A Hosty Retreat

Basecamp has taken a clear stance against tracking on the web, so when we learned (via a tweet to DHH) that our podcast hosting provider had introduced listener-targeted advertising, we decided to decamp to a different company. On the latest episode of the Rework podcast, Wailin talks to Lex Friedman, chief revenue officer of Rework’s old podcast host, about what they’re doing with targeted ads. Then she talks to Justin Jackson, co-founder of our new podcast host, about how he’s approached building his startup.

Meet Andy

Basecamp’s new head of marketing, Andy Didorosi, comes on the Rework podcast to talk about how he started a bus company in his hometown of Detroit to help fill a gap in public transit; what he learned about building a business with a “buy one, give one” social mission; and why he left the company he founded to join Basecamp.

If you missed our previous episode on hiring a first-ever head of marketing, you can catch up here!

Skip level meetings: What they are, and exactly how to run them

If you manage other managers, holding skip level one-on-one meetings with their direct reports is paramount. Here’s how to do ’em.

If you’re a manager of managers, skip level meetings are your lifeline. I don’t mean to sound bombastic, but if you’re a CEO, executive, or director who manages other managers — then skip-level meetings are an essential way to keep your ears on the ground.

Skip… what? If you’re anything like me, when I first heard the term “skip level meeting,” I was befuddled. Yes, I held one-on-one meetings with my team. But as the team grew and I had a manager who had someone else reporting to them… I wasn’t talking to their direct report with any regularity. How was I supposed to ever learn what that team member was thinking and feeling about the company if I never talked with them?

Keep reading “Skip level meetings: What they are, and exactly how to run them”

Basecamp no longer requires Google for two-factor authentication

When it became clear to us last year that using SMS for two-factor authentication (2FA) was insecure, we kinda panicked. We’d spent a lot of time originally building that SMS-based 2FA login system for Basecamp, and the prospect of having to build an entirely new system compatible with proper authentication apps seemed daunting. Especially with major security liability hanging over our head.

So we went the easy route, and handed the 2FA authentication flow over to Google, using their Google Sign-In APIs. Now, that certainly gave us an immediate and secure solution. Nobody is disputing that Google knows security.

But requiring people to have a Google account to get a 2FA-protected Basecamp was an uncomfortable compromise. There are about a million good reasons for why you wouldn’t want Google to know everything about when you log into apps all over the internet. Google’s business is literally based on collecting as much data as possible, so it can use it all against you for ad targeting. That’s just not a regime we feel comfortable encouraging, let alone requiring.

So I’m thrilled to announce that we got our shit together and built our own, wonderful, and secure 2FA login protection for Basecamp. Google Sign-In still works, but it’s deprecated, and we’ll no longer be recommending it going forward.

Our new secure 2FA solution is built on the TOTP standard with backup codes as a fallback. So you can use any TOTP compatible authentication app, like Authy, 1Password, or Duo, and it works for all versions of Basecamp (here’s how to set it up in Basecamp 3 and Basecamp 2), as well as our legacy apps Highrise, Backpack, and Campfire.

Big kudos to Rosa Gutiérrez from our Security, Infrastructure & Performance team for putting our fears about doing our own TOTP-based 2FA system to shame. She led the project, did the work, and the final result is just great.

Finally, it feels good to have one additional area of the business free from Big Tech entanglement. We also dumped Google Analytics a few months back from Basecamp.com (relying on Clicky.com instead), and we’ll continue the work to untangle ourselves from Google and the rest of the industry behemoths. It’s a long slog, it’s unlikely ever to be fully complete, but every little bit helps.

Oh, and please, if you haven’t already, turn on 2FA to protect your Basecamp account. And if you aren’t already, use a password manager, like 1password. If you’re reusing a password on Basecamp, and you’re not protected by 2FA, you’re at a grave risk of having your account compromised. We work hard to protect everyone at Basecamp, but nothing will protect you online like using 2FA and a password manager everywhere you go.

