Watching Anita Sarkeesian at XOXO

I had one more experience at the XOXO Festival that I wanted to mention. I really enjoyed Anita Sarkeesian’s talk. You can watch it here:

Sarkeesian explained her experience with humor and grace, and that really resonated with me. I don’t want to join the tone police–passionate voices have a role in this discussion too, and passion may work well for others. But I know it can be hard to take abuse while making your case with civility, and I admired Sarkeesian’s ability to rise above the fray.

As part of my job, I’ve unfortunately become somewhat of a connoisseur of vitriol and threats. My first death threat was over a decade ago in a situation involving the DMCA and the Church of Scientology (before you jump to assumptions, the death threat came from the anti-Scientology side). I got a threat at a 2002 search conference that I considered credible enough that I started carrying a cell phone with me after that. I got an open-ended threat against my family just a couple weeks or so ago, even though I haven’t been working on webspam for months.

But here’s the thing: I’ve never received threats as pointed, menacing, or explicit as Anita Sarkeesian, Zoe Quinn, and others discussing GamerGate have. No one should face threats of physical harm for expressing their opinions. No one should be doxxed or have their personal information posted just for expressing their opinions. That should be the starting point and the bare minimum for any discussion. If you disagree with someone, win them over with your ideas, not with threats.

I should mention that I’m a big fan of clear disclosure of potential conflicts of interest, and I’ve posted my own disclosure page at the top of my blog for over five years. I’ve also been playing computer games since Pong in the 1970s. As a kid, I wrote a script to solve Colossal Cave Adventure on a local university’s PRIMOS system. I subscribed to Electronic Games magazine back when people called them “coin-op” games. By the way, check out that Electronic Games link to see how Nintendo tried to avoid sexist language in games back in 1993. Hell, I feel bad for people who never got to play Raiders of the Lost Ark on an Atari 2600, or Infocom games on a Commodore 64, or marvel the first time they saw the parallax effect in Moon Patrol:

Moon Patrol!

The gaming world is changing, and in my opinion for the better. We’ve got browser-based games like Kingdom of Loathing or Candybox2. We’ve got absurdist wonders like Progress Quest and games you play outside like Ingress. Playing Depression Quest was important for me, because I have friends who are deeply affected by depression. I can’t wait to see where gaming goes next–how about we make virtual and augmented reality work this time around! I hope that gaming can be even more welcoming to new ideas and experiences than it was when I was a kid. I also hope everyone can agree that doxxing and threats aren’t ever welcome.

Fostering open source services

Open source is really good at creating products. Almost any commercial software package or product like Word, Excel, Windows, or Photoshop has a great open source equivalent. However, open source has been less successful at creating services. Where’s the open source version of Google, or Facebook, or Twitter, or Gmail, or Craigslist?

You could sum it up with this drawing:

Where are the open source services?

Now to be fair, the bottom-right box isn’t completely empty. There’s Wikipedia, which is a phenomenal service/website supported by donations. There’s Tor, where many companies and people volunteer to run relays and bridges. There’s BOINC, which is the open source software used by volunteers for SETI@home and Folding@home. There’s also OpenStreetMap, which is a wonderful resource.

But why aren’t there more open source services? Let’s run down some differences between products and services.

“One and done” vs. ongoing support

With open source products, it can take a lot of work to create something great like Linux or Firefox, but then everyone can download that product and use it immediately–there’s no extra cost for the producer or the consumer, other than maybe a bit of bandwidth for downloading.

Once a product is done, it’s often done–frozen until the next major update. A product might take a year or more to reach a milestone, but it can often be used for years after that. In contrast, services may change from week to week, which implies strong product leadership to determine priorities.


If you download a copy of LibreOffice, you might write some unpleasant things or even hate speech, but that doesn’t hurt LibreOffice itself. However, if someone sets up a “free as in beer” translation API or geocoding API, you often see multiple levels of abuse. For example, some people might use a service so much that it overloads the service provider. Or people might scrape the translation API in an attempt to generate spammy text in lots of different languages. When you offer a product, potential abuse is usually less of an issue.

