I really like this quote from 37 signals:

Basecamp was done almost entirely without risk. It was completely self-funded. We treated it as a side-product and a side-project until it could pay the bills. And only then did we make it the main focus of the company.

I absolutely hate risk. I think it’s a misnomer that entrepreneurs somehow are in love with risk and making big gambles and taking big bets. I think that’s probably true for some. It’s certainly not true for me. And I think it’s certainly not true for a large constituency of other successful entrepreneurs.

I think the act of putting yourself in a position where you’re not forced to take on all this risk and bet everything is the hallmark of running things well.

The comments are worth a read too. In particular, I agree with the assertion that if your job doesn’t allow you to have site projects, you should get a new job.

This is a more technical post than I’ve been writing lately. I’m considering splitting out into two blog channels; let me know if you’d prefer this.

This is a request for comments and ideas. Please let me know what you think in the comments. Thanks!

One of the advantages of the decentralized social web, as opposed to a social network (federated or otherwise), is that identity can, theoretically, be shared with any web page, anywhere. That page doesn’t have to be running any particular software or provide any particular function; it should optionally be able to support identity-related features. That could then be used to tailor the page to the viewing user. (Of course, sharing identity should never be required, for security reasons.) This is part of three broad activities that I see as being part of the social web:

• Publishing web content in an identity-aware way
• Consuming web content in an identity-aware way
• Sharing socially

Much of the decentralized social web development activity to date has been focused on the third point, and on reading and writing as part of a social web application like StatusNet or Diaspora. However, I’d like to look at the first two points with a view to make them web infrastructure, rather than features of a web application.

To achieve this, I’d like to be able to report, as an option, the identity of the person making an HTTP request, as part of the headers to that request. This might come from the browser itself, eg via an identity plugin, or it might come from a web-based identity proxy.

HTTP supports basic authentication, which involves sending a username and password, potentially in the clear. Out of necessity, we’ve moved beyond this, eg for things like API authentication. Often tokens, hashes and encrypted requests are included as extra header values to authenticate a request.

I’d like to use the same general principle for identifying a user. Here’s how it might work:

1. The user visits a site for the first time. The browser sends a standard HTTP request. (Or, alternately, a HEAD request, if the site content isn’t required.)
2. The site responds as normal, but with an extra HTTP header indicating that it’s identity-aware, including the URL of a handshaking endpoint. This will be ignored by clients that aren’t looking for it.
3. If this is a standard browsing scenario, the user’s browser asks if he or she would like to share identity information with the site. For the purposes of this example, the user clicks “yes”. (This step can be left out if this isn’t a standard browsing scenario.)
4. Via the handshaking endpoint from step 2, the user’s browser gives the site a public and private key, and a URL, through which it can access the user’s identity information as an XRD file (as in Webfinger). This is exactly the same as the public and private key system used to retrieve social information in points 5 and 6, using the same method. The site simply makes a signed request to the user’s identity URL, which can be anywhere.
5. The browser receives public & private keys for use with this server only. These might be stored in the browser, or in some central identity store that all the user’s browsers access.
6. Whenever the browser makes a request to the server, it adds extra headers using these keys (and HMAC-SHA-1), signing each request with the user’s identity until he or she says otherwise. It also sends a header to indicate when the user’s identity information was last changed, in order to prompt the site into obtaining new information if it needs to.
7. If the site in point 4 is associated with a specific person (for example benwerd.com would be associated with Ben Werdmuller), he or she can use the public and private key generated in step 4 to browse the user’s site.

The publisher would get a list of users who have identified with the site, and, depending on their server or content management system, might add some of them to special access control groups that would allow access to different content. The next time the user visited the site, they’d see more privileged content. A notification would probably be sent to them to let them know this had happened, but this is out of scope for what I’m discussing here. (Perhaps notification methods could be shared as part of a user’s identity information?)

Conversely, the user’s XRD file containing their identity information can also change depending on who’s accessing it (as the requesting site always makes a signed request).

This system has a number of advantages:

• It’s server and system agnostic. It simply uses the building blocks of the web.
• It’s very easy to build for. Checking and setting HTTP headers are easy to do, and don’t require any front-end work like HTML parsing or JavaScript libraries. This makes it usable for APIs and feeds as well as web pages, and for clients that use web APIs as well as web browsers.
• The web isn’t just a platform for people to read these days. This method doesn’t depend on anything visual.
• You don’t need to control the root of a domain to make it work. If you install a script at http://yourdomain/~foobar/banana/hockeystick.php, the system will be happy there too.
• It’s passive. There are no blockers if you don’t supply identity information – you just see something different.
• It’s based on similar assumptions to WebID, but doesn’t require SSL certificates in the browser, and it’s as easy for a web app to implement as it is for browser software.