The 5 mistakes you’re likely making in your one-on-one meetings with direct reports

Don’t waste your time. Make sure you’re getting the most out of your one-on-one meetings with your direct reports. 

You’re feeling good: You’ve started to hold regular one-on-one meetings with direct reports. But have you paused to ask yourself, lately, “Am I making the most of them?”

The question is worth asking. One-on-one meetings with direct reports can have a surprisingly large impact on your team’s performance. In Google’s widely known 2009 manager research code-named “ Project Oxygen,” they found that higher-scoring managers were more likely than lower-scoring managers to have frequent one-on-one meetings with their team members.

Keep reading “The 5 mistakes you’re likely making in your one-on-one meetings with direct reports”

Q&A: How do I win in a packed category?

Today I got an email from a fellow who asked:

I’ve been trying to think about my next B2B play but everytime I think of an idea I stop myself due to how saturated the markets are. How do you still win in a packed category? I feel like it’s a lot harder to win now than it was 10 years ago.

-J.B.

Starting something new can definitely be intimidating. Especially when there are already lots of other people/companies with a huge head start. I feel you.

But I’m going to ignore all that and focus on what I think is the bigger concern with the mindset represented in the email: This person asks “How do you still win in a packed category?”

Winning what? Winning who? Winning it all? Taking everything? That’s an insurmountable mountain of intimidation right there. Don’t do that to yourself.

How about just making something that can sustain itself? Why do you need to win it all? Why would you ever want to make it that hard on yourself?

Build something good, keep your costs low, keep your growth in check, hold back your expectations, find some customers, charge them money for your good/services, make more than you spend, and you’ll buy yourself another day, or week, or month, or year in business. Just aim to stay open, don’t aim to win anything from anyone. Staying afloat is a win for yourself.

Just start there. The odds are still against you, but they’re a whole lot better than trying to win it all.

Nevermore, Amazon

In the spring of 2019, Danny Caine, the owner of the Raven Book Store in Lawrence, Kansas, overheard a customer saying she could buy a new hardcover online for $15. Danny took to Twitter to explain the economics of independent bookstores and the thread went viral, putting the 32-year-old small business in the national spotlight. Danny comes on the Rework podcast to talk about why his activism and outspoken stance against Amazon haven’t just felt right, but been good for business too.

Open source and power with Matt Mullenweg

Yup, I put the graphic back in

A couple of weeks ago, Automattic announced it had raised $300 million from Salesforce Ventures in a Series D round. In an interview with TechCrunch, Automattic founder and CEO Matt Mullenweg said:

“I think there’s potential to get to a similar market share as Android, which I believe now has 85% of all handsets. When you think about it, open source has a virtuous cycle of adoption, people building on the platform and more adoption.”

That comment kicked off a Twitter discussion between Matt and David Heinemeier Hansson about funding and tech monopolies. Then, in a rare example of Internet discourse taking a positive turn instead of devolving into a Godwin’s Law-fueled nightmare, Matt and David got on the phone to keep the debate going. We recorded their conversation and released it as the newest episode of the Rework podcast.

When to give feedback to an employee?

A perfect time to give feedback doesn’t exist – but some times are better than others. In deciding when to give feedback to a direct report, consider these 4 things.

“When is the right time to give feedback to an employee?” A manager asked me this last week during a workshop I gave at the Business of Software Conference.

He elaborated:

“Sometimes, I want to give feedback but I’m worried it’s going to come across as too petty, or that I’m nitpicking. Should I wait until there’s a time when it’s about something a bit bigger? Or should I give the feedback immediately to them, regardless? Is there ever a right time to give to feedback?”

I told him that he wasn’t going to like my answer: It depends.

Depending on who the person is, what the feedback is, what is going on in the work environment, and even what mental state you are in – all are factors into when to give feedback to an employee. Choosing the timing well is important. It has a big impact on how likely the person is going to change their behavior based on your feedback, going forward.

Keep reading “When to give feedback to an employee?”