customers can opt for updates to be pushed out automatically, or they can hold back non-security updates for more testing.

The App Store distributes revenue to the vendor and the hosting provider, and takes a cut for itself. Apps are charged for on a predictable, monthly, per-seat basis, with each app able to set its own prices. As is the case with a phone App Store, the store itself does some vetting of each application, certifying it for security and a set of core rules that each app must abide by. Unlike a phone App Store, it also does vetting and certification of the hosting provider itself, reducing the customer’s need to undertake security auditing.

Because every hosting provider associated with an App Store would necessarily need to adhere to the same open standards, the customer could move providers easily. They’d just sign up to another hosting provider associated with the App Store and migrate their apps. The App Store itself would handle the rest, dealing with migrating block storage, databases, and so on behind the scenes.

This model isn’t just about redistributing power from giant cloud vendors to customers. It’s about enabling organizations that deal with sensitive data to more easily use the cloud to begin with. It makes it easier to know that there is an enforced separation between an LLM and its training infrastructure. And it creates new opportunities for vendors that might not be in a position to offer their own cloud infrastructure, too. It lowers the barrier to both privacy and innovation for everyone involved.

Existing cloud providers aren’t incentivized to build this. It’ll take a new entrant or someone willing to make a big bet. The technology to do this already exists. The only question is: who will build it first?

If it’s you, I’d love to hear from you.

· Posts · Share this post

 

Minimum Viable Startup Operations

[Jean Hsu and Jen Dennard]

This is a good inaugural post from two people who really have lived the startup operations life many times over:

"We think of the operations part of a startup like getting dinner on the table. Sure, some days, you might try a new and involved recipe, but most days, you just need to get something good enough on the table FAST, so that you can devote more time to other family and life priorities.

This is where the concept of minimum viable operations comes in. It’s about finding the right balance: creating systems and practices that are just enough to support the team."

I've seen both the "minimum, but not viable" and "overdoing it" versions of this. Stuff like creating a whole new leveling system for a five person team, or spending months getting to the perfect OKRs, are easy traps for people who don't know the pitfalls to fall into.

And at the same time, winging it with no process and no goals is unbelievably common too. Every startup needs to consider process / people / ops - and most of all, culture - if it wants to succees. These things aren't optional.

I'm excited for future posts.

[Link]

· Links · Share this post

 

Please see Soundtrack to a Coup d'Etat

1 min read

It’s Oscars day! I haven’t seen very many of the nominees this year, but of the ones I have, I need to make this recommendation:

Soundtrack to a Coup d’Etat, nominated for best documentary picture, is brilliant. It’s an under-told part of American history, still highly relevant and ongoing today, told through the lens of its surprising intersection with the jazz musicians of the time. One of those films that I think everyone should see in order to educate themselves. It doesn’t make for a cheerful evening, but it’s all wonderfully done.

It’s available to rent on streaming services right now, and is worth it. If you don’t want to pay to rent, it will hopefully be a part of someone’s streaming library later on.

· Asides · Share this post

 

Warp factor 5, Mr. Sulu

[Ghost]

Another really great update from the Ghost team about their progress implementing ActivityPub:

"In our logs, that looks like our average request time dropping from 5+ seconds, to ~50ms:

[...] There are still a few places where we're using the old database architecture that remain slow. We're not out of the woods just yet. Within the next couple of weeks, though, the beta will be open to everyone on Ghost Pro to try out.

[...] Importantly, Ghost's ActivityPub service is already out in the wild, open source, and released under the MIT license. We build in public, and all our work is up on GitHub for anyone to download, fork, run or deploy if they want to."

Exactly the right approach, and so exciting to see. Onwards!

[Link]

· Links · Share this post

 

The web was always about redistribution of power. Let's bring that back.

This is for everyone: a message about the web at the 2012 Olympics.

I’ve seen a lot of this sentiment lately, and can relate:

I miss being excited by technology. I wish I could see a way out of the endless hype cycles that continue to elicit little more than cynicism from me. The version of technology that we’re mostly being sold today has almost nothing to do with improving lives, but instead stuffing the pockets of those who already need for nothing. It’s not making us smarter. It’s not helping heal a damaged planet. It’s not making us happier or more generous towards each other. And it’s entrenched in everything — meaning a momentous challenge to re-wire or meticulously disconnect.

Many of us got excited about technology because of the web, and are discovering, latterly, that it was always the web itself — rather than technology as a whole — that we were excited about. The web is a movement: more than a set of protocols, languages, and software, it was always about bringing about a social and cultural shift that removed traditional gatekeepers to publishing and being heard.