User Experience and Speed

Products don’t have to be perfect; often “free as in beer” is enough of a feature that someone will use GIMP as opposed to paying for Photoshop. But user experience and speed do matter, and commercial services have a strong incentive to nail both of those issues. It takes a ton of work to be fast, for example. Commercial services are often “free as in beer” as well as fast and pleasant to use.

Funding models

Thanks for staying with me so far, because I think this is the most important difference. I believe what might be missing is a good funding model for open source services. With a finished product, if you can find someone to donate bandwidth for downloading and maybe a simple website, you’re close to done. But with a service, there’s typically an ongoing cost involved with every API call. For something like web search, there can be a lot of processing work going on behind the scenes.

So what are the major funding models that might support an open source service? Right now, I can think of ads, occasional pledge drives, grants, subscriptions, or micropayments. From that list, my guess is that ads are the least appropriate. If ads are easily separated or can be blocked, then you might get a “free rider” problem where someone could take your service, remove all the ads, and offer it up as their free service. Personally I think advertising can be incredibly useful and responsive to a user’s needs, but some other individuals dislike ads. Ads can be the foundation of a freemium or hybrid approach; for example, I think Automattic offers free blogging on and funds itself partly through ads.

Regarding pledge drives, Wikipedia is a notable success, but it’s a lot of work on both the producer side and the user side, much like public radio (by the way, you can donate to Wikipedia here). Grants can work well, but grants tend to end after a few years, so they aren’t a complete solution to sustainability.

That leads me toward subscriptions or micropayments. I’m excited to see some movement in this area. Patreon lets you support your favorite creators and does at least a couple smart things. First, they only take 5% of donations. That puts them in the “doing it for the love” category. Patreon can be beloved while still making some money ($1M in donations each month * 5% cut * 12 months means >$600K/year). Second, they attempt to minimize payment fees by charging only once a month for all the people you support. So if you’re supporting four creators, then the credit card charges are split four ways. The first move is brilliant, and the second is very smart.

Bitcoin is another possibility for micropayments, although it’s still early days for that. I’m also excited to see Google Contributor launch. The idea is that a user contributes a certain donation each month. As the user surfs around a participating site, they don’t see ads on that site, but the site still gets paid from the user’s contribution.

Ultimately, I don’t know how to foster more open source services. I just know that I want them. In the same way that Firefox pushed Internet Explorer to improve or Apache pushed IIS, I personally would like having an open source search engine to push Google as well. Wikia Search was an attempt at that, but it didn’t get much traction.

Maybe the answer isn’t funding. In a recent talk, Melody Kramer floated the idea that people could support public radio in *tons* of different ways like volunteering their time or experience, not just with money. Maybe we need better ways for companies or regular people to volunteer their CPU, storage, or bandwidth. If we all kicked in 10% of our free disk space, could we come up with open source versions of Dropbox, Box, or Google Drive?

So I don’t have the answer. I just think it’s an interesting and perhaps an important problem. Do you agree? How would you foster more open source services?

Improving your account security

Every year or so, it’s worthwhile doing an audit of your online security. The most important accounts to protect are your bank accounts and your email accounts. Here are some things to consider doing:

– Choose strong passwords. Just as important: don’t re-use the same password across web services. Consider using a password manager like LastPass or 1Password to generate strong, secure passwords and keep them safe.

– Add two-factor authentication to your important accounts. Certainly your Gmail account, but also your Twitter account, domain registrar, etc.

– Put a PIN or unlock code on whichever phone has Google Authenticator or would receive two-factor SMS texts. Consider enrolling your phone in Find my iPhone or Android Device Manager.

– Let’s get specific on your Gmail/Google account now. Click into your account’s security settings. For Google, print out backup codes for your 2-step verification and put them somewhere safe. Add a recovery email account and phone number to your account. Check to make sure that everything looks locked down tight, e.g. no app passwords that you don’t remember.

– Make sure you put a PIN on your phone number or cell phone voicemail. Why? If Google or another service leaves a recovery code in your voicemail, you don’t want hackers to access your voicemail easily by spoofing caller ID.

