You Should Open Source Your Product

From the start, we knew we wanted to open source our team knowledge base, Outline. One of the main reasons it exists is because several startups in the space had shut down and we felt that the need remained. During this past year of open development, many other benefits of open sourcing a product have become increasingly clear – both through my own experiences and talking with founders of other companies.

Peace of mind

In this age of low cost of entry and abundant startups, products are more likely to disappear after a couple of years than succeed. One of the biggest reasons potential customers will never even try your product is the reluctance to invest time and data into something that might not be around tomorrow.

Open source provides some peace of mind – if for whatever reason the product becomes unmaintained then the community can fork the source code (see The Storybook Story for a great example), run their own version in-house, or more easily build tooling to export data in a worst-case scenario.

Market positioning

A couple of years ago It felt like GitLab became a realistic contender for git hosting seemingly overnight. While it has since come a long way, the first version of the product was almost a direct clone of GitHub.

One of the core reasons that developers flocked to the platform despite this was the open core nature of the project. For developer tools and platforms, in particular, simply embodying the philosophies of OSS can be enough to differentiate a new product from the crowd.

Customer acquisition

Open source could be thought of as a subset of content marketing – every commit, pull request, and issue is public content indexed and often keyword-rich. It provides a number of channels for new customer acquisition – the code repositories themselves of course, but also the ecosystem of publications, websites, listicles, and newsletters that cover OSS development.

Sentry, an open source error tracking service, was a project for several years before it spun out into an actual company – today around ~65% of their inbound referral traffic is still from their source code repositories, hosted on GitHub.

Best practices & documentation

Building in public is a uniquely satisfying experience. Personally, I often find myself performing to a higher standard when I know that all the work I produce is publicly visible. Defaulting to more judicious comments, ensuring full test coverage, and putting extra effort into being a clear communicator.

If you can’t go all-in, consider open sourcing components and individual libraries. Once a high-level concept is abstracted and decoupled from the specifics of a codebase it often becomes both easier to reason about and will inevitably lead to better defined API’s and public interfaces.

Community & contributors

At the time of writing, Sidekiq, an open source background processing implementation for Ruby, has more than 380 individual contributors to its repository on GitHub. These people have fixed bugs, filed issues, written documentation, contributed to feature discussions, and generally done the types of things you’d pay a six-figure salary for in the bay area!

Although Sidekiq does offer commercial licenses (and makes a nice profit doing so) this doesn’t stop community members from donating their time and skills to help improve the software for everyone.

Hiring pipeline

Wordpress (famously?) replaced white-boarding exercises and code challenges with a “try out” period as part of their hiring process, paying candidates to undertake issues in their actual codebase. This is made possible because the code is public, for a closed source team it would generally be out of the question to provide access to the codebase before a hiring decision is made.

While using open source contributions in a general sense as a hiring decision maker is generally considered problematic – specific experience with your product’s codebase is an ideal way to gauge both a potential hires technical and communication skills in a realistic way.

Free tools & services

At the beginning of a project, every dollar matters and spending hundreds on infrastructure before the product is making any money is a difficult hurdle for many to overcome. Luckily, lots of tools have free or heavily discounted plans for OSS projects as a way of giving back – whether it’s CI, server hosting, error tracking, or mailing lists.

This is a great list that covers many freebies: opensource candies.

But it’s not all roses…

So at this point, you’re probably ready to hit the big red button and publish all your code… right?! While you’ll find that many things are improved with an open codebase it’s important to note that there are some downsides to take into consideration…

Licenses and agreements

It’s a good idea to make sure that outside contributors sign agreements such as a CLA before their code is merged into the project. In the event of a future acquisition or change of ownership you’ll thank your past self.

Competitors get insight into feature development and roadmap

I believe that for most startup companies today this is a non-issue, founders tend to be overly protective of their ideas and roadmap when in reality they’d be better off getting this information in front of potential users as soon as possible.

But of course, some ideas have a wider moat than others and this insight into your companies plans might be something you need to avoid.

