Thursday, January 28, 2010

Web Development Los Angeles

Yesterday, I met with someone at the early stage of a startup. He has a great concept with some complexity to it. He was struggling to find high quality developers in Los Angeles. Just the kind of person I like to meet. :)

But I was a bit surprised when he emphasized how hard it had been for them to find a web developer in Los Angeles. My flippant comment was, “If you do a Google search for Los Angeles web developer, you’ll find a LOT of people and firms.”

His response was that he had done exactly that, but that the long list is not all that useful. Here were some of his particular issues:

Most of the firms that come up are actually website design firms not website development firms. And he’s right there’s a big difference. Web design typically refers to the process of interface design and graphic design. The result of web design are static pages as graphics or HTML. Web development refers to the design and creation of the database, code, and dynamic elements of the site. A development firm may be able to do good design, but it’s pretty rare that someone who is a design firm can do good development. Or at least not development to any depth. Also, you often find that good website designers may not be good at interface design for web applications.

In fact, my belief is that most startups should either be looking for a marketer or a web developer as they likely need to be differentiated in terms of marketing or should have complexity in their development. If it’s something simple to build and you are using pretty vanilla marketing, then it’s likely not all that differentiated in the market. But I digress…

So the first challenge was weeding out the designers from the long list of Los Angeles Web Developers. In fact, after a bit he gave up. So my flip suggestion was actually not all that helpful.

Some other things he tried:

  • LinkedIn – searched for people, but gave up pretty quickly as it felt like a needle in a haystack.
  • Freelance Sites - he considered using one of the freelance sites, but was concerned about the quality he would get.
  • Craigslist - He also considered advertising on Craigslist, but again was concerned about quality.
  • Local networking – he had better luck by attending a few local meetings and networking. That’s actually how he met the person who introduced us. But he felt that it was rather random whether he was meeting the right folks. There certainly are a lot of Networking Events in Los Angeles and Southern California that you can use.

In the case of the Los Angeles marketplace, there’s somewhat a secret weapon especially if you are looking for more senior talent or web development firms. The LA CTO Forum, which I help organize, has more than 100 Software/Web CTOs from all sorts of companies. It’s a pretty active, but very private network. However, members of the group often post needs out to the rest of the group.

In this case, I was introduced by a fellow member to this individual who happened to be at a networking event. For anyone who reads this blog, if you are looking for particular kind of web developers in Los Angeles, feel free to contact me.

I’m curious how anyone else would recommend that someone goes about finding a Los Angeles web developer? Especially for an early-stage startup? Of course, this is a bit more complicated given the issues raised in Startup CTO or Developer, but maybe leave that aside for now.

Tuesday, January 26, 2010

Startup CTO or Developer

I’ve been having discussions with several people recently about the role of the CTO (Chief Technology Officer) in very early stage companies.  In December 2007, I described how I commonly take on an Acting CTO Role in a Start-up.  I used an image from Roger Smith that describes the varying roles of a CTO as the company matures.


However, I’ve now begun questioning how and what an early-stage / startup CTO should be.  Most often at the earliest point in the life of a startup, the dominant need is certainly to produce product to get something in the market, get funding, etc.  That’s why Roger Smith puts the focus of the CTO on programming for the earliest stage.

What worries me a bit is how often I read that startups should hire a developer / hands-on lead developer.  I understand the desire for hiring someone who is going to produce product.  But often the result of a Founder hiring a developer or lead developer or even a VP engineering is a gap created between the founders and the developers.  I’ll address the specifics of what this Founder Developer Gap looks like below.

Part-Time Startup CTO is the Answer

By the way, I’m not suggesting that startups should hire a full-time Startup CTO who is not hands-on.  Rather they should get a part-time Acting CTO who can help close the gap.   I recently read a post that called this a Consulting CTO and suggested:

Founders of startups use a consulting CTO when they have business vision but limited knowledge of the technology needed to launch their company.