– In Gmail, check for any unexplained filters or forwarding rules where a hacker could be forwarding your email to a different email address.

Advanced techniques

If you’re a CEO, high-profile individual, or at much greater risk of being hacked, consider these additional steps:
– If you already enabled two-factor authentication, consider getting a Security Key. Why? Because a Security Key should stop almost all phishing, even extremely targeted “spearfishing.” Security Keys are still new, but the protection they provide against phishing is extremely good.

– You might actually want to remove your phone number from Google or other account recovery systems. Why? Humans and customer service are usually the weakest link in a security system. Hackers may use social engineering to convince your cell phone provider to add a forwarding number, then attempt to hack your account by sending a recovery code to your phone number and listening on new/additional number.

To be clear, the vast majority of users will be more protected by adding a recovery phone number to their account. I would only remove the recovery phone number if 1) you are tech-savvy and 2) you believe that someone is likely to attempt to hack or stalk you.

Those are my major tips. What am I forgetting, or what advice would you give to protect your online accounts?

Open Access

When I was in grad school in the late 90s, not very much scholarly work was on the web. I had to walk over to the campus library to access scholarly papers, and sometimes make photocopies of the physical papers I wanted.

Things have gotten better, but it’s still harder to do research than it needs to be. One potential improvement is called Open Access. Open Access is about making peer-reviewed papers available online where more people can benefit from them.

This topic has a lot of details and nuances that I’m going to skip over. Suffice it to say that I support Open Access strongly. Across the nation, the Open Access movement has been gaining momentum across the nation as well.

Two tidbits crossed my radar screen this week. The first was a piece by Alexander L. Wolf, president of the Association of Computing Machinery (ACM). In that piece, Wolf states “there is a sense among a portion of our community that we have still not done enough” regarding Open Access. To which I say: damn straight.

The ACM is an organization that has and should be focused on the future. I remember the first time I got to touch and play with a Macintosh computer. It was at a college ACM event and I was only twelve years old at the time. I still remember the sneaker demo. The fact that the ACM has not done more to embrace the future and to encourage wider dissemination of research through Open Access is shameful.

Luckily, a piece of much bigger–and happier–news about Open Access also emerged this week. The Gates Foundation announced that they will support a strong Open Access policy.

Under the new policy, the Gates Foundation will pay for publication costs, but after a two-year transition period, the papers must be accessible immediately upon publication. The underlying data must also be open and accessible. This is critical to help other researchers verify results.

So while the ACM continues to drag its heels, the Gates Foundation has made a big move to encourage Open Access. That should make it faster and easier to build on important research in order to make the world a better place.

Some thoughts on XOXO

The week before XOXO, a festival dedicated to independent artists and creators, I was in Juneau, Alaska for a cruise with my wife and my parents. I got off the ship with my Dad and we walked around town. We kept walking, past the touristy stores selling smoked salmon and tanzanite. We walked for a long time, and right when we were about to turn around, I saw a small gallery/comic store called Alaska Robotics. The door had a sticker that said “We accept Bitcoin!” I thought “these are my people” and we walked in the store.

Have you ever had a dream where you walked into a software store, and they have every game and piece of software you ever wanted, and everything costs $3.99? Legacy of the Ancients, Below the Root, The Bard’s Tale, and everything else–just $3.99. I had that dream sometimes when I was a kid. It was one of my favorite dreams.

Walking into Alaska Robotics was kind of like that. It’s a collective of different artists, but you could see their love in the curation–less superhero stuff, more stuff like Watchmen, a graphic novel about Richard Feynman, and Penny Arcade books. I bought several things, including a cool dinosaur shirt because it’s not hard to get me to do dinosaur impressions.

I didn’t know what to expect at XOXO. I’ve been to one artists’ conference where I didn’t know anyone and I felt pretty awkward a lot of the time. So when I flew up to Portland for XOXO a week later, I thought to myself “Okay, worst case I have a fun T-shirt to wear that no one else has probably seen.” Sometimes a good T-shirt can feel like a protective shield.

