Foo Hack » Bright Ideas Not Yet Realized Isaac Schlueter on Web Development Tue, 03 Nov 2015 06:34:16 +0000 en Why I’m Not Working on My Startup (Yet) Mon, 04 Aug 2008 17:00:11 +0000 Isaac ...Read More]]> I’m not sure if it’s nature or nurture, but either way, the savvy gambler will bet that I’m going to run my own company at some point. I grew up in an entrepreneurial house. I share a Y-chromosome with a guy who built up a company and made it work with the (un)usual combination of moxie and dedication and wit that makes any business work. And, he did so with two small children. No small feat.

I’ve always planned on starting my own company. I’ve been a fan of Paul Graham’s writing ever since I discovered it. I live in Silicon Valley, and the startup vibe is in the air. I work as a web developer, and I’m good at what I do. I am very interested in the business of software, and have a lot of ideas about how things could be done in new and better ways. It’s not so much “if”, but “how” and “when”.

I’ve worked at Yahoo for 2.5 years now, already about 6 months longer than I’d initially expected to. Compared with working at a small company, it has many advantages. I’ve had the opportunity to be a part of several different projects, and Yahoo can afford to pay quite a bit more than my former employer ever could. I’ve been able to talk to and work with some of the most gifted hackers I could ever hope for. When I got the job, it was really a dream come true, and I’m still proud to be one of the cogs in this engine. It’s been even more satisfying than I’d thought it would be.

But there are drawbacks as well. In a company of Yahoo’s size, bureaucracy creeps in. Decisions are sometimes made very far from the code, and even further from the users. Despite Jerry’s and Ari’s best intentions—and sternest directives—when they talk about Open Initiatives, the “not invented here” syndrome can cause big problems. I don’t think I coined the term, but I’ve taken to referring to the malaise as the “purple cloud”, a stifling and noxious gas that obscures reason and reduces visibility. No doubt about it: that part of the job sucks.

On an almost daily basis, I’m tempted to quit and strike out on my own. Yahoo is an unusually good employer. But despite the perks, as long as I work at Yahoo, I don’t work for Isaac. I might love the company, love what we’re doing, love the opportunities it affords, but there is a definite lack of control and lack of ownership that leaves me unsatisfied sometimes. Being a manager wouldn’t solve the problem; it would make it much much worse. At least as a hacker, I fully own the code I write. If I can’t be on the top, I’d rather be as close to the code as possible. (Best would be both at once, of course.)

So Why Not Leave?

I’ve been reading a lot of articles recently with titles like Why you should quit your job and start a company and Why you should keep your day job and work on your startup at night. I know my hacking rhythm pretty well by this point.

What I’ve gathered from these resources and my own introspection is:

  1. It’s incredibly hard to focus on a startup and also have a separate full-time job.
  2. It’s even harder to focus on a startup and not pay rent or eat.
  3. If I spend less than 50 hours a week working, I’ll go crazy.
  4. If I spend more than 30 hours a week working on something I don’t love, I’ll go crazy.
  5. If I’m working on something I love, and I’m not working on it all the time, I’ll go crazy.

Going crazy is not an option. This isn’t the fun crazy with mania and interesting delusions; more like the super-depressed, hate-my-life, stop-communicating-with-other-humans kind of crazy. I’ve been there before. Life’s too short for that.

The “8+2″ workday wouldn’t work for me. I’ve tried it. I hated it, with a burning passion. I’ve always had side projects, but they remain on the side (like this blog.) I go through phases of being very interested and working hard on them, and completely ignore them at other times. If I had to focus on them enough to turn them into something that users would pay money for, it would have to turn into a full-time gig. My ventures into paying side-projects were tremendous failures for that reason.

Even more importantly, I can’t work just 8 hours a day. Either you ride the biorhythm, with its highs and lows, and capitalize on every bit of go-time that your brain gives you, or you crank out boring hours for your handful of dimes. “Healthy work-life balance” is for bank tellers. An artist doesn’t stop being an artist when he goes home.

I love what I do at Yahoo, and I care enough about what we create that I want to focus all my energy on creating value for users. It’s good practice. But as long as I work at this job, I won’t have enough left over at the end of the day to seriously invest in anything else. Some people can find a middle ground there; I’ve learned that I can’t, and I’m ok with that.