That same post said that finding part-time, consulting CTOs is fairly hard.  I disagree with that and certainly see lots of shapes and sizes of these kinds of engagements.  Of course, I have an advantage because I organize the LA CTO Forum.

Bottom line – if as you recognize this gap, then reach out to get a slice of a CTO who can help bridge the gap.

Founder Developer Gap

I’m assuming that the founders understand what they generally want to do with the business and where the product should be going.  I provided a whole set of questions that I go through with founders before Startup Software Development – Do Your Homework Before You Develop Anything.  These questions are critical background for any developer at any level. 

You know you have a pretty big gap if you are not hearing those questions from your developer.

Of course, since you know those questions, you can just collect up the answers and provide them to your developers.  Gap closed, right?

Probably not.  Here are a bunch of other kinds of questions that get addressed by Startup CTOs.  A good Startup CTO will naturally address these.  Are you hearing these questions and feel you are getting good answers?

  • How much will it cost to build what we need to build?  How can I control costs but effectively get stuff developed?
  • How can we phase development to balance cost, features, risk, etc?
  • What options do we have?  How do we balance those options?  What makes the most sense for us?
  • Given likely market changes, how will we design and build so that the systems can respond to marketplace changes?
  • How do we need to structure the systems to get ahead and stay ahead of the competition?
  • What are the biggest areas of technical risk?  How can we address this risk?
  • What technology research is required?
  • What technologies will we use?  What existing systems will we leverage, what programming languages, software development methodologies, web application frameworks, revision control systems, etc.?
  • What other kinds of systems will we likely need?  Accounting?  Reporting?
  • What are the important security considerations?  How do we balance concerns vs. cost?
  • Where are the likely future integration points with other systems?
  • What areas of the application are likely sources of scalability issues?  What kinds of spikes in traffic could we have?  How will we address these without significant cost?
  • How are we going to manage the product roadmap?  Make sure we make short-term progress, but not at the expense of longer-term objectives?
  • What do we build in-house or outsource?  What parts might we do off-shore, on-shore, in-house?  What does the staff need to look like over time?  When will key hires come on?
  • What other kinds of capabilities such as graphic design, user interaction, product manager, QA will we need?  Who will do that?  Who’s responsible for what portions?
  • How will we find and interview developers? 
  • How do we motivate and manage developers?
  • What do we need to do to make sure we can survive technical due diligence by investors and partners?
  • What specific technical innovations might make sense?
  • What can we build that might be protectable?
  • What metrics are going to be the key startup metrics and how do we get those metrics without too much cost?
  • Where and how will we host the systems?  What’s our purchase, licensing, SaaS strategy?
  • What other CTOs can I ask about complex questions to see how they’ve addressed these issues?

Some of these questions are high-level, complex, inherently fuzzy and hard to answer.  In fact, they interact with each other to greatly increase complexity.  Technologies you use, how much will it cost, future capabilities, scalability, in-house vs. outsourced all intersect.  It makes this early stage challenging.

Many developers do not ask or answer these questions.  In fact, if you go out and find a developer, they will often default to the technologies they know, they are going to build it in-house, and it’s going to cost whatever they estimate based on their particular time.  Of course, they could use new technologies that they are not familiar with, but is that really what you want?  And they are going to be doing the development because that’s who you’ve hired – is it fair to ask them about other models?

By the way, it could be that the developer does lead you down a great path.  But I would argue that you don’t want to just default to those answers when there are a lot of other possibilities to consider.

Beyond the fuzzy, high-level questions, there are often a lot of very specific questions like do we Use Facebook Connect – Twitter Oauth – Google Friend Connect for Authentication?  This is a classic kind of combined product / technology question.  Some developers will be really good at navigating these kinds of questions.  Others will not.  This is probably less of the issue for most startups, but it’s still a likely Founder Developer Gap.

Can the Right Lead Developer Address This?

