Big Brother at the Office

Between cameras, sensor-equipped ID badges, and keystroke-logging software, employers are keeping an ever-watchful eye on their workers, all in the name of security or increased productivity. Jason Meller of Kolide has spent his career in computer security and witnessed what can happen when a corporation’s obsession with safety results in harmful surveillance of its employees. On the latest episode of Rework, he talks about navigating those ethical boundaries and why it’s important to have constant consent instead of constant surveillance.

A transcript of this episode is also available on the episode page.

Compounding time

I recently started seeing a new therapist. I’ve seen therapists in the past, so that’s nothing new. What is new is the format.

Everyone I’ve ever seen in the past, and likely the person you’re seeing (if you’re seeing someone), runs appointments the same way: An hour a week (or every few weeks). One hour. 60 minutes. The standard time slot for all sorts of appointments.

But this guy I’m seeing does it differently. I see him once every six weeks for six-hours straight. Yes, a six-hour session. And what a joy it is to work on yourself this way.

An hour is barely enough time to figure out what to talk about. And it’s hardly enough time to go deep on anything of substance. By the time you get somewhere, it’s time to go. Know the drill?

But six hours. Six hours an abundance of time to twist and turn. It takes six hours to dig through the rock and strike the seam. I’m loving it.

Further, six-weeks between appointments gives me time to work on the things we uncovered. A traditional week between appointments just isn’t enough time to put in the practice and get to work. You get sidetracked, other stuff comes up, you end up going to the next appointment in roughly the same place you left the last appointment. But six. Six is bliss.

It’s an entirely different approach, and I find it thoroughly refreshing. Yes, it means he can’t work with as many clients. Yes, it means I have to come out of pocket a lot more. And yes, it means it’s a lot of talking, reflecting, feeling, and questioning. It packs a punch, and my mind is definitely mushier the next day. Not unlike next-day’s lingering muscle soreness after a hard workout. But that’s how you get stronger.

It also reminds me just how powerful contiguous time is. The value of time compounds when hours touch hours. And when you string a bunch together, without interruption, the compounding really pays off. Interest compounds. Wisdom compounds. Time does too.

It’s one of the reasons we’re so adamant about making sure everyone at Basecamp has long stretches of uninterrupted time to themselves. Certainly some work is more staccato than others, but at Basecamp people’s days are theirs. The company doesn’t take people’s time with mandatory meetings or heavy process – the company provides the cover so everyone has their own time to use as they see fit.

There are lots of ways to carve up an hour. 10 x 6. 15 x 4. 30 x 2. 45 + 15. 20 + 20 + 20. The key is not to carve it up. And when you stack it up – one full hour after another – you really see the compound benefits of uninterrupted time.

Note: If this topic appeals to you, we wrote a bunch about the value of time, uninterrupted time, and contiguous time in our latest book “It Doesn’t Have to Be Crazy at Work“.

Rework Mailbag

Jason and DHH are back to answer listener questions on the Rework podcast. In this episode, they discuss whether they prefer reading physical books or the Kindle; talk about providing feedback to rejected job candidates; and imagine a world where Jason and DHH didn’t end up working together.

Back to windows after twenty years

Apple’s stubborn four-year refusal to fix the terminally broken butterfly keyboard design led me to a crazy experiment last week: Giving Windows a try for the first time in twenty years.

Not really because I suddenly had some great curiosity about Windows, but because Apple’s infuriating failure to sell a reliable laptop reluctantly put me back in the market. So when I saw the praise heaped upon the Surface Laptop 3, and particularly its keyboard, I thought, fuck it, let’s give it a try!

Looks good, doesn’t it?

The buying experience was great. There was nobody in the store, so with four sales people just standing around, I got immediate attention, and typed away a few quick sentences on the keyboard. It felt good. Nice travel, slim chassis, sleek design. SOLD!

The initial setup experience was another pleasant surprise. The Cortana-narrated process felt like someone from the Xbox team had done the design. Fresh, modern, fun, and reassuring. Apple could take some notes on that.

But ultimately we got to the meat of this experience, and unfortunately the first bite didn’t quite match the sizzle. The font rendering in Windows remains excruciatingly poor to my eyes. It just looks bad. It reminded me of my number one grief with Android back in the 5.0 or whenever days, before someone at Google decided to do font rendering right (these days it’s great!). Ugh.

I accept that this is a personal failure of sorts. The Windows font rendering does not prevent you from using the device. It’s not like you can’t read the text. It’s just that I don’t enjoy it, and I don’t want to. So that was strike one.