No security through obscurity

Open source software is generally considered more secure in the long term – more eyes on an application’s code can help identify and fix security holes. However, opening up your code to scrutiny also provides would-be attackers with direct insight into potential loopholes and security problems.

It also means that even more care has to be taken than usual for sins like accidentally committing API keys into git or adding customer details into public issues.

Increased overhead of documentation

It’s even more important when code is public that documentation is thorough, clear, and makes as few assumptions of the reader as possible. Writing this level of documentation takes a lot of time and effort that in the early stages of a product might be time better spent on core business problems.

Community maintenance

Similarly, a vibrant open source community doesn’t come for free. Issues need to be triaged, questions answered, and pull requests reviewed. If the issues and unfinished branches begin to pile up then this is an immediate warning flag to users and those considering contributing.

As well, the more popular your open source project becomes the more work there is to do shepherding and maintaining the community – popularity may be a curse that only larger teams can manage…

If you’ve had great success or failure making your companies code public I’d love to hear about it in the comments.

Reclaim Your Privacy

In 2017 it’s incredibly hard to use the internet without constantly giving away your personal information… it’s absolutely the norm for a single website you visit to send personally identifying information to your ISP, the website itself, their advertisers, multiple tracking and analytics companies, plus all the social networks you’re logged into.

I don’t think you have to be paranoid, taking part in nefarious activities or a privacy obsessive to not want this to be the case! To me it seems like common sense that you would reduce the amount of personal information you leave lying around on companies servers in the same way it’s common sense not to leave your bank details lying on the street.

Thankfully with just a little effort you can make a huge difference without having to jump through lots of hoops every time you use the internet!

Install an AdBlocker

You’re probably already using an AdBlocker, according to ClarityRay on average around 10% of visits to websites use an AdBlocker of some description.

By blocking adverts you reduce visual clutter, increase page load times and limit the amount of information about your browsing habits gathered by third parties. I recommend UBlock Origin for the lightest footprint.

Since installing on my machine it has blocked 7% of outgoing connections - almost 1 million requests.

Whilst you’re at it don’t forget about your mobile browser. For iOS ‘Focus’ by Firefox is the way to go, ensure you enable the integration with Safari to get all it’s benefits.

Ensure HTTPS

The HTTP Everywhere extension from the EFF makes sure that you always connect to the secure version of web services if available - this prevents your ISP and other middlemen from inspecting and potentially injecting content into webpages you load (Yep, they do this).

Change Your Default Search Engine

Google is great and the results are obviously top notch - however their data collection policies are really awful. I find for 99% of searches DuckDuckGo does just as good a job and doesn’t track your activity against an extensive personal profile like Google will.

DuckDuckGo makes a great default search engine that is visually very similar to Google, you can find quick install instructions here.

Chrome Privacy Settings

Using Chrome? Next up lets customize the privacy and content settings to be a little more picky about the data we give away. First off you’ll want to block third party cookies, navigate to: Chrome Content Settings

Check “Block third party cookies and site data”. This helps to prevent trackers that may slip through UBlock from tracking you across websites.

Next head to Chrome Settings, scroll to the bottom and click the tiny text that says “Show advanced settings…”, scroll again to Privacy (Phew, it’s almost like they don’t want you to find this!).

 I would recommend unticking the majority of these settings apart from Send a “Do Not Track” request with your browsing traffic which should be ticked and probably isn’t.

Chrome Privacy

Google Privacy Settings

The big G provides a single dashboard for managing activity that they track and save. Personally I have everything here disabled (paused) apart from ‘Device Information’ which keeps your apps and settings synced across devices. By default Google will be tracking your location, search history and every webpage you visit if you’re using Chrome - eesh.

Facebook Privacy Settings

Most of us have a Facebook account even if it doesn’t get used too much. At this point we’ve blocked Facebook’s trackers on other websites, told them not to track us and ensured we’re always viewing Facebook over HTTPS but there’s definitely more to do!