It incorporates the following assumptions:

• Relationships are assymetrical. (Here, there’s a set of keys for each side of a relationship. If one side stops participating, perhaps by removing the other from an access control group, the other side is still valid.)
• Privacy isn’t binary. (Everyone gets a different view on a given page or piece of data.)

Let’s call it httpID. I’m looking for feedback on the idea and process. Does it make sense? Have I missed something obvious? Let me know. If there are no major blockers, I’ll firm up the spec and create some libraries.

Here’s one of my favorite places on Earth:

It’s called the Norrington Room. It sits in the basement of Blackwell’s, the oldest bookshop in Oxford (where I grew up), and when it was opened in 1966 it was the largest room full of books for sale in the world.

I love bookshops, but I rarely spend money in them any more.

Over at the Scottish Book Trust blog, Heather Collins has written a plea for the survival of high street bookshops, arguing that we should pay the bookshop price premium for similar reasons to paying extra for organic food. There’s no denying that they’re a dying breed, and while I certainly agree that I don’t want to see the demise of the bookstore, I also don’t think that artificially supporting them because they inherently deserve to survive is going to work.

So what is it about bookstores that’s so wonderful, compared to (and let’s face it, this is what the choice boils down to) Amazon?

Whenever I’m in Berkeley, I take time out for a visit to Moe’s Books on Telegraph Ave. It doesn’t look like much from the outside, but its textured history and almost anarchic layout over five floors makes a visit feel like diving for treasure. Moe’s is opinionated; the staff clearly have an opinion about what you should be buying, and their passion comes through in the way they store and display their stock. They know you could head over to Borders, or do a book search on Amazon, so what Moe’s deals in is serendipity, distilled and condensed and plastered all over their shelves. More so even than the Norrington Room, this is a place you walk into when you don’t know what you want to buy. (A lot of people like City Lights, across the bay in San Francisco, but for me Moe’s is where it’s at.)

Amazon also wants to introduce serendipitous discovery, but it does so naively, using a process I wrote about years ago. They simply look at their aggregate data and tell you what other people bought, based on the product you’re currently looking at, the products you’ve looked at previously, and overall. Some of the recommendations are decent, but it’s so far proven itself to be a particularly bad system for uncovering titles that aren’t necessarily related to recent searches, but you find interesting anyway. They try and mitigate this with curated lists of products, but it’s hard to find one from someone whose opinions you’re interested in, and they’re too easy to game by marketers.

I think this kind of cultivated serendipity has the potential to be the savior of bookstores. Conversely, trying to directly compete with Amazon will be their demise. There’s no way they can compete with the online bookstore’s distribution, reach or economies of scale, but there’s also no way a software platform – even one as sophisticated as Amazon’s – can compete with the humanity of a few opinionated people who know a lot about books.

So bookstores should forget the identikit chain model. Hire the smartest people they can find – as Blackwell’s does – and get them to cultivate collections of interesting, hard-to-find books in such a way that unsuspecting customers can fall down into rabbit holes of hitherto undiscovered ideas. Serve great coffee; encourage visitors to browse and read. Have themed evenings, run book clubs, invite authors for signings. But embrace the fact that some people will be reading ebooks, and others want to buy bestsellers online. Run kiosks, and find ways to sell ebook versions of those hard-to-find books they’ve lovingly placed on the endcap. Make high street stores a place for discovery and learning, and even fill some of the gaps left by libraries (another dying breed). Turn them into social hubs with events and music.

An organic, human community? Now that’s worth paying extra for. It’s no wonder that so many identikit chain bookstores are dying at the hands of Amazon: they don’t dare to offer anything different.

Photo of the Norrington Room by Juan J Martinez, released under a Creative Commons license.

This article is long, but worth reading to the end:

He came home and lay on the couch for a week, confused and a little lost. With the long overdue luxury of time and hindsight (and bed rest dictated by a bad case of bronchitis), he analyzed the past year’s activity. He believed that the two board members and the slow-paying investment group were planning to bankrupt the company in order to buy it cheaply out the back end.

Following my post yesterday about becoming a tech entrepreneur, Phaedra Hise’s story about her husband’s adventures in a beverage startup includes the dangers, high points and low points of running your own venture – both in terms of your business and your personal life. It’s well-written, vital stuff. Click here to read the full article.

Edited to add: anyone who knows me even a little bit will know that I don’t particularly sympathize with Bill in this article – but I thought I’d make that crystal clear. Nonetheless, it’s a good article, particularly if you read between the lines.

I was taken by Status.net founder Evan Promodou’s post the other day:

Hackers make things; entrepreneurs make things that make things.