It’s perhaps hard to remember now, but in the early nineties, finding an audience really meant being discovered and highlighted by a small number of very rich publishing companies (or record labels, etc) who were most often not representative of their audiences. The web was a revolution: anyone could publish their words, their music, or their art, without asking anyone for permission, and they could find their communities equally permissionlessly.

The web, of course, didn’t turn out to be quite as utopian as the promise. The truth is, the people who could afford to publish on the early web were also from a narrow, relatively wealthy demographic. To make publishing accessible to most people (who didn’t, quite reasonably, want to learn HTML or pay for or configure a domain name and hosting), we needed a set of easy-to-use publishing platforms, which in turn became centralized single points of failure and took the place of the old gatekeepers. Replacing publishers with Facebook wasn’t the original intention, but that’s what happened. And in the process, the power dynamics completely shifted.

The original web was inherently about redistribution of power from a small number of gatekeepers to a large number of individuals, even if it never quite lived up to that promise. But the next iteration of the web was about concentrating power in a small set of gatekeepers whose near-unlimited growth potential tended towards monopoly. There were always movements that bucked this trend — blogging and the indie web never really went away — but they were no longer the mainstream force on the internet. And over time, the centralized platforms disempowered their users by monopolizing more and more slices of everyday life that used to be free. The open, unlimited nature of the web that was originally used to distribute equity was now being used to suck it up and concentrate it in a handful of increasingly-wealthy people.

For the people who were attracted to the near-unlimited wealth hoarding and rent-seeking potential, this new web was incredibly exciting. Conversely, for those of us who were attracted by the power redistribution more than the technology itself, it was incredibly disheartening. The reason we got involved in the first place had all but evaporated.

For a while, decentralization did become a hot topic. Unfortunately, this was more about avoiding the trappings of traditional banking — crucially, including avoiding regulatory controls — than it was about distributing power. The actual equity redistribution was mostly an illusion; although there certainly were people with their hearts in the right place in the movement, the people who truly gained from blockchain and cryptocurrencies were libertarian grifters who saw potential in moving money away from the prying eyes of regulatory oversight and saw banking regulations designed to protect people as being unnecessarily restrictive. Blockchain wore the clothes of power redistribution, but rather than empowering a large number of people, it enriched very few, often at other people’s expense.

I do think the brief popularity of blockchain helped bring attention to decentralization, which was useful. I don’t know that as much attention would have been paid to the new crop of decentralized social networks like Mastodon and BlueSky, for example, had Web3 not previously seeded some of the core ideas in a more mainstream consciousness. The web3 community was also the most successful at, for example, embedding identity in the browser. It wasn’t valueless as a movement, but it fell far short of the hype.

Which brings us to AI, the current hotness. Like any software technology, it’s being sold to us as an empowering tool. But the broad perception is that it’s anything but: models are trained, unpaid, on the work of artists, writers, and researchers, who are already relatively low-paid, in order to build value for a small handful of vendors who are making deals worth tens or hundreds of billions of dollars. Or as one commenter put it:

The underlying purpose of AI is to allow wealth to access skill while removing from skill the ability to access wealth.

If you think this is hyperbole, consider Marc Benioff’s comments about not hiring any more software engineers in 2025:

“We’re not adding any more software engineers next year because we have increased the productivity this year with Agentforce and with other AI technology that we’re using for engineering teams by more than 30% – to the point where our engineering velocity is incredible. I can’t believe what we’re achieving in engineering.”

Whether you care about software engineering jobs or not, the same dynamics are underway for writers, artists, and any other creative job. Even the productivity gains that are being realized through use of AI tools are benefiting a small number of wealthy companies rather than individuals. This is the exact opposite of the power redistribution that led to so many people seeing such promise in the web.

It’s very hard to get excited about technology that redistributes wealth and power in favor of people who already have it.

The trajectory of the web — starting as a tool for redistributing power and becoming one that entrenches it — was not inevitable. It was the result of specific choices: business models that prioritized monopolization, technologies designed for centralization, and a relentless focus on extracting value rather than creating it. If we want a different future, we have to make different choices.

What does an alternative look like? It starts with software designed for people rather than for capital. The web once thrived on protocols instead of platforms — email, RSS, blogs, personal websites — before closed networks turned users into data sources. We are now seeing efforts to return to that ethos. The Fediverse, open-source publishing tools, community-run platforms, and decentralized identity projects all point to a path where individuals have more control over their online lives. They aren’t perfect, but they represent a fundamental shift in intention: building systems that work for people instead of on them.

