Back to windows after twenty years

Apple’s stubborn four-year refusal to fix the terminally broken butterfly keyboard design led me to a crazy experiment last week: Giving Windows a try for the first time in twenty years.

Not really because I suddenly had some great curiosity about Windows, but because Apple’s infuriating failure to sell a reliable laptop reluctantly put me back in the market. So when I saw the praise heaped upon the Surface Laptop 3, and particularly its keyboard, I thought, fuck it, let’s give it a try!

Looks good, doesn’t it?

The buying experience was great. There was nobody in the store, so with four sales people just standing around, I got immediate attention, and typed away a few quick sentences on the keyboard. It felt good. Nice travel, slim chassis, sleek design. SOLD!

The initial setup experience was another pleasant surprise. The Cortana-narrated process felt like someone from the Xbox team had done the design. Fresh, modern, fun, and reassuring. Apple could take some notes on that.

But ultimately we got to the meat of this experience, and unfortunately the first bite didn’t quite match the sizzle. The font rendering in Windows remains excruciatingly poor to my eyes. It just looks bad. It reminded me of my number one grief with Android back in the 5.0 or whenever days, before someone at Google decided to do font rendering right (these days it’s great!). Ugh.

I accept that this is a personal failure of sorts. The Windows font rendering does not prevent you from using the device. It’s not like you can’t read the text. It’s just that I don’t enjoy it, and I don’t want to. So that was strike one.

But hey, I didn’t pluck down close to $1800 (with taxes) for a Windows laptop just to be scared off by poor font rendering, right? No. So I persevered and started setting up my development environment.

See, the whole reason I thought Windows might be a suitable alternative for me was all the enthusiasm around Windows Linux Subsystem (WSL). Basically putting all the *nix tooling at your fingertips, like it is on OSX, in a way that doesn’t require crazy hoops.

But it’s just not there. The first version of WSL is marred with terrible file-system performance, and I got to feel that right away, when I spent eons checking out a git repository via GitHub for Windows. A 10-second operation on OSX took 5-6 minutes on Windows.

I initially thought that I had installed WSL2, which promises to be better in some ways (though worse in others), but to do so required me to essentially run an alpha version of Windows 10. Okay, that’s a little adventurous, but hey, whatever, this was an experiment after all. (Unfortunately WSL2 doesn’t do anything to speed up work happening across the Windows/Linux boundary, in fact, it just makes it worse! So you kinda have to stick with Linux tooling inside of Linux, Windows outside. Defeating much of the point for me!).

So anyway, here I am, hours into trying to setup this laptop to run *nix tooling with Windows applications, running on the bleeding edge of Windows, digging through all sorts of write-ups and tutorials, and I finally, sorta, kinda get it going. But it’s neither fast nor pleasant nor intuitive in any way. And it feels like my toes are so stubbed and bloody by the end of the walk that I almost forgot why I started on this journey in the first place.

I mean, one thing is the alpha-level of the software required to even pursue this. Something else is the bizarre gates that Microsoft erects along the way. Want to run Docker for Windows on your brand new Surface Laptop 3? Sorry, can’t do that without buying an upgrade to Windows Pro (the $1800 Surface Laptop 3 apparently wasn’t expensive enough to warrant that designation, so it ships with the Home edition. Okay, sheesh).

The default Edge browser that ships with Windows 10 is also just kinda terrible. I clocked a 38 on the Speedometer 2.0 test, compared to the 125 that my MacBook Pro 13 ran with Safari. (But hey, there’s another beta version of Edge, the one that now uses the Chrominum rendering engine, and that got it to a more respectable 68.)

Anyway, I started this experiment on a Monday. I kept going all the way through Friday. Using the laptop as I would any other computer for the internet, and my new hobby of dealing with the stubbed toes of setting up a *nix development environment, but when I got to Saturday I just… gave up. It’s clearly not that this couldn’t be done. You can absolutely setup a new Windows laptop today to do *nix style development. You can get your VS Code going, install a bunch of alpha software, and eventually you’ll get there.

But for me, this just wasn’t worth it. I kept looking for things I liked about Windows, and I kept realizing that I just fell back on rationalizations like “I guess this isn’t SO bad?”. The only thing I really liked was the hardware, and really, the key (ha!) thing there was that the keyboard just worked. It’s a good keyboard, but I don’t know if I’d go as far as “great”. (I still prefer travel, control, and feel of the freestanding Apple Magic Keyboard 2).