Theoretically a great lead developer can address all of these issues.  But my experience is that they often are not addressed and the result can be fairly painful.  I’m not claiming my list of questions is unknown – heck it’s right there.  Of course, it’s never complete.  Each situation will have different questions.  But still, even if you prompt a good lead developer to address these issues, you likely will still have a bit of a gap.  The lead developer will often be:

  • Limited by experience and breadth of knowledge – may or may not be aware of other systems.
  • Most interested (and rewarded for) diving in to build things.
  • Challenged to pull together a good team.
  • Naturally motivated short-term because that’s the focus of development.
  • Tired at the end of a long day of development and probably not interested in thinking longer term.
  • Uninterested in or unable to add much value to investor presentations, business proposals, new business meetings.

Again, I wouldn’t claim that it can’t be done.  But it’s just really hard for everyone involved.  And you don’t want to be in the meeting when the investor just found out about some technology and asks your lead developer why they didn’t use it.  I’ve been on the other end of that when I’m doing due diligence and the company spent a bunch of time building something they didn’t need to build.  Or going down a very questionable technology path.  It’s not comfortable on either side of the table.

More on the Role of the Startup CTO

I actually had a fairly hard time finding good resources that describe this issue.  I’d appreciate any pointers that people know about.  Here were a few…

Fabian Schonholz, a startup CTO several times over, has a great post on the Business of Technology that points to a lot of these issues:

Time to market is very much a concern that we all have, but what is the point on rushing to market with a half baked product that then our competition can pick apart and improve upon it, while we burnt our brand? Or worse yet, what is the point of rushing to market a product that will be obsolete in 6 months? Specially in a startup, where resources are always scarce, plotting the right strategy, not “rushing”, coming up with a flexible product roadmap and priorities will get a company closer to success with less headaches and technologies and products can be easily reused and repurposed.

Eric Ries, a great resource, What Does a Startup CTO actually do?

Specific skills:

  • Platform selection and technical design
  • Seeing the big picture (in graphic detail)
  • Provide options
  • Find the 80/20
  • Grow technical leaders
  • Own the development methodology

Charlie O'Donnell, an EIR at First Round Capital -

Some links that are less Startup CTO and CTO more generally:

Again, I’d love to get more resources on this topic.  Please point me there.

Wednesday, January 13, 2010

When to Use Facebook Connect – Twitter Oauth – Google Friend Connect for Authentication?

See comments for some updates on this topic - especially the change in policy by Facebook around caching values.

One of the topics that came up in my post Mobile Internet Apple Facebook was around open vs. closed platforms. This issue comes up at the start of almost every new startup company in a variety of forms. I’m constantly struggling with trying to figure out the best way to pull together solutions, especially with how fast things move. In this post, I want to look at just the question of when it makes sense to use Facebook Connect, Twitter Oauth, OpenID, Yahoo Browser-Based Authentication, Google Friend Connect or basically any of the other authentication mechanisms.


What do I mean? Here’s the block that you see when you look at a blog enabled by Disqus (a third party commenting tool that can be embedded in blogs and other content):


It allows you to authenticate yourself using Facebook Connect, Twitter Oauth (sign in with Twitter), OpenID, and Yahoo Browser-Based Authentication. If you have an account on any of those systems, you can click the relevant button. From there, you will generally see a pop-up dialog similar to the following (this one is from CitySearch):


Once you click Connect, the original site now knows that I’m Tony Karrer from Facebook and the various demographic and friend information from Facebook. That’s it. No registration on Disqus required. Instead, I’m telling it to use my Facebook account as my registration.

In the case of Disqus, they also allow for comments as a Guest. Interestingly, they are not including Google Authentication. Of course, you have to draw the line somewhere. How many Authorizations (single sign-on) systems do you need to implement? More on this below.

Value of Third Party Authentication

Why provide all of these authentication options?