The first wave of the web was decentralized by default but only accessible to a small number of people. The second wave was more accessible but centralized by profit motives. If there is to be a third wave, it will have to be intentional: built with equity and accessibility as core values, not an afterthought. That’s a hard road, because open and ethical technology doesn’t attract billion-dollar investments the way extractive models do. But if history has shown anything, it’s that the web’s greatest strength is in the people who believe it can be better. The real question is not whether more equitable software is possible: it’s whether enough of us are willing to build it.

For many of us, the social movement, rather than the underlying technology, was always the point. We need that movement more than ever before. Hopefully building it is something that more of us can get excited about.

 

Photo: Tim Berners-Lee's tweet "This is for everyone" at the 2012 Summer Olympics opening ceremony, released under a Creative Commons Attribution 2.0 Generic license.

· Posts · Share this post

 

GSA eliminates 18F

[Natalie Alms at Nextgov/FCW]

I'd say this was an unbelievable own-goal. But, unfortunately, it's believable:

"The General Services Administration deleted 18F, a government tech consultancy that helps other agencies with their technology, early Saturday morning.

The office has been deemed “non-critical,” Thomas Shedd, director of GSA’s Technology Transformation Services, emailed staff at 1am. The agency’s acting head, Stephen Ehikian, told GSA staff Monday that the agency, which works across the government on tech, procurement and real estate, would be conducting a reduction in force."

18F has consistently saved other agencies money, and is seen as an example of modern government that other agencies (and governments) should learn from. It's an insane agency to dismantle.

But the way 18F worked - human-centered, in the open, with a real eye for inclusive change that saved real resources - is antithetical to Musk's mindset of believing yourself to be the smartest person in the room and forcing people to use your systems based on your own values.

Likely, Musk believes that these services should be provided by private companies (like his own) that could profit from it. It’s a backwards, profiteering, grifter-first approach to government services.

Of course, 18F is confronting to Musk in another way too: you can't be the smartest person in the room when those people are also in the room.

Yet another loss to hubris.

[Link]

· Links · Share this post

 

Groups helping LGBTQ+ victims of violence could face loss of federal funds

[Mel Leonor Barclay and Jasmine Mithani at The 19th]

The impact of this will be severe:

"Organizations that provide services to LGBTQ+ victims of domestic and intimate partner violence expect much of the federal funding they rely on to dry up as the Trump administration’s executive orders target the work they have been carrying out for years.

[...] Groups that focus specifically on LGBTQ+ victims are part of a broader network of federally funded nonprofits that provide life-saving counseling, housing and legal aid to people experiencing violence from spouses, partners or family members. Some nonprofits also train social workers, therapists and lawyers in how to work sensitively with LGBTQ+ victims of violence."

Protecting vulnerable communities from harm is not on this administration's agenda. Instead, it seeks to pursue a restrictive, theocratic vision of society that punishes people who are already suffering. Hopefully other organizations will step up and provide some of the funding shortfall.

[Link]

· Links · Share this post

 

Ex-Washington Post editor Marty Baron rebukes Bezos: ‘betrayal of free expression’

[Anna Betts in The Guardian]

He's not wrong:

"Marty Baron, a highly regarded former editor of the Washington Post, has said that Jeff Bezos’s announcement that the newspaper’s opinion section would narrow its editorial focus was a “betrayal of the very idea of free expression” that had left him “appalled”."

"Democracy dies in darkness" indeed:

"“If you’re trying to advance the cause of democracy, then you allow for public debate, which is what democracy is all about,” Baron said, adding that Bezos is sending a message that is “anything but democratic”."

Clearly Bezos's move to only host opinion pieces that further "free markets and individual liberties" is an attempt to curtail pieces that might be critical of Trump - and avoid reprisals for his own businesses. Baron is right to call him out on it.

[Link]

· Links · Share this post

 

Mozilla’s New Terms of Service and Updated Privacy Policy

[Bill Fitzgerald]

What a missed opportunity. As Bill Fitzgerald points out:

"Mozilla has given a masterclass, yet again, in how to erode trust among people who have loved your work."

Mozilla rolled out a new terms of service and privacy policy that rolled back a key promise never to sell user data. And then complained that people were making a big deal of it.

As Bill points out:

"Data brokers and adtech companies are weeds choking the internet. The data theft required to train large language models is a new, more noxious species of the same weed. Mozilla is going deep into AI and adtech, which means they are buying fertilizer for the weeds – and these changes to their terms, which provide Mozilla more rights to the data defining our online interactions and experience, should be understood in this context: Mozilla is building advertising and AI tools, and they need data to do this. Our web browser is right up there with our phone, car, and router with devices that provide a clear view on how we live."