Spoiler alert: everyone at XOXO was superfriendly, working on interesting things, and just happy to talk. It felt like Andy Baio and Andy McMillan curated the XOXO experience as carefully as the group of artists up in Alaska curated their gallery. Even the conference volunteers were nice–I spent an entire break talking with a volunteer and Nelson Minar about business models for sustaining open source services (not just code, but web services). Or you’d be in line talking to someone and realize “Oh right, he’s the guy that does!”

I have a joke that I never turned into a blog post about how few people actually create things on the internet. Like you’ll stumble across a version of the U.S. tax code online for some reason, and then you realize that the guy who did that is named John Walker and he also founded AutoDesk. Or when you find out that the guy that built Upcoming also served as the CTO of Kickstarter back in the day.

So XOXO was a creator-rich environment. People were friendly enough that you could walk up to someone and say hello on the assumption that they’d enjoy talking. And if you dug a little bit, they were usually trying something different, weird, or fun, like biking across Oregon the following week.

One night, I was playing a 10-player (!!) indie video arcade game called Killer Queen and one of the people on my team said “Hey, nice shirt.” I was wearing my Rawr! dinosaur shirt that I’d bought up in Alaska the week before. And I said “Thanks!” and then a couple minutes later I looked at his badge, and it said “Patrick Race.” Hmm. That’s one of the people that does Alaska Robotics. And then it clicked–I’m playing a video game with the artist who drew the dinosaur. On the shirt. That I’m wearing.

It was just an awesome, bizarre moment. Like when you say you’re from Kentucky, and they say “Oh, do you know Drew?” And you say “Okay, not everyone in Kentucky knows everyone else, you know.” But it’s still kind of funny, so you play along and ask Drew’s last name. And then they’re like “Uh, I think his name is Drew Curtis, maybe?” And you’re like “whoa, Drew Curtis from Fark? Strangely enough, I do know Drew!” So there were a few moments like that at XOXO. I think it goes back to my joke/non-blog-post about how few people on the internet actually create things.

If this were a conference write-up, I’d summarize the talks. Screw that. Go watch them yourselves–XOXO is posting the videos of the talks on the web. I think you’ll enjoy them.

But I will share a few things that stuck in my mind from the talks. One is Kevin Kelly’s talk:

The whole talk is worth watching, but I especially enjoyed some things he said about halfway through the talk.

Kelly said this:

“One [type of success] is not better than the other. We think of evolution as a ladder but it’s really kind of a radial explosion, and so every single species alive today is equally evolved and is equally successful. They’re all successful. The dandelion and the cockroach are as successful as the bird of paradise, if they’re surviving. So what I’m suggesting is that all these different three million species that we have catalogued on Earth already, are all figuring out and all have their own definition of success.”

Kelly drew a parallel to the “Cambrian explosion” of technology and all the different types of success that enabled. Rather than imitating someone else’s success, technology enables new types of success that are measured in different ways. For example, the “fast growth” model of a startup is just one kind of success. Kelly talked about being liked (broad but shallow popularity) vs. being loved (deep but narrower engagement). Or things that succeed on the axis of longevity. Kelly also talked about how if you can find 1,000 true fans willing to pay $100 for your work, that’s $100,000, which is pretty darn good.

Kelly concluded by asking the audience “What do you want to optimize?” In other words, given that everyone can have a different opinion of what success looks like, what does success look like for you? Kelly said that what he was trying optimize in his own life was “opportunities to learn and time to make cool and useless stuff.”

It was a great talk. I highly recommend that you watch the whole thing, or at least the second half. Kelly’s points echoed Socrates for me: “The unexamined life is not worth living.” Because if you don’t have a clear idea of what you want to do (and that’s something only you can decide for yourself), how do you know how you’re doing?

I also especially enjoyed talks by Gina Trapani, Hank Green, and Darius Kazemi, along with many others. Really, there were just a ton of great talks.

My main takeaway though was that XOXO an interesting group of people trying to create awesome things and help each other out. The XOXO conference also brushed up against GamerGate, but I’ll save thoughts about that for a future blog post.