This is a pretty succinct explanation of the difference between an entrepreneur and a hacker, and, I must confess, not one I fully understood when we originally set out to build Elgg. (It was implicitly present in my previous projects, and certainly has been in my projects since.)

In short, it’s not enough to build something amazing. Being an entrepreneur is about creating the framework and the platform to let your products take flight in a sustainable way that can grow in value over time. The idea that you should create something that “scratches an itch” – solves a problem that you have – is a myth when considered in isolation. Certainly, building a sustainable, growable enterprise is full of risk, long hours and hard work, so building something that you feel passionate about is a good idea. But it’s also important to feel passionate about the act of building a business, and to understand the implications of taking this task on. Business-building is at least as complex and nuanced as putting together a complex piece of software or a far-reaching web application. It can be more rewarding – for one thing, it makes you more likely to get paid – but it’s a very different task.

Leaders vs developers

Let’s say you’re writing a utility program as a personal project, with some friends. You’ve probably got a good idea of what you think it needs to do, and you’ll write it based on those assumptions. Later on, you might open source it or release it via an app store or the web, and you’ll make changes based on user feedback and bug reports. Ultimately, you and your friends are the gatekeepers for the utility: what you say goes. If you’re selling it, you don’t need to report back to anyone about how well you did.

In contrast, CEOs need to represent company value, and a company board will hold them to doing that (perhaps alongside an advisory board, which in many cases is a good idea as a kind of social proof). In a startup this means not just managing the products, but also having awesome people skills to help your team stay motivated and on-track, being a responsive customer support representative, overseeing marketing, actually getting out and selling your wares, and forming the structure of the company so that all of the above can be done efficiently and in a way that’s fair to everyone involved. Above all, you’ve got to be informed, decisive, empathic, persuasive and a great communicator. And you’ve got to put the needs of your team and the needs of your company first.

In short, being a great leader is not always the same skillset as being a great developer. And neither is necessarily the same as being a great businessperson.

None of which is to say that developers can’t be tech CEOs. Actually, assuming they also have these other skills, they can be great tech company leaders: for one thing, they know what developers need to thrive. The details-orientated, engineering mindset that development demands is also well suited to building a company, as long as this is accompanied by those empathic people skills and a willingness to learn. And in fact, the best developers are informed, decisive, empathic, persuasive, selfless and great communicators.

Consider this, though: Patrick Mackenzie’s Bingo Card Creator is one of the best examples of independent entrepreneurship out there. It’s a great business, and people get a lot of value out of the product – but it’s hardly an engineering challenge. Would you be happy doing the same?

Be careful out there

Even when you’re right for the job and have designed a sustainable product, it’s just plain hard to make a business work. The kind of suck-it-and-see entrepreneurship we’ve seen from the likes of Twitter – where companies release grand services and think of the business model later – are the preserve of people with a lot of money behind them. You may be able to get some investment backing, but Twitter had Evan Williams, who had previously sold Pyra Labs to Google; at Facebook, Mark Zuckerberg didn’t come from a wealthy family, but was lucky enough to have great connections at Harvard and a friend in Eduardo Saverin. Even with a solid business model, the risks are large, and software entrepreneurs are disproportionately from wealthy, upper-middle-class backgrounds. (The first round of funding for new companies is often expected to be from friends and family. Could you ask yours for money to start a new venture? I wouldn’t want to.) It’s tough out there, and you’re unlikely to make money in the first few months. You need to be willing to spend money to sustain yourself, without taking unnecessary risks – for example, if you’re in the US, health insurance is not optional, and you always need to have enough money to pay off your debtors and close the company down. Some companies have had really creative solutions to this initial seed funding problem: my favorite is AirBnB’s Obama O’s.

Finally, let’s say you manage to create a sustainable, growing business with awesome products, loyal customers and a happy, dedicated team. Unfortunately, there are lots of entities out there – both people and organizations – who will see you as prey. Some companies exist entirely to make profits through litigation, or by scooping up the assets of failing businesses. Some people see themselves as having a bigger picture view and seek to control a company, perhaps for nefarious reasons, or perhaps through an honest belief that they could do better. These dangers sound cynical, but they’re real, and you need to be able to fend them off.

Know the risks and do it anyway

Why am I posting this? I get worried. I speak to a lot of developers who want financial independence from a day-to-day job, or worse, want to get rich quick, without any realistic ideas about what’s involved or the kinds of things they’ll have to do. The rewards – both emotional and monetary – are potentially great, and I do believe I’ll be starting more companies in the future. This isn’t meant to be a put-off: I definitely urge the entrepreneurial developers reading this who have an idea burning at them to follow it through and put it out there. Nonetheless, it’s not a decision to take lightly, and that’s something that I’m not sure the current set of angel incubators emphasize enough. Do it, but do it with your eyes and ears open.

