Don’t Be a Bully

I don’t know Brendan Eich. I don’t know much about him other than (1) Mr. Eich created JavaScript and (2) made a contribution to support proposition 8, aimed at taking away the right of gay couples to marry in California and voiding the marriages already taken place, including my own.

When the news about Brendan Eich’s contribution became public a couple years ago, the reaction within my community – the web development community – was pretty strong and one sided, deriding and marginalizing him. Brendan Eich didn’t do himself much favor with a blog post full of grand standing and lack of empathy. I did agree with his basic argument though.

Being a bully is never a productive strategy. It might be satisfying but it is counterproductive and shows the same lack of empathy that is at the root of the issue on the other side. If you limit your social and business circles to people who only share your exact social ideal, you are actually taking part in sustaining the status quo. There is nothing more powerful than an open dialog.

With his appointment to Mozilla CEO this week, the story got resurrected and many people I love and admire expressed their disagreement with the promotion solely on the base of his contribution. This is unfair. From all accounts, Mr. Eich has never applied his (assumed) personal belief to his work or to others, and pretty much everyone who chimed in has no real first-hand experience with Mr. Eich.

I don’t participate in parades or demonstrations. I am not very active beyond voting and making political contributions. But I am confident that by living my life in the open, by engaging those around me, I am making a positive impact on the lives of other gay people. I constantly invite my friends and coworkers to my house for dinner with their family, exposing them to what is often their first same sex family experience. I seek people and share my personal experiences, explaining why their positions are hurtful.

I strongly disagree with the claim that one can donate or vote to something like proposition 8, and be ignorance-free, hate-free, or bigotry-free. Try walk a mile in the shoes of most gay people, especially during their teen years in a society that still sucks today with its treatment of gay people and tell me you still stand behind that claim. But that’s also my point – it is very much my responsibility to share my feelings and experience with those who disagree with me in hope of seeding this understanding.

It is sad how many people lack true, actionable empathy for people who are still today being beaten, abused, derided, mocked, disowned, dismissed as an abomination, lynched, or executed. That even those who support gay rights are not sufficiently open minded about the wide range of gender expression that doesn’t fit their norms.

Instead of posting comments on Twitter aimed at specific individuals, consider sending those you disagree with an email explaining to them in  personal tones how their actions hurt you and impact your life. There is nothing more powerful than a personal interaction to change minds. I’m not saying you can change everyone’s mind, or that everyone would be open to engage, but you should at least try.

You don’t get to take the moral high ground unless you actually climb there first.

On Being (Mentally) Well

tl;dr – 1 in 4 people suffer from a mental disorder. If you feel depressed, anxious, or otherwise unhappy for more than a few days, please reach out to a friend, a family member, or a professional. If you feel alone or isolated, know that you are very much in good company with almost 60 million others (in the US alone). You might be surprised to know that many of your friends are (or have been) in therapy or use medication to help with their mental health. Regardless, educate yourself about mental health and make it known to your friends and family that seeking help is a sign of strength and that you are there for them. Please reach out today.

The past few weeks have been a sad and frustrating reminder of the painful toll depression and other mental disorders take. Right before New Year’s, our bay area community lost Conor Fahey-Latrope, a talented C++ developer. A few days later, Luke Arduini, a prominent node.js developer went missing. Sadly, they were not the only ones.

Continue reading

Speakers Creativity Budget

Node in the enterprise

TL;DR – if you are producing a conference, please offer your speakers a ‘creativity budget’ to make their presentations better.

I’m been a public speaker for a while. I derive great pleasure from speaking to a live audience, big or small. While preparing for and then delivering a talk takes huge amount of my time and energy, I keep accepting more speaking opportunities because it forces me to push the envelope on my craft. That is, my engineering, creative craft.

I set very high standard for myself (which I usually fall short of, but isn’t that the point?) which include:


  • Talks should be entertaining first, educating second
  • Slides and props are meant to delight and excite, not document or narrate
  • Never repeat a talk (training sessions excluded)

For the same reason I believe most developers should not do design, I contract the artwork for my presentations. Over the past few years, I’ve enjoyed a fantastic artistic collaboration with Chris Carrasco who has created all the artwork used in my presentations. I have also learned to rely on props and other costly production elements. These all play a significant role in enhancing my talks.

They also cost money.


Most of my talks this year cost around $500 to produce. Some much more.

My ReatimeFood presentation cost over $5000 (which was paid for jointly by &yet, me, and the 24 participants who sat the special tables where food was served). My Fuck OAuth talk cost $1200 on artwork and shirts (and it would not have been as good without the shirts – it was absolutely an essential element). The Leek Seed bedtime story at NodeSummit cost $450 to produce (and it will be the main thing anyone will remember from that talk).


Creativity is expensive and I’ve been fortunate enough to have the means to cover these costs out of my own pocket (I rarely ask my employer to cover these costs since they don’t really benefit from them). You can see a sample of my slides on the right and can find some of my decks here.