Mozilla always had the potential to demonstrate what a tech company could be, and what the web could be, and it's always found new and interesting ways to fall short of that ideal. This is yet another one.

[Link]

· Links · Share this post

 

The future of the internet is likely smaller communities, with a focus on curated experiences

[Edwin Wong and Andrew Melnizek at The Verge]

This is much-needed research:

"The Verge partnered with Vox Media’s Insights and Research team, along with Two Cents Insights, to better understand how American consumers are embracing this shift. The goal of the work was to redefine what online communities will be in a post-social media era of emerging AI and Google Zero. And as brands look to hold onto the internet of the past, the term “community” will become a loaded word, with brands and platforms trying to use it more often to reach their ideal consumer."

And the findings are both obvious and highly actionable:

"Our research makes one thing clear: power is shifting back to the consumer (the fediverse signals this). Consumers crave community, but on their own terms — seeking deeper, more meaningful connections with those who truly matter (something we identified in 2014). Authenticity is at the heart of it all, supported by a foundation of safety and security. The future of community is personal, intentional, and built on trust."

Something that's maybe less obvious but still important: social media has often been the domain of editorial teams rather than product teams. There needs to be a strategic shift here: while actual messaging is editorial, the strategy of outreach and adoption for community platforms is a core part of product and needs to be treated that way. Community is a core part of any publication's product offering, and placing it on the editorial side disincentivizes innovation and real change.

Take this finding in particular:

"The desire for smaller, more intimate communities is undeniable. People are abandoning massive platforms in favor of tight-knit groups where trust and shared values flourish and content is at the core. The future of community building is in going back to the basics. Brands and platforms that can foster these personal, human-scale interactions are going to be the winners."

That's not something that an editorial team can provide on its own. It requires taking a step back and completely rethinking how you approach "audience" (that's the wrong word, for a start - community is two-way, whereas audience is one-way). That's not something I see many publishers grappling with.

[Link]

· Links · Share this post

 

Washington Post opinion chief quits as Bezos makes new editorial demands

[Brad Reed at RawStory]

This is incredibly disappointing to see:

"David Shipley, who has spent the last two-and-a-half years running the Washington Post's editorial page, has stepped down from his position over new demands being made by Post owner Jeff Bezos.

In a letter sent out to staff members obtained by New York Times media reporter Ben Mullin, Bezos said that Shipley stepped down because he could not go along with Bezos's plan to ban editorials in his paper that were critical of "personal liberties and free markets," which he described as "two pillars" of American society."

It's a bizarre change for a few reasons:

  1. It's not like opinion columns in favor of "personal liberties and free markets" are in short supply in American media
  2. This is exactly the Wall Street Journal's positioning
  3. It's likely to further alienate the Post's flailing readership.

American media is already overwhelmingly conservative; another libertarian organ is hardly going to make a difference to American readers. Instead, this likely has more to do with Bezos wanting to win contracts and favor with the current administration. Just like the bad old days.

[Link]

· Links · Share this post

 

Facebook Boosts Viral Content as It Drops Fact-Checking

[Craig Silverman at ProPublica]

Let the attention dollars flow:

"Meta CEO Mark Zuckerberg also said in January that the company was removing or dialing back automated systems that reduce the spread of false information. At the same time, Meta is revamping a program that has paid bonuses to creators for content based on views and engagement, potentially pouring accelerant on the kind of false posts it once policed. The new Facebook Content Monetization program is currently invite-only, but Meta plans to make it widely available this year."

This combination very obviously incentivizes bad actors to make the most viral content possible, whether it's truthful or not.

For example:

"“BREAKING — ICE is allegedly offering $750 per illegal immigrant that you turn in through their tip form,” read a post on a page called NO Filter Seeking Truth, adding, “Cash in folks.”"

That post is a hoax, and Facebook's existing fact checking had meant it had been demonetized. The page owner is quoted as being delighted that fact checking is ending. Thousands others like it doubtless agree.

[Link]

· Links · Share this post

 

What Felt Impossible Became Possible

[Dan Sinker]

This story doesn't feel like it's going to end up inspiring, but bear with it:

"George Dale printed their names in his newspaper, part of his unrelenting, unceasing, and unflinching attack on the Muncie Klan.

[...] When he wrote an editorial accusing circuit court judge Clarence Dearth of being a Klansman and stacking his juries with Klansmen, that judge sent Dale twice to perform hard labor on a penal farm. He later fled to Ohio to avoid arrest. When Dale got home, he picked up right where he left off and he and Judge Dearth fought a long and protracted defamation battle that left Dale broke."