Last week, I said goodbye to decades of tradition and became a Mac user.

It’s a more emotional decision than you might think. It’s just a tool, right? You should pick the product that is going to do the job for you best. But in tech circles there’s something emotive and tribal about it; mention that you’ve gone Mac to a Windows or Linux geek and they’ll roll their eyes disparagingly. For better or for worse, there’s a whole set of lifestyle assumptions wrapped up in what kind of computer you use.

Which is almost as good a reason for me to have changed as anything else. I hate being pigeonholed. In fact, though, I decided to spend the extra money on a MacBook Pro because my Dell Studio XPS was giving out on me, just over a year after I bought it. After a little research, I decided this machine would probably last longer – and as most of the software I use is web-based, I don’t really care which operating system I use.

Windows 7 is genuinely very good (if you’re on XP, in particular, you should change to it). But I’ve been blown away by how well put-together the MacBook Pro really is, from the physical quality of the case to the flexibility of the operating system. (Its UNIX origins are very much in evidence, which makes it a perfect development environment.) I wouldn’t recommend it to someone who was just looking for a casual machine – it doesn’t represent value for money for those kinds of use cases – but for people who use computers every day for their jobs, and need a laptop, I’m beginning to think you can’t beat it.

For what it’s worth, this blog is now available over on the Kindle Store for the Amazon-imposed price of $1.99 a month.

Of course, if you do decide to read it on your Kindle, you’re going to lose the standard form of a blog: the distinctive page shell, the list of posts, and probably the comments. Just like if you read it in Google Reader or any other news application. If someone links to this article on Twitter and you use a magazine app like Flipboard on your iPad, you’ll also have a completely different experience. Same exact content; different layout depending on your circumstances.

For reading consumers, this is a significant advance. Circumstances do change: what’s convenient for me to read in bed is different to what’s convenient at the office, on a train or spending ten minutes in a coffee shop. Each of those may require different devices, different software applications and different settings depending on what I’m doing.

For these reasons, software developers and web designers have been used to separating form from content for years. Model-View-Controller is a commonly-used software design pattern that separates data (the model) from both logic (the controller) and visual interface (the view) in a system, ensuring that each can be changed without affecting the others. Now that content is moving wholeheartedly into the digital arena, it makes sense for it to harness some of the same ideas. In a book, the words might be the model, the typography and layout might be the view, and the physical framework of the book itself might be the controller.

That opens publications up to a kind of remixing they’ve traditionally been insulated from. Geeks who love Hacker News but find the interface hard to read can install Georgify to make it more typographically palatable. People looking for emotional inspiration on Twitter can spend a couple of minutes with Twistori, an app that pulls out certain tweets and displays them in an appealing, emotionally resonant way. Mostly these kinds of things have been impossible with Wuthering Heights or The New Yorker.

There are a lot of people, I know, who love the form of books, and who are frightened of that changing, ever. And it won’t: there will always be books. But digital technology gives artists the power to explore new forms for content, that can be disassociated with the content itself and applied, again and again, to different words, in order to create whole new works. If your Twitter stream can be a book, then a book can be a real-time application, or fragments scattered in time and geographic space, or anything you can get your head around. And anyone can remix, and reskin, and make the form – as well as the content – have a life of its own.

If you’re in London on May 14th, Book Hack Day will cover some of these ideas. Regardless, I’d love to read your hacks and play with your words. I think there are many possibilities, and I’m excited to explore them.

I’m starting a funding incubator for open source projects. We’re working with a number of high-profile Silicon Valley investors in order to provide comprehensive funding, as well as advice and collaborative office space, for up to 50 open source projects a year. The Libre Fund provides that most valuable return: openness.

I’m forking Elgg. Continuing a trend, the new version will be called Benjamin. Based on the legendary “classic” 0.9 codebase, it will once again include features like a fully-procedural codebase, iterative event-based architecture and the polite exclamation “Yay!” whenever you upgrade anything.

How latakoo Flight works. You’ve probably heard about latakoo Flight, the project I’m working on as part of an awesome team with an ethos I’m proud to stand behind. How does it send high definition video so far? In this in-depth article, I’ll discuss our proprietary video solution, which converts high quality video from a variety of formats into ASCII art, then a zip file, and then back into beautiful, high resolution video.

I’m putting all my energy around a new project. Using cutting-edge web technology, GPS geolocation and mobile interfaces, Urinmate is a publicly-editable geo-database that will tell you where the nearest usable public restroom is. Preloaded with the locations of all the McDonald’s and Starbucks locations in the world, we anticipate that this will become an invaluable tool for the incontinent, those with prostate problems and the nervous.

Def Code is Poetry Jam. Developers from all over the world are invited to an inspiring night of spoken word coding.

This is why I don’t do April Fool’s jokes.