What this experiment taught me, though, was just how much I actually like OSX. How much satisfaction I derive from its font rendering. How lovely my code looks in TextMate 2. How easy it is to live that *nix developer life, while still using a computer where everything (well, except that fucking keyboard!) mostly just works.

So the Surface Laptop 3 is going back to Microsoft. Kudos to them for the 30-day no questions return policy, and double kudos for making it so easy to wipe the machine for return (again, another area where Apple could learn!).

Windows still clearly isn’t for me. And I wouldn’t recommend it to any of our developers at Basecamp. But I kinda do wish that more people actually do make the switch. Apple needs the competition. We need to feel like there are real alternatives that not only are technically possible, but a joy to use. We need Microsoft to keep improving, and having more frustrated Apple users cross over, point out the flaws, and iron out the kinks, well, that’s only going to help.

I would absolutely give Windows another try in a few years, but for now, I’m just feeling #blessed that 90% of my work happens on an iMac with that lovely scissor-keyed Magic Keyboard 2. It’s not a real solution for lots of people who work on the go, but if you do most of your development at a desk, I’d check it out. Or be brave, go with Windows, make it better, you pioneer, you. You’ll have my utter admiration!

Also, Apple, please just fix those fucking keyboards. Provide proper restitution for the people who bought your broken shit. Stop gaslighting us all with your nonsense that this is only affecting extremely few people. It’s not. The situation is an unmitigated disaster.

Basecamp no longer requires Google for two-factor authentication

When it became clear to us last year that using SMS for two-factor authentication (2FA) was insecure, we kinda panicked. We’d spent a lot of time originally building that SMS-based 2FA login system for Basecamp, and the prospect of having to build an entirely new system compatible with proper authentication apps seemed daunting. Especially with major security liability hanging over our head.

So we went the easy route, and handed the 2FA authentication flow over to Google, using their Google Sign-In APIs. Now, that certainly gave us an immediate and secure solution. Nobody is disputing that Google knows security.

But requiring people to have a Google account to get a 2FA-protected Basecamp was an uncomfortable compromise. There are about a million good reasons for why you wouldn’t want Google to know everything about when you log into apps all over the internet. Google’s business is literally based on collecting as much data as possible, so it can use it all against you for ad targeting. That’s just not a regime we feel comfortable encouraging, let alone requiring.

So I’m thrilled to announce that we got our shit together and built our own, wonderful, and secure 2FA login protection for Basecamp. Google Sign-In still works, but it’s deprecated, and we’ll no longer be recommending it going forward.

Our new secure 2FA solution is built on the TOTP standard with backup codes as a fallback. So you can use any TOTP compatible authentication app, like Authy, 1Password, or Duo, and it works for all versions of Basecamp (here’s how to set it up in Basecamp 3 and Basecamp 2), as well as our legacy apps Highrise, Backpack, and Campfire.

Big kudos to Rosa Gutiérrez from our Security, Infrastructure & Performance team for putting our fears about doing our own TOTP-based 2FA system to shame. She led the project, did the work, and the final result is just great.

Finally, it feels good to have one additional area of the business free from Big Tech entanglement. We also dumped Google Analytics a few months back from Basecamp.com (relying on Clicky.com instead), and we’ll continue the work to untangle ourselves from Google and the rest of the industry behemoths. It’s a long slog, it’s unlikely ever to be fully complete, but every little bit helps.

Oh, and please, if you haven’t already, turn on 2FA to protect your Basecamp account. And if you aren’t already, use a password manager, like 1password. If you’re reusing a password on Basecamp, and you’re not protected by 2FA, you’re at a grave risk of having your account compromised. We work hard to protect everyone at Basecamp, but nothing will protect you online like using 2FA and a password manager everywhere you go.

Let’s stop shaking people down for their email addresses

When we launched Shape Up, we consciously didn’t want that book trapped behind a sleazy quid pro quo requirement for an email address. And now we’ve gone back to fix the mistake that was asking for one with Getting Real, our free ebook from 2006 about how to build a successful web application.

If you have a mailing list that’s worth signing up for, you don’t need to trick, cajole, or bribe people in other to get them on board. You only need to do that when you know that most people wouldn’t voluntarily join. That’s a pretty weirdly coercive play.