But do stick with it, because not only is the entirety of George Dale and the story of what he did in Muncie, Indiana inspirational from start to finish, but the conclusion might be enough fire to power you through and inspire your own acts of democratic heroism.

[Link]

· Links · Share this post

 

It is no longer safe to move our governments and societies to US clouds

[Bert Hubert]

A European point of view:

"We now have the bizarre situation that anyone with any sense can see that America is no longer a reliable partner, and that the entire US business world bows to Trump’s dictatorial will, but we STILL are doing everything we can to transfer entire governments and most of our own businesses to their clouds.

Not only is it scary to have all your data available to US spying, it is also a huge risk for your business/government continuity. From now on, all our business processes can be brought to a halt with the push of a button in the US. And not only will everything then stop, will we ever get our data back? Or are we being held hostage? This is not a theoretical scenario, something like this has already happened."

I can understand the risks. What's interesting is that many US companies also feel that way about European cloud services, in an effort to avoid having to adhere to the GDPR. Should every business adhere to strong privacy standards? Absolutely. I'm not defending it or suggesting it's equally justifiable. Regardless, the impulse exists.

These trends ultimately culminate in stratified national internets: technically connected internationally but in effect separated through different legal requirements and jurisdictions. (Some national internets are also separated by firewall or content filters - think China, for example.)

It would be nice to reverse this trend: one of the real benefits of the internet is that everyone is connected to everyone else. But I can also fully understand why Europeans (and particularly European governments) are worried about US policies and want to remain independent from them. There is a security and business continuity issue here, and they're right to de-risk their operations.

[Link]

· Links · Share this post

 

AfD

2 min read

Hint: if a party is heavily supported by people who throw Nazi salutes, it might not be up to much good.

Some voters for new right-wing parties are economically worried, but blame their issues on the influx of immigrants rather than the increasing divides between rich and poor that we're seeing globally. They're looking for right-wing answers to their economic worries - racism like anti-immigrant sentiment - rather than the equitable ones that would actually present lasting solutions.

I think that's partially because the left-wing parties haven't been good at prioritizing those economic issues. Some of the liberal (rather than truly left) parties have used their embrace of other social issues like affirming peoples' identities and supporting intersectional equity (which are good things that they should have been doing!) to mask their lack of action on real economic disparity (which they should also have been working on, but isn't always as palatable to wealthy donors). 

Both are important. We can support peoples' identities and correct historic inequities while also providing real safety nets and taxing billionaires. I think you actually can't effectively do one without the other.

Of course, in addition to this, some voters are just fucking racist. Or they're anti-Islamic, transphobic, homophobic, or see the world through some other noxious hate-based lens. And, of course, you have to be at least a little bit xenophobic to be entranced by a policy based on "these people are not like us".

That's left room for the kinds of bottom-feeders who would like to see more racial stratification and believe in homogenous societies. The people who find integrated, cosmopolitan societies scary. Imagine what an underwhelming, insecure person you'd have to be to be afraid of more diversity or correcting for serious historic inequities. Widening the gene pool of ideas, of lived experiences, and, well, genes, strengthens any society.

The fact is, there's a possible, better alternative, where an equitable distribution of wealth is ensured so that nobody falls through the cracks, but I don't know that it's been offered effectively. I hope we can correct for that. I find results like today's to be deeply depressing.

· Asides · Share this post

 

Empires

1 min read

For the avoidance of doubt:

All empires are bad.

All empires have always been bad.

All empires always will be bad.

The concept of empire is bad.

The prerequisites for empire are bad.

And the people who like empires — any of them — are bad.

Do not have fondness for empires.

Do not have nostalgia for them.

Empires by definition colonize and rule space — physical, figurative, or both — that might otherwise be free.

Resist the urge to romanticize empire. It was never good, and it never will be.

· Asides · Share this post

 

People and Blogs

1 min read

I was privileged to be interviewed for this week’s People and Blogs:

Hi! I’m Ben Werdmuller. I was born in the Netherlands, grew up and spent my twenties in the UK, and spent twelve years in the San Francisco Bay Area. Now I live in Greater Philadelphia in a creaky old house with my partner, our two year old son, and my father. At night the pipes clang and we sometimes wonder if they’re haunted.

I love the whole series, so it’s really exciting to be included. You can read my interview here.

· Asides · Share this post

 

Texas Banned Abortion. Then Sepsis Rates Soared.