I also really hate worrying about bills. One joy of working for Yahoo is that I get paid enough that I don’t know exactly how much a cup of coffee costs. In poorer times in my life, I was acutely aware of every nickel increase in the cost of a pack of cigarettes. That sucks. Living economically is just good sense; deciding whether your last $10 should be spent on gas or dinner seriously gets in the way of enjoying life.

Having My Cake…

Here’s my plan: keep working at Yahoo for the next 2-3 years or so. Pare down my expenses as much as possible during that time, and sock away as much money as I can. When I have enough saved to live for at least a year without a job, I’ll quit my job and work on whatever idea seems the most promising at that time.

You see, the idea is the cheapest part. Ideas are so plentiful once you learn how to cultivate them, they may as well be falling from the sky. And my ideas have tended to be at least good enough, even if they’re not exactly earth-shattering. In the last year, I’ve seen two startups execute on ideas I’d had, and they seem to be having some success, which I find extremely comforting. I’m not trying to claim that I could have had the same success, but clearly, “finding an idea” isn’t a limiting factor.

So, assuming that my idea will be there when I’m ready to work on it, I’m saving up to buy myself a year off to work on it, whatever it ends up being. I’ve considered getting a part-time job when the date rolls around, just to bring in enough of a baseline income to pay a few bills without sapping my creativity too much. In a way, it’s a bit like creating an angel investor, one who believes in me 100% and is 100% committed to my success like no one else ever could be.

I realize that this plan is a bit risky. The risk is laziness. A dream without execution has a funny way of staying a dream forever. But I’ve made plans like this in the past, and have managed to be ready when the time came to act. That’s how I got to California, after all.

The real challenge is that I’m really not sure exactly what a year costs. I can sit down and crunch numbers, but everything seems way off. I don’t have nearly enough hard data about my lifestyle, and even less about what it could be. Depending on how I spin my estimates, the range ends up being about ±50% or so, which is useless.

I know that I can live cheaper than I am, but I’m not sure which things ought to be cut, and which things are worth the cost. Maybe coffee is worth $1.46, but not $1.55, when balanced against the PITA of brewing it myself and the joy I get from drinking it, multiplied by the number of cups of coffee I buy. I’m not sure. I do know that, while nicotine is a pleasure I deeply enjoy, there’s really no way to justify the physical and financial cost, and withdrawal will be a serious distraction. So, I’ve been wearing a patch—and breathing easier—since June 1, 2008.

A wise man once said, Never optimize before you profile. Then he said it again and again, because no one seems to listen. When it comes to optimization, our intuitions and guesswork are almost always wrong, and only hard data can be trusted. For the last few months, I’ve been tracking my expenses using and trying to just “act naturally”. Over the next 6 months, I hope to collect enough information about my habits to make wise adjustments.

The 6 months after that will be spent living-as-if, and trying to strike a workable balance. Considering that I make more than double the national household average, and don’t have any kids, I should be able to save enough within 2 years to be able to coast for at least a year, if I just make a concerted effort to stop pissing away so much of it, even at SFBay prices.

Advice Welcome

This sort of plan flies in the face of the white-knuckle hardcore hacker work ethic that seems so prevalent in the startup culture of Silicon Valley. In a way, this is just a rationalization for wimping out. Why put it off until my 30s when I could take that leap of faith now? The way I see it, if a bus is coming along later, why run?

It strikes me as foolish and irresponsible to throw away the opportunity that Yahoo gives me just because I have a distaste for being an employee. (The fact that I have a non-trivial pile of stocks vesting at the end of next year speaks to the wisdom of procrastination, as well.)

I don’t suspect that Foo Hack really draws in the financial planner crowd, but if anyone has any suggestions or experience that might help in the temporary-retirement project, I’d love to hear it. Is this crazy? Am I going about this all wrong? Have you ever done anything like this?

The Internet is (today) a 16 year old child Sun, 01 Jun 2008 06:28:43 +0000 Isaac ...Read More]]> The web today is in its teenage years.

When you were a baby, you had one name (if even that, as far as you were concerned), and a very small network of people that you knew and trusted completely. Access equals trust for a baby. Identity is not worth thinking about, because it’s so simple. Exploration is everything, and while every step is clumsy and every word garbled, it’s all happening for the first time, so it’s magnificent and beautiful. Meaningful accomplishments happen almost daily, and every advance is huge.