But that’s true of a lot of the industry BEST PRACTICES. There’s a whole cottage industry of bullshit around how CONTENT MARKETING is supposed to work. Ugh. Even just that word: CONTENT MARKETING. I can’t say without a slight gag.

If you have something to say, say it. If you have something to share, share it. Don’t invent things to say or to share just such that you can package up that pink slime as a golden nugget of truth to trade for someone’s contact information.

That’s the same insincere, manipulative logic behind influencer marketing. It’s all about disguising the sale with a thin, flimsy layer of purchased credibility. No wonder we’re all so skeptical and cynical these days. Because we have a million good A/B-optimized reasons to be.

Not everything needs to be tracked. Not everything needs to pay off. It’s perfectly fine to do things because it’s fun, feels good, is interesting, tickles your brain, or just helps someone out.

Enjoy Getting Real! Keep your email address in your pocket.

Marking the end of pixel trackers in Basecamp emails

When Mike Davidson blew the lid off the invasive and appealing read receipts in a new personal email client called Superhuman, it brought about a full discussion of email tracking in general. At Basecamp, this lead to the conclusion that we wanted nothing to do with such tracking.

It wasn’t like we were doing anything as nefarious as those nasty Superhuman trackers, but still, we used the default settings in our mailing list software, which aggregates open rates, and had our own diagnostics tracker, to provide debugging insight for support.

But neither of those two use cases felt compelling enough to justify tracking everyone’s emails all the time. Reading an email shouldn’t leave a long data trail, regardless of whether that trail is used in fairly innocuous ways, like an aggregate open-rate calculation, or in its most devious, like spying on whether a personal email has been seen and from where.

So we killed the diagnostics tracking and turned off the mailing list tracking too. Now the only “tracking” that emails from Basecamp will do is to mark the message you’re seeing in your email as read within the application (and only if you’re a registered user). A feature in service of the recipient, not the sender, not us.

The tech industry has been so used to capturing whatever data it could for so long that it has almost forgotten to ask whether it should. But that question is finally being asked. And the answer is obvious: This gluttonous collection of data must stop.

So we keep taking the steps at Basecamp to examine our use of data, stop collecting it unless its strictly necessary in service of customers, and cut down all the ways we may be sharing it with others (dumping Google Analytics from our marketing pages is next!).

Privacy isn’t just the right thing to do, it’s also better business. Discerning customers are already demanding it, and everyone else will too soon enough.

You can heal the internet

The internet is hurting. It’s been colonized and exploited by a small cabal of tech companies. It’s taken most of us a while catch up to the gravity of the situation, but grave it is.

Yet we all sit with the power to ease the pain, even if we can’t cure it in an instant. You don’t have to go cold turkey on everything Big Tech. That’s almost impossible at the moment. Such is the stronghold. But every little bit helps.

So does the perspective that an alternative doesn’t have to give you 100% of what you were getting to be worth the switch. Yeah, so DuckDuckGo might not match Google on every search, but it’s more than good enough to be good enough most of the time.

The world is full of alternatives to the Big Tech offerings that give you 95% of the utility for 0% of the regret. But if you can’t even be bothered to give up 5% to help an alternative along, you also can’t be surprised when the alternatives are so few and far between.

You can heal the internet. One choice – one search! – at the time.

The worst part of hiring

We ask a lot of job applicants at Basecamp. First, they have to make it through a long, detailed description of the opening. Then we request a dedicated cover letter that’s unique to Basecamp. And then there’s the polishing of a CV. It can easily take hours to apply to a job at Basecamp.

It used to be even worse too! For programmers, for example, we’d ask everyone upfront to submit code samples as part of their first application. Finding a good piece of code, either through open source, learning apps, or whatever, takes time. (Thankfully we don’t do that any more. You have to make it to the second round for us to talk code.)

So it’s not an unreasonable expectation to hope for some detailed feedback if the application isn’t successful. It’s entirely human to wish for feedback on “why didn’t I progress in process?”, “what could I have done better?”, “what else were y’all looking for?”.

And yet the math simply makes that impossible for us. A recent opening for a senior programmer drew over 400 applications (for customer support, we’ve seen over 1,000 applications per opening!). For that programmer role, someone spending just 20 minutes giving diligent feedback per application would keep them busy for almost 7 weeks, if they worked on that for 4 hours per day, 5 days a week!