[Lizzie Presser, Andrea Suozzo, Sophie Chou and Kavitha Surana at ProPublica]

My colleagues at ProPublica conducted a first-of-its-kind data analysis on health outcomes after Texas banned abortion in 2021.

Here's what it found:

"The rate of sepsis shot up more than 50% for women hospitalized when they lost their pregnancies in the second trimester, ProPublica found.

The new reporting shows that, after the state banned abortion, dozens more pregnant and postpartum women died in Texas hospitals than had in pre-pandemic years, which ProPublica used as a baseline to avoid COVID-19-related distortions. As the maternal mortality rate dropped nationally, ProPublica found, it rose substantially in Texas."

The abortion ban is leading to dangerous delays in care that is leading to an uptick in maternal death. Which is exactly what patient advocates warned would happen.

[Link]

· Links · Share this post

 

Reflections on 25 years of Interconnected

[Matt Webb]

I love this:

"Slowly, slowly, the web was taken over by platforms. Your feeling of success is based on your platform’s algorithm, which may not have your interests at heart. Feeding your words to a platform is a vote for its values, whether you like it or not. And they roach-motel you by owning your audience, making you feel that it’s a good trade because you get “discovery.” (Though I know that chasing popularity is a fool’s dream.)

Writing a blog on your own site is a way to escape all of that. Plus your words build up over time. That’s unique. Nobody else values your words like you do."

Fun fact: I started my first startup, the open source social networking platform Elgg, after my university employer told me, verbatim, "Blogging is for teenage girls crying in their bedrooms." I've been pro-blogging both long before and long after it was cool.

So sure, blogging might never be mainstream. But it can also be leading edge: a way to demonstrate what ownership can look like. A place to own your words by every definition of the word "own".

Everyone should have a blog. Everyone should write on their own terms. I want to read everyone's reflections; understand their worldviews from their perspectives, from a space that is truly theirs.

As Matt says:

"I evangelise blogging because it has been good to me.

[...] You should start a blog. Why? Because, well, haven’t I just been saying?"

There's no better time to start than now.

[Link]

· Links · Share this post

 

America Needs a Working-Class Media

[Alissa Quart in Columbia Journalism Review]

This article cuts right to the core of why media is failing to connect with mass audiences in America. It doesn't report from a perspective that they can identify with - largely because it doesn't hire people like them.

What would working-class media look like?

"It would be one where economic reporters are embedded in blue-collar communities and neighborhoods rather than financial districts, and source networks built around people with direct experience instead of outside analysts. Centering inflation coverage around wage stagnation rather than the stock market and written for people who live paycheck to paycheck. Healthcare reporting would be conducted by those who have experienced medical debt. Labor reporting that represents workers not as mute sufferers but as true experts. Housing that is considered from the perspective of the renter, not the landlord or developer."

Because:

"While Americans in polls report historically low levels of trust in the media, it could be in large part because much of the press hasn’t been speaking to the concerns of their everyday lives."

The piece goes on to laud people from working-class backgrounds like Heather Bryant, who I think is a voice that every newsroom needs to be listening to. Instead, journalism is often a very inward-looking, upper middle class endeavor; people who grew up with nannies and went to private school are overrepresented while people who grew up on income support and had a traditional state education are underrepresented. And because richer people are better targets for advertising buys, ad-supported publications chose to chase them.

In this vacuum, another kind of media has erupted to meet the needs of a disconnected audience:

"This brings us to where we are today with faux-prole Republican journalists, a kind of social-class kitsch of Rogan-ish dudes on barstools with podcasts."

Exactly. This moment requires fundamental change that is about reforming every part of journalistic culture - not just to be more focused on who the audience actually is, but to be more representative of them. That means creating the conditions that allow working-class journalists to stick with it, providing support and training structures that don't assume independent wealth, and truly internalizing the industry's shortcomings on this front.

On that last point, I don't know how optimistic I feel that real change is possible. But we should try.

[Link]

· Links · Share this post

 

Are We Self-Segregating on Social Media?

[Allison Hantschel in DAME]

Hand-wringing over people leaving overtly unsafe spaces like X to find communities that are actually enjoyable to hang out in (like Mastodon and BlueSky) is absolute nonsense.

"With that user growth, mostly from liberals disgusted with Musk’s nonstop promotion of conservative disinformation, came criticism that people were merely seeking out an ideological “echo chamber” to reinforce their views.

They’re complaining that Americans are underexposed to fresh new ideas like “non-white races are inferior” and “trans people shouldn’t exist” and “we should hunt the poor for sport” and without algorithmic pressure will suffer without such content. They’re upset that they’re not allowed to promote their toxic work into the eyeballs of people who aren’t looking for it."