The advent of TCP/IP and the HTTP protocol; DNS protocols; the HTML language, and powerful browsers to interpret it; email; the migration of a bunch of different networks into a single over-arching network. These were the internet’s baby steps and first words.

The web entered the “I WANT” phase of toddlerhood through the 90s. Suddenly, the notion that you could actually BUY and SELL things on the web hit the fan. People made MONEY, and that opened up all these doors. Everyone got crazy with the frenzy of it. Venture capital poured into the valley, backed by the absolutely magical idea that advertisers’ budgets would grow as fast as online advertising space. Instead, the simple and timeless rules of supply and demand kicked in, and the bubble burst. The web got put on time-out, and pouted for a while about it.

In the bubble, as in childhood, there were some fantasies crushed, and some lessons learned. We got Yahoo and Google and Amazon out of that frenzy, and a bunch of other technologies and companies and insights that I’m sure we’re all really glad to have. didn’t make it, but let’s face it, was pretty damn stupid. I pick on unfairly, because it’s one of the only failed bubble companies that I remember. But I do remember, and that’s actually pretty respectable, compared to all the other failures that are completely forgotten.

Between the bubble bursting and today, the web has been in Junior High. Angsty, a bit more aware of the world, and just starting to make the first groping steps towards self-identification and social activity; but it’s still essentially immature. Friendster and Blogging and MySpace and Facebook got everyone realizing that the web really is a person-to-person thing, and not just a company-to-consumer thing. And of course, there have been posers at the party, just trying to look and act like the popular kids to get attention. You know the sites I mean. It’s a revolutionary new site! It’s got badges, and you can build a friend list! Upload your avatar! But you do that, and realize, there’s nothing here.

As in junior high, splitting the quality from the chaff is pretty tricky. I didn’t sign up for Twitter for a long while, just because I’ve gotten burned by the early adopter tax too many times. Yes, I know all these sites don’t cost money, but they do cost time, and that’s a limited resource. If I sign up and enter my info and upload an avatar and find my friends, and then never use the site, I’ve just wasted a lot of time. And it’s not fun enough to justify the expense.

The High School years, and especially the “tweens” from about 9 to 13, are often marked by exactly this sort of constant self re-invention, but it’s very superficial. You identify with a tribe based on music, or hair styles, or clothing. It’s practice for the real world when no one will establish our identities for us. Since they don’t really understand yet who they are as people, or what kinds of people they really want to be around long-term, kids in this age tend to get by with trial and error. Before this age, children don’t really “own” their identity; they are what their parents say they are. By the time they get to High School, they’re driving the identity ship, even if they do sail it around in circles.

The “social networking” sites, even the more useful or popular ones, are essentially shallow. There is a concept of a “friend”, and that’s it. Either we are friends, or we aren’t; maybe there’s 2 or 3 groups that I can put my friends in, but that’s just 2 or 3 binary choices instead of 1—there’s still very little richness. We need to invent our identity and pick our clothes every time we want to use a website. Without a lot of formal introductions, this group of friends knows nothing about my other groups. And so on.

Some people make a few life-long friends in High School, but that’s pretty rare, I think. More common are people who part ways, and then meet again after college, and find that they once again enjoy each others’ company. Far more common than that, though, are people who branch off after high school, and never look back, (except when they get a friend request on Facebook, that is, and even then it’s just a bit of Oh, you’re doing good? Me, too. You hear Joe had a kid? Yeah, I know. Well, take care! and then they go back to doing their own separate lives again.)

In college, things generally change. Some kids keep experimenting with different faces for a while, but at some point, they realize that they’re going to have to be grown-ups, and they’re hopefully faced with enough challenging work that the games get to be less relevant. When you have to keep a C+ average to stay on the football team and keep your scholarship, it doesn’t make much sense to be mean to nerds. The adults around you gradually stop telling you what to do, and instead tell you to pick what you want to do. The depth of our social interaction changes, as well. People date in high school; in college, people get married and have kids. (Not many of them any more, but we all probably knew someone who graduated pregnant. I was born while my parents were both students at USD.)