That really sucks! It’s easily the worst part of hiring to reject hundreds of applicants who’ve put in a lot of their time with a generic “thank you for applying, but unfortunately we’ve moved forward with other candidates!”. Ugh.

So the least we can do is to be honest that this is the process. And, evidenced by the feedback from several applicants in the last hiring thaw, we clearly failed at that. So apologies to everyone who had reasonable expectations of some actionable feedback, and were left cold with a generic rejection.

Next time we’ll spell it out in the post. And applicants can make a more informed decision as to whether it’s worth their time given the risk that the sum of a response might well boil down to “thank you so much, but sorry!”.

Hiring is hard.

It’s high time to rewrite the hiring script

The disconnect between how many companies claim that they only hire the best and how they try to actually do that is perverse. A depressing number of job postings are barely more than a list of technology or process requirements paired with an arbitrary desire for years of irrelevance. That’s then fluffed up by a bunch of trite rah-rah bullshit about the supposed glory of hiring company. Ugh.

It really doesn’t have to be like this, but it’ll continue to be like that until companies drastically change their hiring script.

Let’s start with how the process is driven. Far too often, hiring is made someone else’s job. Not the responsibility of the team leader nor subject to input from future coworkers. Instead, the job posting is written by someone in HR or the executive who’s too far removed from the domain or the specifics to do a good job.

Second, the matter is rushed because “we need someone yesterday” and “how hard can it be”. No wonder most job ads look like they’ve been cut from the same template because they probably have! Writing a good job posting is hard because it requires you to actually think about what the position entails and how to realistically portray the organization it’s within. This takes time.

At Basecamp, we have no illusions that we’re going to hire “the best”. In fact, even thinking about candidates in such absolute terms is nonsense. The world is full of people who are stuck doing mediocre work in a shitty environment or blessed to do stellar work by virtue of an elevating one. Most people are well capable of doing both! The only thing that makes sense is to hire the best – defined as most complementary to the organization – person out of the candidates who apply.

Which is why taking the time to describe the role, the work, and the organization with clarity and honesty matters so much. The vast majority of potential candidates in this world are not going to apply to your position in any case. The aim of a great job posting is to expand the pool in awareness of that fact. To entice those complementary candidates to apply who might otherwise wouldn’t have. Dropping this “the best” nonsense is a start.

So that’s what we’ve tried to do with renewed vigor over the past few months here. We’ve been in an uncommon hiring spree with five open positions recently. Every single one of those involved a prolonged, careful process of crafting the best job posting we knew how. Yes, some of the framing is similar between the posts, but each one was written for that particular position. Then subjected to critique, review, and editing by a broad cross-section of future coworkers. I think it shows.

It’s a banal statement that hiring is some of the most important work that an organization does. But that doesn’t make it any less true. Although perhaps the endless repetition of that thought has dulled most people to its wisdom, and they’ve failed to act as though they believe it.

Next time your company is hiring, try to get involved. If you like the way we write job postings at Basecamp, feel free to be inspired, but do the authentic work to make them yours. Your next hire will thank you!

Not too proud to ask

I hear from people all the time who’ve been following this blog, read our books, been loving Rails, become impressed by a job post, or been inspired by a conference talk we’ve given. It’s intensely gratifying to hear how something you put into this world has had a chance to affect someone. Especially when the impact was large enough to open up a novel perspective or prompt real change. It warms.

But it also disappoints when I ask whether the person has tried Basecamp and the answer is “oh, I haven’t, we use [some assortment of big tech / valley combination] – hadn’t even thought about it”. Though the disappointment is not so much in the person as in ourselves. We’ve failed to do the work; failed to draw the connection.

Part of it is the lazy assumption that since you’ve been around for a long time, then of course people who like your philosophy or perspective would know what you make, and would have given it a try. We’ve been making Basecamp for over 15 years, so that erroneous assumption has had a long time to fester.

But that’s not how it works. If you want people to give your product a chance, you gotta ask them. Most companies do this via marketing budgets. They ask a bunch of strangers to try their product that they’ve targeted through the mechanisms of surveillance capitalism. We’ve historically been pretty hands off on ad spend, and remain staunchly opposed to invasive ad targeting.