Let's put it like this. If you're at a party and it's full of assholes, it's quite reasonable to leave and go to another party. There's no law that says X is the social networking platform for everybody (at least, not yet). There's nothing that says you have to be on Facebook or Instagram. Everyone gets to use the law of two feet to find a community that's comfortable for them.

Hantschel puts it like this:

"There’s no obligation to stay where you find nothing useful or interesting, and there’s no homework assignment that requires you to allow people to ruin your experience. You’re not required to spend a certain number of hours a day engaging with hateful people, or even people you just dislike, in order to accumulate Intellectual Diversity Points."

What these commentators are really complaining about: they spent well over a decade building up followings on these platforms and now people are looking elsewhere, rendering their investment moot. That's just too bad.

[Link]

· Links · Share this post

 

Own what’s yours

[PJ Onori]

I can't disagree with anything here:

"Web 2.0 seemed like such a great idea in a more innocent time. We’re at a point where it’s only prudent to view third-parties as guilty until proven innocent. Not as some abstract, principled stance, but for our own direct benefit.

Now, more than ever, it’s critical to own your data. Really own it. Like, on your hard drive and hosted on your website. Ideally on your own server, but one step at a time."

We still have a lot of work to do to make this easier and cheaper. Owning your own domain costs money; running web hosting costs money. Not everyone can afford that, and this kind of self-sovereignty should be available to all: if only wealthy people can own their own stuff, the movement is meaningless.

But the principle is right. We are being exploited, locked down, pigeonholed, and forced into templates of someone else's making. We can do so much better.

[Link]

· Links · Share this post

 

Ask a CTO: security vs. productivity; when to adopt technology trends

Ask a CTO is an irregular column where I answer anonymous questions from a technical leadership perspective. You can ask questions using this form.

I have two answers to two questions this time around:

Security vs. productivity

Security by Getty Images, licensed under the Unsplash+ License

Where do you draw the line between security and productivity? What are the drawbacks of totally locking down user workstations and onerous password, 2FA, convoluted permissions and never-ending zero trust implementations?

Security and productivity don’t have to be at odds: they should reinforce each other. They’re not at different ends of a continuum.

The purpose of IT is to support everyone’s work by empowering them to use technology efficiently and safely. Therefore, any good IT strategy is rooted in service design.

Anyone who builds a product needs to consider the user journey of the person they want to use it: their individual steps from discovering the product through to becoming a dedicated user. IT service delivery is a product, too, and the people who provide it need to consider the work journey of its recipients just as carefully. Consider their jobs to be done: the stuff they need to do, the workarounds they’ve created for themselves, the things they’re studiously avoiding doing. And understand that everyone’s role has different requirements: only a few people need access to payroll, for example, and engineers really need access to install their own libraries and developer tools.

There’s also got to be a “why” for everything that’s implemented: the worst IT policies are created by people who do something because they think they should, perhaps because they perceive that other people are doing them. Do you really need to rotate your passwords every 90 days? (I’ll spare you a search: the answer is no.)

And you need to be open to the idea that you’ve got it wrong. Nobody knows their work better than the people who are doing it. Security policies exist for a reason: unchecked software installs or poor password practices can put the whole organization at risk. But the way those policies are designed and enforced makes all the difference. IT departments lock down workstations in part so that people don’t install random software that might turn out to be harmful; they’d better also have a friendly process for helping people to install software that isn’t part of their core supported offerings but turns out to be needed for someone to do their job.

All these elements need to be in place: well-considered user journeys for every role, a considered reason for everything you’ve implemented, great training and bedside manner, and an openness to change, in partnership with a strong understanding of the risks and the products and approaches that might address them. Once these things are there, a good IT strategy should actually improve productivity rather than get in its way, even as it implements security procedures like managed devices, MFA, least privilege security, zero trust, SSO, and so on.

A good password manager makes passwords and MFA easier than manually typing credentials. Good SSO just requires a touch to seamlessly log in. Good IT support is a ubiquitous, friendly presence with good bedside manner. Good device management means that you don’t have to worry about keeping your machine up to date. Those things are all necessary for good security, but they also take out steps to common workflows and, once they become a habit, are easier for most users than life without them.

Conversely, if you don’t implement these things from a human-centered perspective, people are going to resent the changes, and you run the risk of getting in the way of people’s work. When that happens, they’ll try to work around you, and your entire organization is less secure. Security really depends on everyone being aligned, which in turn depends on an IT department being laser-focused on being of service.