 By default Facebook’s advertising policies are quite… invasive, lets turn them down a bit by visiting the Facebook Privacy Settings

Chrome Privacy

Turn everything on that page to “No”. Next hit up the timeline option and consider turning off photo tagging suggestions at the bottom of this page.

This is also a good opportunity to double check which apps you’ve authorized to read your Facebook information and remove any you no longer want to have access, the full list of apps with access to Facebook.

Chrome Privacy

At the bottom there is also an “Apps Others Use” section, click edit and untick everything in there which gives permission for your friends to share your data. It won’t have any effect on your personal Facebook experience as far as I can tell.

Twitter Privacy Settings

We’re getting somewhere, don’t give up yet! Next up is Twitter - similar to Facebook you’ll want to turn off all the advertisement tailoring and maybe the default location tagging depending on your preference on the Twitter settings (Don’t forget to hit ‘Save Changes’ at the bottom of the page)

You might have accidentally uploaded your entire address book to Twitter (they make this way too easy) - double check if that’s the case here and consider deleting the data on the Twitter contacts dashboard.

This is also a good opportunity to double check which apps you’ve authorized to read your Twitter information and remove any you no longer want to have access, here is the full list of apps with access to Twitter.

Install a Password Manager

If you’re still using a ‘system’ (hey, we’ve all done it!) or worse yet the same password for everything then now is the time to upgrade to a Password Manager, that way if one website gets compromised you don’t risk your other accounts being hacked too.

1Password is pretty awesome and you can make this change gradually by moving your passwords into the manager as you login to services instead of all in one go. You’ll never have to try and remember which dumb rules a website expected for a password ever again.

Install a Firewall

It’s easy to forget about the desktop apps you use, they are all constantly phoning home too. Little Snitch will alert you every time an app tries to access the internet and let you set rules for access rather than letting everything out by default.

I’ll be honest, it’s a real pain to use for the first few hours because rules need to be created for all your existing apps but the peace of mind may be worth it - did you know Spotlight makes requests to lots of different services for everything you type in there?

Use a VPN

A VPN obscures your real IP address, and with it your location. It also creates an encrypted tunnel for all of your internet traffic that prevents your ISP from knowing and logging the websites that you visit.

If you have the technical skills and time I highly recommend setting up your own installation of OpenVPN - here is a good tutorial for doing so on a DigitalOcean server that will run you $5/month. TunnelBlick is a great well maintained, open source OpenVPN client for Mac.


Phew! If you got this far then you are now considerably better off than you were at the start of this post.

Is this foolproof? No, of course not - but with a little effort you’ve vastly reduced the amount of personally identifying information that is being gobbled up by companies about you with minimal affect on your everyday computer usage, nice!

Got any more suggestions for easy to implement privacy fixes? Let me know in the comments.

Lessons learnt building team communication products

At Speak we’ve been building team communication products for years, but when we began down this path I don’t think that any of us knew what was ahead. We all came from different backgrounds in gaming, b2c and ecommerce but we’d never tackled anything built for teams.

We’ve come to discover that creating a successful team product has it’s own set of unique challenges…

Multi platform

Unlike one player consumer apps like games and photography tools, multi platform support is critical to the success of a team product. Whilst it’s easy to forget when living in the tech bubble, not everyone uses your OS of choice and most teams will have a mixture of operating systems in use. If your tool needs to be used by everyone then multi-platform is a must as soon as possible.

If you’re building for web then this means compatibility with all the major browsers, not just Chrome… and desktop apps need to embrace Windows with gusto!

Realtime is Hard

If you come from a background of building web experiences that rely on a page reload or short session times, moving to building real-time systems with millisecond race conditions and a client that users keep open for days or even weeks introduces a whole new set of fun challenges.

At Speak we aim to connect audio in under a second. To achieve this, 50+ messages race through websockets and through our evented system which is built to withstand misordering, mistiming and lost messages altogether. Each layer of the system has to be built with fallbacks and proper error handling to ensure that when things go awry the user experience doesn’t end up suffering.