Quality conferences like NodeConf and RealtimeConf have long offered to cover speakers’ travel costs. They are produced by people who care deeply about quality and they recognize that top speaking talent demands top treatment. Conferences are business after all. But I think we need to go one step further.

I’d like to propose a new speaker benefit: a creativity budget.

Fuck OAuth

This is pretty simple. Each conference will make available a budget to reimburse speakers for costs such as artwork, props, hardware, or other materials that will enhance and elevate their presentations. For most conferences, I would set this at $300-500.

This will work similarly to how travel is covered today, by reimbursing speakers for submitted invoices, or by the event produce paying the costs directly. I would also encourage the organizers to promote and push speakers to spend the money. Almost every presentation can benefit from higher production value and the conference as a whole will be elevated. There is a reason so many people attend conferences these days, just to stare at their laptop all day.

Sled and OAuth 2.0

As for how to fund it, there are many creative ways. Asking for talk sponsorship, selling premium experiences, asking those with means to crowdfund it, or simply charging a bit more for tickets in exchange for a better conference experience. We’ve seen conferences with incredible production values over the last couple of years, but we have not seen any noticeable improvement in the quality of the talks. Let’s fix it.


I’ve been asked by a few people for my thoughts regarding the ‘gendered pronoun’ incident that’s occupying the node community this week. I am purposely not linking to that thread. I appreciate Ben Noordhuis contribution to node, and I think that contribution merits a more nuanced response from me than a Twitter one-liner.

First, because it is worth saying, there is no argument that Ben is a very smart guy, has made a significant contribution to node and libuv, and has been tremendously generous with his time and talent. I do not believe the node community is “better off without him”. I hope he comes back.

To me, this is the core of the issue: Ben has an established history of dickishness. This attitude has been tolerated by the node community longer than anyone else’s inappropriate behavior because of Ben’s clear talent and contribution. But this is never sustainable and at some point, one more slip is enough to cause an uproar, and this is what happened here.

If the response from individuals and companies feel exaggerated and over the top, it is because for many insiders, this is not a single incident but the last straw. Whether that is fair or not is a matter of opinion.

I witnessed this behavior in a response to a node issue a member of my team opened a few months ago. I sent a private letter to Ben’s company explaining why I felt it was inappropriate and offensive. The response I received suggested that this was simply a result of Ben’s work load and his need to sort through many issues quickly. I was unsatisfied and expressed that. Shortly after, Ben corrected his behavior on that particular issue and provided thoughtful and patient feedback.

There wasn’t an apology or an acknowledgement of wrongdoing, and that stuck with me. Ignoring all the ‘gendered pronoun’ debate, what is really at the core of this incident is lack of empathy. It’s failing to say a simple ‘sorry’. It might sound trivial or petty but the incident a few months ago left enough bad taste in my mouth not to want to engage Ben further. I’ve actively directed my inquiries to other members of the node core team.

Ben is by no means unique in his attitude. I am sure half the people I interacted with when I was working on that “awful 2.0 security protocol” feel the same way about me. But when I offend people unintentionally, I immediately apologize publicly and privately, and when I choose not to, it is done with the clear understanding of the repercussions. When I quit that working group, the negative reaction I received was very much earned by my actions.

Every community has to decide what is acceptable behavior within its boundaries and especially what it allows its leaders to do. Whether it is an open source project or the workplace, there is always a balance between someone’s attitude and contribution. One often does counter-balance the other, but only to a point.

My behavior within the node community is in sharp contrast to that of my behavior in other communities. It’s not because I’ve changed, matured, or evolved. It is simply because it is the only acceptable behavior within the node community. Context matters.

Ben had multiple opportunities to back out of the corner he put himself in – and he still does. It really doesn’t take much. At least not in word count. People are just looking for some empathy, for acknowledgement that their feelings were hurt, and that the offender understands and regrets their actions, especially now that they know how offensive it was to people.

I hope Ben comes back from his break and continues to contribute. And when he does, it will be our turn to show empathy and move on.

Let’s Talk About Food

My life is split between two seemingly conflicting themes: software and food. I spend a great deal of time sitting in front of a screen moving my fingers. I also spend a great deal of time shoveling shit. Literally. I don’t like the “day job” and “personal life” dichotomy because it is just false. I love writing software. I love farm life. I work from home. Everything I do is out of passion. And as my passion grew deeper for both over the last 10 years, I started to realize the similarities, the shared values, and the harmony they create together.

After my speaking experience at Realtime Conf 2012, I knew this would be the right be venue to try and bring my worlds together on stage. My first pitch to Adam Brault back in May was centered around the idea of getting people’s hands dirty. With actual dirt. I wanted to get that simple universal experience (at least prior to the 20th century) of working with dirt back into our culture. I let the idea simmer in my head for a bit.