But hey, I didn’t pluck down close to $1800 (with taxes) for a Windows laptop just to be scared off by poor font rendering, right? No. So I persevered and started setting up my development environment.

See, the whole reason I thought Windows might be a suitable alternative for me was all the enthusiasm around Windows Linux Subsystem (WSL). Basically putting all the *nix tooling at your fingertips, like it is on OSX, in a way that doesn’t require crazy hoops.

But it’s just not there. The first version of WSL is marred with terrible file-system performance, and I got to feel that right away, when I spent eons checking out a git repository via GitHub for Windows. A 10-second operation on OSX took 5-6 minutes on Windows.

I initially thought that I had installed WSL2, which promises to be better in some ways (though worse in others), but to do so required me to essentially run an alpha version of Windows 10. Okay, that’s a little adventurous, but hey, whatever, this was an experiment after all. (Unfortunately WSL2 doesn’t do anything to speed up work happening across the Windows/Linux boundary, in fact, it just makes it worse! So you kinda have to stick with Linux tooling inside of Linux, Windows outside. Defeating much of the point for me!).

So anyway, here I am, hours into trying to setup this laptop to run *nix tooling with Windows applications, running on the bleeding edge of Windows, digging through all sorts of write-ups and tutorials, and I finally, sorta, kinda get it going. But it’s neither fast nor pleasant nor intuitive in any way. And it feels like my toes are so stubbed and bloody by the end of the walk that I almost forgot why I started on this journey in the first place.

I mean, one thing is the alpha-level of the software required to even pursue this. Something else is the bizarre gates that Microsoft erects along the way. Want to run Docker for Windows on your brand new Surface Laptop 3? Sorry, can’t do that without buying an upgrade to Windows Pro (the $1800 Surface Laptop 3 apparently wasn’t expensive enough to warrant that designation, so it ships with the Home edition. Okay, sheesh).

The default Edge browser that ships with Windows 10 is also just kinda terrible. I clocked a 38 on the Speedometer 2.0 test, compared to the 125 that my MacBook Pro 13 ran with Safari. (But hey, there’s another beta version of Edge, the one that now uses the Chrominum rendering engine, and that got it to a more respectable 68.)

Anyway, I started this experiment on a Monday. I kept going all the way through Friday. Using the laptop as I would any other computer for the internet, and my new hobby of dealing with the stubbed toes of setting up a *nix development environment, but when I got to Saturday I just… gave up. It’s clearly not that this couldn’t be done. You can absolutely setup a new Windows laptop today to do *nix style development. You can get your VS Code going, install a bunch of alpha software, and eventually you’ll get there.

But for me, this just wasn’t worth it. I kept looking for things I liked about Windows, and I kept realizing that I just fell back on rationalizations like “I guess this isn’t SO bad?”. The only thing I really liked was the hardware, and really, the key (ha!) thing there was that the keyboard just worked. It’s a good keyboard, but I don’t know if I’d go as far as “great”. (I still prefer travel, control, and feel of the freestanding Apple Magic Keyboard 2).

What this experiment taught me, though, was just how much I actually like OSX. How much satisfaction I derive from its font rendering. How lovely my code looks in TextMate 2. How easy it is to live that *nix developer life, while still using a computer where everything (well, except that fucking keyboard!) mostly just works.

So the Surface Laptop 3 is going back to Microsoft. Kudos to them for the 30-day no questions return policy, and double kudos for making it so easy to wipe the machine for return (again, another area where Apple could learn!).

Windows still clearly isn’t for me. And I wouldn’t recommend it to any of our developers at Basecamp. But I kinda do wish that more people actually do make the switch. Apple needs the competition. We need to feel like there are real alternatives that not only are technically possible, but a joy to use. We need Microsoft to keep improving, and having more frustrated Apple users cross over, point out the flaws, and iron out the kinks, well, that’s only going to help.

I would absolutely give Windows another try in a few years, but for now, I’m just feeling #blessed that 90% of my work happens on an iMac with that lovely scissor-keyed Magic Keyboard 2. It’s not a real solution for lots of people who work on the go, but if you do most of your development at a desk, I’d check it out. Or be brave, go with Windows, make it better, you pioneer, you. You’ll have my utter admiration!

Also, Apple, please just fix those fucking keyboards. Provide proper restitution for the people who bought your broken shit. Stop gaslighting us all with your nonsense that this is only affecting extremely few people. It’s not. The situation is an unmitigated disaster.