Activation is harder

Activation is that ‘magic moment’ when you consider that a user has engaged with your product in a meaningful way. This may be sending an email, creating a post, uploading a file or in our case - having a quick audio call.

This is exponentially more difficult when you require multiple people to use your product synchronously to achieve it, so anything that can be done to give your team product a one-player experience will pay dividends as users will be more likely to keep the app open and actually still be online when their coworkers signup too…

Quality is Paramount

Early adopters playing around in their spare time are the most forgiving of users, they’re often amazingly keen to find and report bugs, put up with inconsistencies, fiddle with settings and love to be involved in helping with the product development process.

Every workplace has it’s early adopters for sure, but an entire team of them is an unlikely find! In order for your platform to be adopted in the workplace, beta quality just won’t do. A high level of polish and reliability is a must for the vast majority of teams to adopt and stick with your app.

Preferences are great

With our last product we were prone to thinking that if you design something well then options aren’t needed. In hindsight, this was a little naive, and when Slack came around this cemented that fact as the app was lauded for its customizability - not complexity.

You can almost think of a team as one user with multiple personalities, one minute they want a preference for this, and then a setting for the opposite, plus an admin control for everything. If you don’t satisfy all of the personalities at once then slowly the team will stop using the product. Clear and well organised preferences and options are the right solution!

Business != Boring

The trend of employees bringing consumer apps into business isn’t going away and the line between personal life and work continues to blur for creative professionals. Everyone would prefer to have a little fun whilst they work and one way to inject this into your day is to use tools with personality, animation and excitement!

The bar for a great business tool is continuously being raised and we’re excited to be tackling these challenges! Building something for teams yourself? I’d love to hear any thoughts you have on this subject in the comments…

The Rollercoaster

Last week we launched Speak on ProductHunt, there were a few days packed full of energy - many comments of positivity and praise on the design, hundreds of teams signed up, lots of issues were reported (and quickly fixed), our servers were even briefly overloaded with traffic!

Almost two weeks later and we’re now experiencing the quiet after the storm. Every day has had a different vibe (at least, in my head) and my mood is vastly affected on an hourly basis by the feedback we receive and metrics we track… it’s hard to keep an even keel. As is often the case, Paul Graham puts it best:

“In a startup, things seem great one moment and hopeless the next. And by next, I mean a couple hours later.”

Personally I think this is one of the most difficult times in a startups formative stages, and it’s easy to lose heart. You have a few users, not enough to get excited, some retention, but not enough to be ecstatic, and requests pulling you in every direction from those that did signup and want you to solve their very specific problems.

Dan Shipper found the perfect analogy in that of a stock trader - if you constantly check how your stocks are performing then there is just as much chance of them being down as up, even if the longterm pattern is one of positivity and growth.

An acute awareness of this is the biggest step to dealing with it. Talk to customers, track and celebrate the small wins and keep plugging away at building something great!

Don't Grow Too Fast

Do you remember being told as a child that your eyes were bigger than your belly? Perhaps you were piling far too much food on your plate at dinner…

As a kid I always wanted to eat too much, grow up faster, be taller. I’d look up to those in years above at school and think how much older they seemed and that I couldn’t wait to be their age with all the benefits that it would bring… I think most of us thought something along these lines, right?!

Of course now we realise how important those years are - there is no way we could simply skip to final exams without all of the learning and growth that these earlier days provide. I’ve found that in building startups, the very same temptations exist. The desire to be bigger than your boots, to grow too fast and to try and emulate those that are more grown up.

At Sqwiggle we made this classic mistake too, jumping into hiring as soon as we’d raised our seed round because that’s what you do. But really we were still in this early period of pre product market fit - we should have still been testing, experimenting and iterating towards great traction and zero churn. In hindsight an early burst of signups coupled with a successful funding round had confused us into thinking that we already had product market fit and our ambitions meant we were only too eager to grow up to the “next stage”.

Step back, embrace where you are at, don’t grow too fast.

Update: Brad Feld just published a post, “The Illusion of Product Market Fit” which sums up the above far better than I have.