When you get out of college, they stop telling you to pick what you want to do. If you don’t want to do it, you don’t. The relationships are as deep or meaningless as you want them to be. You’re limited only by your own imagination.

I think that, today, we’re somewhere close to the highschool/college cusp. If the web is a child, it’s about 16; just got its drivers’ license, but still doesn’t have anywhere really worthwhile to go. The most interesting aspects of the web’s maturation are, in my opinion:

  1. Consistent, user-owned identity, which doesn’t change from place to place. I’m talking about OpenID, but OpenID is just part of the solution. OpenID is a name, but identity is also a whole brand. We’re not quite there yet, but the OpenSocial API specification and Facebook’s opening up of their APIs promises to lead towards some portability. And of course, there’s Own Your Identity and their yet-to-be released product, which looks very interesting. I’m definitely keeping my eye on that.

    The challenge will be to eliminate the management overhead of multiple personas, without eliminating the expressive power it affords. Your profile on LinkedIn might not be quite the same as your profile on Without user-controlled privacy, there’s no ownership in any meaningful sense, and thus, limited relevance. And, if it’s not easy, it’s not a solution.

  2. Many shallow social networks merging into a single rich matrix. While each site may only have one concept of “friend”, every one of their implications are a little different, and when I can link them all up to a single point of identification, it becomes very powerful and expressive. Just as you can have coworkers, friends, and family, and some coworkers are friends, some friends are family, and so on; if identity was user-owned and consistent, I’d be able to have twitter friends, some of whom I’m also connected to on Flickr, or talk to on IM, and so on. That social matrix exists today, but it’s very difficult to leverage.

    It’s yet to be shown (or even, fully conceived) what kind of information and usefulness can be teased out of this matrix. First, we need straightforward protocols to get at the data, and then I think we’ll all be surprised at how it can be used to enrich our lives.

That’s really what it’s all about: enriching the quality of our lives. People like to bitch about technology, but I think that’s just because people like to bitch. Remember in 1990, when you didn’t have a cell phone? What a compete and utter pain in the ass it was to meet someone at the movie theater? Remember when, if you wanted to show someone a document, you had to print it out—or, worse yet, photocopy it—and physically bring it to them? These are my “uphill both ways in the snow” stories for future generations.

The fact is, these things do make our lives better, overall, even with the new ways that we find to get annoyed by them. I’m very excited about what the Internet will look like when it’s all grown up.

Needed: chpass, finger, and pw for the web Mon, 10 Mar 2008 17:00:38 +0000 Isaac It’s been said that the best startups take a popular Unix command and bring it to the web. But there are a few that are poorly represented. I understand that I may be making a bad career move by discussing this openly on a blog, but quite honestly, my desire as a consumer for a satisfying product is enough to risk—-nay, hope—-that someone else makes a million dollars doing this before I get a chance to.

It’s been said that the best startups take a popular Unix command and bring it to the web. But there are a few that are poorly represented. I understand that I may be making a bad career move by discussing this openly on a blog, but quite honestly, my desire as a consumer for a satisfying product is enough to risk—-nay, hope—-that someone else makes a million dollars doing this before I get a chance to.

I’m thinking specifically chpass, finger, and pw.

I know what you’re thinking. There have been a few forays into this arena. MySpace, Facebook, and Plaxo come to mind, not to mention whatever else some MBA has stuck to a “social network” this week. (It’s just like a regular duck, but this one swims around the lake and lets you put all your friends in a list! I’ll be rich! The sad thing isn’t that he thinks it; the sad thing is that he just might be right.)

The social-for-the-sake-of-being-social sites tragically miss the point. I have resisted getting a Facebook account for a few years now, and even deleted my MySpace account. They seemed to require a lot of time and effort doing basically nothing, and didn’t give me what I really want.

Managing data is not (necessarily) enjoyable

I hate managing contact lists. The worst contact list, the one that is the hardest to manage, is the one in my head. Every day I get older, I get worse at remembering phone numbers, and I like to know who’s calling me. I like to see your picture when you call, see your real name when you email. I want my email program or my phone to know who you are when I start to type the three letters of your name that I can remember off-hand, even (especially!) if you’re someone I don’t talk to often.