  1. It makes it easier for users to transact with the system. They don’t have to go through a registration process. In the case of Disqus, you can leave a comment pretty easily which increases the likelihood of the action.
  2. In case the person isn’t on Facebook, then you want to provide other choices. In the case of Disqus, they’ve provided quite a few – but still have left out others like Google. Providing more choices increases the chances that your audience will be able to use one of these to authenticate.
  3. If the person isn’t a member of any of these or doesn’t want your site to know about them on these social sites, then you still need your own authentication mechanism. In the case of Disqus, they allow for posting by a Guest. Actually, the blogger has the choice whether to allow this as they might get more spam. Bloggers may require users to register on Disqus to reduce spam.
  4. By having someone authenticate on Facebook or Twitter, you are also asking for permission to do things on that site on their behalf. In other words, the application often requests permission to tweet or publish content to your wall. Obviously, the goal is to get viral spread through these actions – and to facilitate value for users.

For something like commenting on a blog post, the ability to easily and quickly authenticate yourself is important. The fact that Disqus provides a means for me to authenticate quickly and easily using Facebook Connect or Twitter Oauth is great stuff and definitely increases the likelihood that I’ll leave a comment. I’m less likely to leave a comment if there’s an annoying registration process.

And because it’s so easy, if I’m a blogger and concerned about spam, I might very well turn off comments by Guests.

So in the case of Disqus, it likely makes a lot of sense to have implemented third party authentication.

Does it Make Sense for Other Startups?

Let’s look at what commonly is the conversation with each new startup (and again I’m going to just focus on the authentication portion).

Wouldn’t it be nice if users could register on our site using these same mechanisms?

The same value proposition applies. If your user base happens to be heavily from these social sites, then it will reduce the effort for users to get registered on our site. And every startup believes that the viral possibilities are big – isn’t everyone going to tweet what they are doing on our site?

But let’s look at it a little more closely …

Multiple Authentication Authorities

There’s cost associated with each authentication authority that you are willing to accept. Each one takes a little bit to get wired. And as Disqus just experienced, you may run into bugs that cause that authority not to work for periods of time (I believe they were down with Facebook Connect for a week – ouch).

You also have a weird issue that you can’t tie the user to multiple authorities at one time. Each one acts independently. You may have experienced this yourself. You come back to a site you’ve used before. It no longer recognizes you (cookie has expired or been deleted). And it presents you with the same choices. However, if you can’t remember which authority you used and you choose a different one, then it won’t recognize you as a returning user.

The only way around this is for the application to ask you to login to each of the authorities at the start. You sometimes see this when systems want to be able to send tweets and publish to your Wall.

Think this doesn’t happen – well I’ve run into it several times myself. I couldn’t figure out why twitterfeed was sending out tweets of my blog posts. I would log into the system and it didn’t show me that feed. I later realized that I had two logins. I had originally authenticated myself using OpenID. Later, I created another account by directly registering. I wasn’t seeing the feed because the system had no idea I had two accounts (and I had forgot).

In the case of Disqus, it’s not quite as bad because they basically are using it to derive a name and picture that goes along with the comment. However, when Facebook Connect authentication wasn’t working and I choose to have the system get my name via Twitter Oauth, then the system thinks that’s two different people named Tony Karrer. And you can see two different profiles with different sets of content.

Again, I think it makes sense for Disqus – but this complexity may make the simplest form of third party authentication not make sense for most startups.

Email Address

Almost every startup wants and needs email as a means of notifying users. Take a look at Startup Metrics. A lot of value is derived through being able to reach out in order to convert, retain, refer, etc. I need to do another post that looks purely at notification mechanisms – especially alternatives like direct tweets, Facebook messages, etc. In the meantime, I will say that most startups will want to have an email address for users. For good reason, twitter, Facebook, etc. do not provide access to the email address.

Thus, what you often see is a request for the email address as part of the registration on top of making the Facebook Connect request. I don’t have the numbers on it, but my guess is that this both hurts registration percentages (you’ve just added a hurdle) and likely gets you a lot of bogus email addresses. You can roundtrip the email, but that puts up another hurdle and gets you farther from the immediacy you were going for.