Keeping up with the Joneses

How do you decide which trends are worth adopting?

There are three things you need to know, in order of importance:

  • What is your organization’s mission, vision, and strategy? In other words, what are your goals? What are your problems to solve?
  • What are the jobs to be done of the individual people in your organization? Where are the points of friction in their workdays?
  • What are the emerging trends? What are the pros, cons, ethical considerations, and potential risks of a new technology or approach?

I’ll start with the last first. It’s good to be informed, but that means cutting through marketing and sales excitement to understand the underlying nuances. Many new technologies — and certainly the ones high-profile enough to become “trends” — have an attendant hype cycle. The first step to parsing coverage is understanding that the hype cycle exists; the second is to find voices you trust and listen to their commentary.

My feed reader is loaded with thousands of subscriptions not just because I like blogging and RSS (although I do!), but because these voices keep me informed. Many of them will disagree with each other, and some of them come from perspectives that are very different to my own; these different angles allow me to construct my own informed opinion. I don’t rely on TechCrunch or similar sites for trend analysis because they tend to amplify hype rather than provide nuanced perspectives. Instead, I filter through relevant connections whose opinions I trust.

But it all comes down to those organizational goals and the problems you need to solve. Implementing any technology for technology’s sake is a fool’s game: it all has to be in service of your organizational strategy or improving the working lives of the people who implement it. Does it address your strategic problems? Does it reduce friction for your colleagues? How?

That can be more complex than it sounds. For example, if your goas include hiring top-tier engineers, that isn’t just about salary: it’s also about the tools and environment you provide. A company that invests in high-end hardware, flexible work policies, or a strong internal developer experience may attract better talent than one that skimps on these details. A company that has an open mind about AI may be more attractive to investors than one that takes a more dogmatic approach. And so on.

Finally, ethical risk is organizational risk. It’s important to understand the ethical considerations and impacts of a new technology as a core part of its pros and cons. Overlooking the dubious ethics of a team or a technology’s environmental footprint is likely to lead to problems down the road, even if the technology may seem like it’s super-popular today. These things have a tendency to manifest as real speed bumps down the road.

Stay focused on your goals, cut through the hype by listening to diverse experts, understand the risks, stay human-centered, and always think for yourself.

Ask a CTO

Do you have questions that you’d like a technical leader to answer? You can ask questions using this form. I’ll try to answer in a future post.

· Posts · Share this post

 

Elon Musk’s X blocks links to Signal, the encrypted messaging service

[Matt Binder at disruptionist]

Just in case you thought he was still all about free speech:

"Elon Musk’s social media platform, X, is currently banning links to “Signal.me,” a URL used by the encrypted messaging service Signal. The “Signal.me” domain is specifically used by the service so that users can send out a quick link to directly contact them through the messaging app."

Signal, of course, is the encrypted chat app that is used by anyone who wants to have conversations with freedom from surveillance - including activists, journalists, and, as it happens, public servants who have either been fired or are under threat of it. As the article points out:

"Signal has been an important tool for journalists over the years as really one of the few services that are truly private. All messages are end-to-end encrypted, everything is stored on device, and no content is kept on any Signal servers in the cloud. If a source wants to reach out to a reporter and be sure their communication would be as confidential as possible, Signal is usually one of the primary methods of choice."

This includes public servants blowing the whistle on DOGE. So it's weird that X is blocking it. But given Musk's activities in the current moment, maybe not surprising.

[Link]

· Links · Share this post

 

Bringing Quote Posts to Mastodon

[Mastodon]

Mastodon doesn't have quote posts, but is finally adding them after years of pressure. It's a harder decision than you might think - which is made clear by this excellent post by the team.

In order to help mitigate potential abuse, the team has imposed three main requirements:

  • You will be able to choose whether your posts can be quoted at all.
  • You will be notified when someone quotes you.
  • You will be able to withdraw your post from the quoted context at any time.

Some Mastodon clients fake support now by showing a post in a quoted context whenever it's linked to from another post, but this doesn't have any of the aforementioned properties, and therefore is more susceptible to abuse. And ActivityPub, as yet, doesn't have a great way to represent this either.

So it makes sense that it's taken a while: Mastodon wants to do it correctly to preserve community health, and do it in a standard way that other Fediverse participants can use, too.

I appreciate the transparency and approach. I'd love to see many more updates in this vein.

[Link]

· Links · Share this post

Email me: ben@werd.io

Signal me: benwerd.01

Werd I/O © Ben Werdmuller. The text (without images) of this site is licensed under CC BY-NC-SA 4.0.