That’s why I shelled out $40 for Missing Sync so that my phone and computer can share an address book. I have an Applescript program sitting on my back burner that will sync any contacts I add in Adium into this same collection, and even look up their contact details from Yahoo’s corporate intranet (since most of the time, they’re work mates.) Automated replication is still not great, but it eases the pain of managing multiple lists.

Facebook and MySpace are software platforms designed around the premise that managing a contact list is fun. And it can be in that 12-23 age range where we attempt to define ourselves and carve out our place in the world through our social connections. That’s a key demographic for advertisers. Good for you, Facebook. But if I wanted to spend all this time managing my friendships, I’d have more of them in real life. Ooh, burn! i mean… hey, wait a second..

Plaxo is actually a pretty good approximation of what I’d like to see, at least on the “managing contacts” side of things. Granted, I’ve been spamvited to their service by half a dozen people I hardly know, which is a classic example of “let’s be viral” gone horribly horribly wrong. But their product offering is pretty close. You get one contact list online, and it syncs with other areas. It’s unfocused since they’ve added “Pulse” (basically an RSS aggregator for your other web profiles), but still pretty good.

However, even Plaxo misses a key point, and makes several fatal flaws. I’m actually talking about a profile and contact management system that is much grander.

DRY — What Changed

In a relational database or data map, the idea is to keep a piece of data in only one place, and store the relationships between entities rather than making multiple copies. Most contact management systems, from a little black book to the cell phone contact list to Outlook to Plaxo, fail to implement this simple principle. Instead of making each node in the network keep track of all the data about all the other nodes in which it is interested, instead let each node control its own data, and store links to the nodes in which it is interested.

In the old days of land lines, the phone book was enough. If you knew someone’s name and city, you could get their phone number and, perhaps, their street address by performing a simple lookup. Each user had the option to control how much information was shared with the public. Until the autodialer came to telemarketing, the abuse rate was limited by the cost of using the technology.

Today, each person has many more pieces of contact information, and the cost of abuse is virtually zero. There is no way in hell that I’d let anyone publish my actual cell phone number, and once an email address is exposed, it’s basically useless. Spam fighting is an arm’s race, and an unfair one even for Google and Yahoo to fight.

Why we need those commands on the web

Back to my original point: chpass, finger, and pw.


add or change user database information

In other words, manage my info in one place.


The finger utility displays information about the system users.

In other words, look up the information that other have made available.


create, remove, modify & display system users and groups

In other words, specify who has permission to what.

Many large companies have some sort of online system like this. At Yahoo, it’s the almighty Backyard, the corp website that started as a list of email addresses and grew into a full-scale intranet with contact lookup and LDAP access. (It also features conference room booking and documentation searching and plenty of other handy things. But mostly, it’s still all about the mega employee contact list.)

You manage your own profile, and make sure that your numbers and whatnot are up to date. No one else ever has to worry about how to contact you, because it’s all in one place. However, that only works because access to the backyard system is tightly limited to current employees, so abusing the system would entail serious consequences for the abuser’s reputation (and career).

In other words, we have finger and chpass, but pw is being done manually by the HR department, which limits the possible size of the network considerably.

Abuse Prevention is Extremely Non-Trivial

The easier it is to use a networked contact management system, the easier it is to abuse. The more useful it is for you and your friends and associates, the more useful it is for spammers and scammers. Already, we have to keep our email addresses hidden from strangers. Imagine how much worse it would be if a PPC pusher could just e-finger “isaac.schlueter” and have my home address, email, phone number, instant messenger alias, birthday, and photo. Yes this is exactly the sort of information that I’d like to easily share with everyone else.

Everything that has been done so far in the area of email spam, while impressive and necessary, is fundamentally inadequate. As long as it remains profitable for a spammer to send out 100 billion emails every day, it will happen. Any attempts to prevent or avoid this behavior run counter to the incentives of the market; which is to say that it’s a bit like building a dam of sand and expecting to stop the Mississippi. Won’t happen. A bigger dam will take longer, but eventually, they’ll all crumble.

In order to truly divert human behavior, the incentive must be dealt with at the source. Direct attacks against the offenders (ie, shutting down their accounts) are not effective in the long run (they just get new accounts.) Negative incentives, such as putting spammers in jail, are not going to be effective in the long run, because it doesn’t push the cost of spamming up high enough. John Q. Spammer doesn’t think he’ll be the one to get caught, and he’s probably right.