A Hosty Retreat

Basecamp has taken a clear stance against tracking on the web, so when we learned (via a tweet to DHH) that our podcast hosting provider had introduced listener-targeted advertising, we decided to decamp to a different company. On the latest episode of the Rework podcast, Wailin talks to Lex Friedman, chief revenue officer of Rework’s old podcast host, about what they’re doing with targeted ads. Then she talks to Justin Jackson, co-founder of our new podcast host, about how he’s approached building his startup.

Meet Andy

Basecamp’s new head of marketing, Andy Didorosi, comes on the Rework podcast to talk about how he started a bus company in his hometown of Detroit to help fill a gap in public transit; what he learned about building a business with a “buy one, give one” social mission; and why he left the company he founded to join Basecamp.

If you missed our previous episode on hiring a first-ever head of marketing, you can catch up here!

Skip level meetings: What they are, and exactly how to run them

If you manage other managers, holding skip level one-on-one meetings with their direct reports is paramount. Here’s how to do ’em.

If you’re a manager of managers, skip level meetings are your lifeline. I don’t mean to sound bombastic, but if you’re a CEO, executive, or director who manages other managers — then skip-level meetings are an essential way to keep your ears on the ground.

Skip… what? If you’re anything like me, when I first heard the term “skip level meeting,” I was befuddled. Yes, I held one-on-one meetings with my team. But as the team grew and I had a manager who had someone else reporting to them… I wasn’t talking to their direct report with any regularity. How was I supposed to ever learn what that team member was thinking and feeling about the company if I never talked with them?

Keep reading “Skip level meetings: What they are, and exactly how to run them”

Basecamp no longer requires Google for two-factor authentication

When it became clear to us last year that using SMS for two-factor authentication (2FA) was insecure, we kinda panicked. We’d spent a lot of time originally building that SMS-based 2FA login system for Basecamp, and the prospect of having to build an entirely new system compatible with proper authentication apps seemed daunting. Especially with major security liability hanging over our head.

So we went the easy route, and handed the 2FA authentication flow over to Google, using their Google Sign-In APIs. Now, that certainly gave us an immediate and secure solution. Nobody is disputing that Google knows security.

But requiring people to have a Google account to get a 2FA-protected Basecamp was an uncomfortable compromise. There are about a million good reasons for why you wouldn’t want Google to know everything about when you log into apps all over the internet. Google’s business is literally based on collecting as much data as possible, so it can use it all against you for ad targeting. That’s just not a regime we feel comfortable encouraging, let alone requiring.

So I’m thrilled to announce that we got our shit together and built our own, wonderful, and secure 2FA login protection for Basecamp. Google Sign-In still works, but it’s deprecated, and we’ll no longer be recommending it going forward.

Our new secure 2FA solution is built on the TOTP standard with backup codes as a fallback. So you can use any TOTP compatible authentication app, like Authy, 1Password, or Duo, and it works for all versions of Basecamp (here’s how to set it up in Basecamp 3 and Basecamp 2), as well as our legacy apps Highrise, Backpack, and Campfire.

Big kudos to Rosa Gutiérrez from our Security, Infrastructure & Performance team for putting our fears about doing our own TOTP-based 2FA system to shame. She led the project, did the work, and the final result is just great.

Finally, it feels good to have one additional area of the business free from Big Tech entanglement. We also dumped Google Analytics a few months back from Basecamp.com (relying on Clicky.com instead), and we’ll continue the work to untangle ourselves from Google and the rest of the industry behemoths. It’s a long slog, it’s unlikely ever to be fully complete, but every little bit helps.

Oh, and please, if you haven’t already, turn on 2FA to protect your Basecamp account. And if you aren’t already, use a password manager, like 1password. If you’re reusing a password on Basecamp, and you’re not protected by 2FA, you’re at a grave risk of having your account compromised. We work hard to protect everyone at Basecamp, but nothing will protect you online like using 2FA and a password manager everywhere you go.

The 5 mistakes you’re likely making in your one-on-one meetings with direct reports

Don’t waste your time. Make sure you’re getting the most out of your one-on-one meetings with your direct reports. 

You’re feeling good: You’ve started to hold regular one-on-one meetings with direct reports. But have you paused to ask yourself, lately, “Am I making the most of them?”

The question is worth asking. One-on-one meetings with direct reports can have a surprisingly large impact on your team’s performance. In Google’s widely known 2009 manager research code-named “ Project Oxygen,” they found that higher-scoring managers were more likely than lower-scoring managers to have frequent one-on-one meetings with their team members.

Keep reading “The 5 mistakes you’re likely making in your one-on-one meetings with direct reports”