As an example (and coming out of the comments), here's what does as after you validate with FB Connect:

FB provides and thus Going auto fills:

  • Name
  • Picture
  • Gender

They need to ask for:

  • Email address
  • Password
  • Permission to send email
Facebook can provide lots of other information - see Users.GetInfo.

There's a bit of a thorny issue about auto filling. FB's policy is that you cannot store that data.

Bottom Line

This is a post that I’m hoping there will be people who will debate the value proposition with me. Right now, here’s how I summarize it …

For most startups, I’m not going to use third party authentication as the primary authentication mechanism. It’s too risky and problematic.

Instead, I may use third party authentication to get the registration process started. That means that I’ll get a name, picture, some demographic data and permissions on the social site. But I’ll still capture email and establish a separate password.

There’s cost for each of the authentication mechanisms, is it worth it?

  • Do I believe I’ll get more registrants?
  • How well will I get publishing/viral behavior with third party authentication as compared to a Share button?
  • Would the demographic data be valuable?
  • Would friend information be valuable?
  • Is there a particular kind of messaging on the social site that’s needed?
  • Do I strongly believe that inviting friends is going to work well?

Depending on these answers, I may decide that I’ll do it.


Here are some related articles:

Love to hear your thoughts on this.

Thursday, January 7, 2010

Technology Jobs in Southern California – a Rebound?

This is purely anecdotal, but it seems like a lot of companies are hiring technology talent here in Southern California. I’ve recently seen several tweets from software development companies looking for talent. And I’ve heard from several people looking for Startup Software Developers. And we have been looking to hire several positions (but are being really picky as is normally the case). My guess is that this is going to make the situation worse around the issues raised in Los Angeles Web Developer.

I’ll be curious to see if that bears up at our Los Angeles CTO Forum meeting tomorrow.

Anyone also have the sense (or even better some actual statistics) that suggest that this is true?

Tuesday, January 5, 2010

Mobile Internet Apple Facebook

The analysts at Morgan Stanley have produced a report that’s quite good reading on some of the major trends concerning mobile web.  The report consists of:

Some interesting things as I was going through it.

More than Mobile Internet

I think they had trouble coming up with a name and settled for Mobile Internet even though it isn’t a great choice.  They talk about:

5 Trends Converging (3G + Social Networking + Video + VoIP + Impressive Mobile Devices)

which is more than what I think of as mobile internet.  They point to lots of different mobile computing devices – Smartphone, Kindle, Tablet, MP3, Cell Phone, PDA, Car Electronics, GPS, ABS, A/V – but then they add in other things that to me are more about convergence than mobile, e.g., home entertainment, home appliances.  Those things likely are not mobile.  Instead, the interesting aspect is that they are now getting connected.


Faster Cycles

They also talk about waves lasting 10 years, but it’s a lot messier than that and the cycle times are much faster.  And it’s interesting that while they talk about the impact of Facebook, they don’t quite seem to recognize the impact of Web 2.0, social networking, etc. that’s been a cycle much shorter than 10 years. 

Major Tech Cycles

And they even point to how fast things are ramping on mobile access:


Open vs. Closed Platforms

They raise one of the most complex issues I grapple with all the time.  Do you build towards for open or closed and how you deal with incumbent players.  I like that they are raising these issues.  They talk about Apple and Facebook quite a bit – both of which are relatively closed systems.  And I’m not sure I buy some of their predictions just because of that question:

We believe Facebook has the potential to serve as a communications platform / engine of one-to-one, one-to-some and one-to-many (and visa versa) for the mobile Internet.

Facebook has made some moves recently that suggest that they may head more in the direction of Google Connect and be a platform, but their heritage and the way they view what the world looks like (think Facebook applications), suggest to me that they will continue to be a closed platform.  This is likely worth a full post on it’s own, but I don’t seem that as being the communications and social network platform that we can rely on.  I’m not so sure that a bet on Facebook as the platform is a good one.