I don’t claim to have this bit of the system figured out, not by a long shot. But I have a few ideas.


In real life, we meet a lot of people, and many of them can and do annoy us by contacting us in unwanted, if mostly harmless, ways. The foul smelling man who stops babbling for a second to ask me for a quarter. The smiling woman who shoves a tract at me and tells me I’m going to hell. Sadly, the list goes on and on and on.


  1. It’s easy to size someone up quickly, because:
  2. Annoying people build a reputation for being annoying, because:
  3. They’re real people and you can see who they are.

There are still, of course, the violent offender and the con man. However, in real life, direct attacks incur a high degree of risk, due to the chances of being caught or retaliated against, and so law enforcement has a relatively easy time keeping serious criminals in check. And those looking to do you harm by gaining confidence and taking advantage of it, well, they’ll always be around, but they’re pretty rare and the reputational aspects keep them somewhat in check as well.


Entrance into this global open personnel file would require that an account be tied to a single real person, who doesn’t have any other account in the system. Accounts that are not “backed” by some kind of reliable identity are only given some kind of limited provisional access—-perhaps they can email a user through the system, but they cannot get the user’s “real” email address, and users would be able to deny access altogether to unidentified strangers if they chose.

Identification is itself a non-trivial task requiring a high degree of trust from the web site. Even if you know it’s 100% secure, being asked for your date of birth, SSN or passport, and a major credit card is a tall order. Without biometrics, it must come down to discrete bits of information at some point, which can be (and often are) faked.

A rinky-dink fly-by-night startup can’t hope to achieve this level of trust quickly. And, without getting a critical mass of users, the value proposition to new users is a lot tougher.

The company to build this system would need:

  1. A huge base of existing users and preferably their contact details, too.
  2. A strong reputation for protecting user data.
  3. Impressive engineering resources and domain knowledge in the areas of spam protection and social networking.
  4. A serious commitment to open APIs that help the web as a whole.

If it’s not everywhere…

…then it may as well not be anywhere. The goal of this system would be to revolutionize contact management the same way that email and hypertext revolutionized written communication.

Just as email works in any email client, and web pages work can be viewed by any browser, the APIs provided by this system would have to be completely open. Any application must be allowed to interact with them, both to change data and fetch it.

In order for it to work, and really have the effect that I’m talking about, there must be absolutely no lock-in, no up-sell, and reasonably liberal rate limits.


How does something like this make money? That’s an open question, and a big one, probably part of the reason why I’m still pushing bits in a day job and not out getting VC to build this thing. I also happen to really like what I do at that day job.

Maybe it would have to be something built under the Apache foundation or some other OSS group, and sponsored by donations of capital and resources from some major players in the online social arenas. Maybe there’s some clever way in which smaller users and early adopters get the API for free, but then charge everyone else.

Who could do this? What’s going on now?

OpenID is a great start, but what we really need is an open profile and open contact list system, and OpenID doesn’t provide that.

Google’s Open Social is an interesting product, but the more I read about it, the more I think it’s not quite low-level enough to really deliver on what I’d like to see here. While it promises to expose social data to third-party applications in an API that could be consistent across social websites, it doesn’t fully address the issue of being able to manage contact data in a distributed way.

As I said above, the company to do this will need:

  1. A huge base of existing users and preferably their contact details, too.
  2. A strong reputation for protecting user data.
  3. Impressive engineering resources and domain knowledge in the areas of spam protection and social networking.
  4. A serious commitment to open APIs that help the web as a whole.

Yahoo has all four of these, but that whole China escapade has damaged Yahoo’s reputation in the eyes of many users. Of any company on the web, however, Yahoo has perhaps the most to gain from such a system and a lot of resources and domain knowledge to throw at the problem.

Even if they only share user information when presented with a subpoena, that means that using this system exposes my information to governmental intrusion, which is deeply problematic. In order to be truly trustworthy, a stronger commitment to protecting privacy needs to be in place than just words on a corporate press release. The officers of the company to provide this service should enter into a binding agreement that they will not knowingly expose user information, even in the face of governmental pressure.

Like I said, I don’t have all the answers to this product. But I know that, as a user, I’d be absolutely delighted to see something like this take hold.