What we’ve done instead is rely on the goodwill and word of mouth that making, sharing, and teaching affords. And it’s worked well, but it isn’t automatic. You have to activate that goodwill, if you want it to translate into sales that sustain all that making, sharing, and teaching. I don’t think we’ve done a great job at that lately. We’ve taken it for granted.

But how do you ask people who might not be your friends, but don’t feel like strangers either, if they’d try your product? Not just once five years ago, but regularly, without coming off as an annoying, self-promoting shill? I think that’s still largely an open question, but I’m really interested in trying to find the answers.

While we search, though, I thought I’d just remind myself to keep it simple and to keep it direct. So I’m not too proud to ask: Have you given Basecamp a try recently? If you like how we think about work, culture, and people, I think you’re going to like how we make software too. We’ve poured all of us into Basecamp. It would mean a lot if you’d give it a try ❤️

Scrutiny is the prize of success

There’s an unfortunate pattern amongst the Silicon Valley set whenever a startup heralding from their midst is subjected to even mild scrutiny. It’s perhaps best illustrated in its archetype by this tweet from Paul Graham:

(Screenshot provided for legion of Twitter users blocked by @paulg 😄)

In 2008, Facebook had a mere 100 million users. In 2018, they had over 2 BILLION users. The scope of a startup’s impact and influence is correlated to the amount of scrutiny it receives. This is a feature, not a bug!

And while Facebook is almost too easy of an example of this pattern, it’s far from the only one. Just yesterday, Mike Davidson wrote about the appalling and abusive read receipts feature in a new email client called Superhuman. The general response from Valley boosters was predictably disappointing (peruse @mikeindustries for countless examples), but I want to pull out one subtweet that struck me as another example in Graham’s spirit:

Do you see a thread here? It’s like the thinking goes that success does not attract scrutiny because of the broader impact it affords, but simply because conspiracy theorists are trying to hold down the makers! Yeah, the current Valley darling for email that’s received tens of millions in venture funding and is valued at a quarter of a billion already is the scruffy underdog. And just received a glowing puff piece in the NYT that didn’t address the privacy angle much. Ehhh…

I get it. Tribalism is in our DNA, and there’s nothing inherently wrong with rooting for the (spiritual or geographical) home team. But when that affection becomes a set of blinders or an apologist shield, you can’t be surprised when the broader community raises an eyebrow and is encouraged to dig deeper.

The reason this matters is that what may seem like small decisions early on become the basis for many more decisions down the road. These decisions affect your ethical trajectory as a company.

Mike Davidson

Davidson’s point about the ethical trajectory of a company is spot on. But it goes even further than the single company. There’s an ethical trajectory of a whole ecosystem, and the one in Silicon Valley is in need of some serious recalibration. Springing to the defense of appalling privacy abuses with excuses like “well, everyone else does it” only reveals just how dire the need is for that recalibration. A process that has to start with one company at a time.

But even if Silicon Valley was a beacon of ethical behavior, you’d still want successful startups on a strong trajectory to have their business model and practices subjected to scrutiny in proportion to their success. The more people are using something, the greater the potential for harm (and good). This isn’t rocket science.

Successful startups (and their boosters) should celebrate the scrutiny when it arrives by listening and making changes in actions and culture. The earlier you catch yourself drifting off course, the easier it is to get back on track. Not just of your goals for SUCCESS, but for being an ethical, responsive, and responsible company that even people outside the Valley can cheer for.

When did work-life balance become such a bad thing?

The term work-life balance has taken a beating lately. It seems to be a favorite punching bag for grandstanding about what you really need is integration or that balance is a mirage anyway. Wat?

Balance simple means that each portion of the system has a sustainable weight which keeps the composition in harmony. Going down a pedantic, semantic rabbit hole of “well, actually, work is part of life, ergo seeking balance is wrong” is some perfidy circular logic.

It’s possible to enjoy, like, or even love work, and yet also appreciate life away from work. Appreciate the breaks and the distance from work that rewards us with perspective. Scheduling such regular breaks by limiting the hours spent working during a normal week, and taking plenty of vacation away from it entirely, is not some exotic, impossible arrangement. It’s the pursuit of just that balance.

So let’s take a break from worksplaining the concept of work-life balance into a negation. Balance is neither bad nor impossible. It’s the cornerstone of a healthy, productive, and sustainable state of being.