Adam and I talked about it some more at NodeConf in July and on the drive home, everything came together in my head. I realized that dirt is just one detail and that food is the creative force I am looking to share. When I got home I sat down and wrote my talk proposal. It was a little bit insane. Some of the ideas in there would have required the conference to increase their insurance policy. But the original pitch largely survived.

Then the insanity kicked in full force.

I am going to talk about food. The food, of course, being a metaphor for breaking through the mundane and seeing things with fresh eyes – rethinking of what it is like being an artist in a very mechanical and scientific craft. I would like to share some of my culinary experiences and studies from the world’s most innovative chefs to show how software engineers must deconstruct, simplify, reduce, and reconstruct our craft in new and creative ways.

I am not going to give away much else other than share some of the insanity with you:

This is by far the most ambitious talk I have ever attempted and probably one of my most ambitious undertakings. Whether a spectacular success or spectacular failure, it is going to be fun.

A few tickets are still available. Come and share my world.



The biggest misconception about affirmative action is that it puts less qualified individuals ahead because of their gender or the color of their skin. If an affirmative action program results in lesser individuals getting ahead, it is poorly designed. This misconception is based on the misguided notion that we can score every person on a linear scale and simply pick off the top of the list. Human beings just don’t work that way.

In a rich, multidimensional reality, we must consider not only the attributes of the individuals, but also the makeup of the community we are trying to build. Setting a goal of more women, blacks, gays, etc. is pointless. That’s a stupid goal. Setting quotas is mechanical and more likely alienate others instead of bringing them in.

The point is to take a look at your community and ask yourself what would make it more open and accepting? Who are the people at the margin trying to join? Why don’t they feel comfortable and welcomed? This is not an academic, theoretical exercise. You actually have to ask and listen.

In geek culture at present time, that’s often women. When men hang out together, especially at a conference where alcohol is served, they create (without intention or malice) an environment that can be unwelcoming to women. This is something we’ve been hearing from many people trying to be part of our community.

Affirmative action is not about getting less qualified women to speak at a conference at the expense of more qualified men. That would be wrong and unsustainable. It is about finding the best female talent and showcasing it so that other women feel motivated and welcomed. So that everyone will benefit from a diverse range of opinions. When hiring a new engineer or curating a conference, the goal is to enrich the team or experience, not just to add a few skill sets.

I resent members of an outsider group (be it women, blacks, gays, etc.) use their own personal success story as a way of dismissing the real adversity others in their group still face. The fact that I have been very fortunate in my life as a gay man to never experience intolerance aimed at me does not, even for a second, diminish the real and painful challenges facing many gay men today. Drawing a conclusion that just because I found a welcoming home within my community means that it is no longer an issue for others is egotistical and hurtful. I wouldn’t even assume that the geek subculture I belong to is completely beyond bias, given that I don’t know more than a handful of other openly gay men within that subculture.

If you have been successful, you have a responsibility to help those who are still looking from the outside in. If you are a woman or a minority, just showing up can accomplish plenty. If you are gay, vegan, Mormon, etc., talk about it so that others will know and appreciate the unique perspective you bring in from that experience. You don’t need to perform an interpretive dance on stage or put it on a t-shirt. Just mention it in conversation, on Twitter, or in a blog post. Letting others know that they are not alone is an immensely powerful gesture.

The measurement of diversity isn’t in numbers. It is in the perception of those trying to join as to how welcoming a community is.

Realtime Conference, the Imagination Platform

Last year, if you recall, I was a bit upset about some specification I participated in… I wrote a blog post, followed by another post, then went silent. I felt very strongly that everything I had to say was right there in the posts and that an ongoing online feud will only weaken the points I was trying to make. For a couple of months I received weekly requests to come speak at conferences about it. These were all security, platform, or API conferences where this topic would be a perfect match. I turned them all down.

What bothered me was the feeling that if I were to do a talk about it, it has to be to a completely different audience. I would have to break out of the echo chamber and turn a very technical and procedural set of arguments into something more culturally and emotionally meaningful. And it must be funny, which none of the people my posts were aimed at found amusing.

So when the invitation from the Realtime Conference team showed up in my inbox, my first reaction was to turn it down like all the others. But then when I read it, something clicked. For the first time, I wasn’t invited to explain why the protocol sucked. I was asked if I was interested in “sharing some of what [I] feel are [my] ‘lessons learned’ from that experience”. Here was an invitation to engage in a meaningful, emotional exercise that wasn’t trying to recreate my posts. It was about moving on. I immediately replied “sure!”. Continue reading

Hiring Engineers, a Process

Disclaimer: The process outlined in this post reflects my personal approach. Please consider this as a helpful insight into what it takes to get a hiring recommendation from me. As always the law and corporate policy applies.

This post has three purposes. First, to save me the need to explain every time how I interview and hire people. Second, to inspire others to break away from the conventional and ineffective hiring process most companies use. It’s a process that fails to identify non-conforming great talent. And third, when the time comes for me to look for my next adventure (and no, I’m too happy where I am – I’m trying to hire you!), I can point hiring managers here to know how I’d like to be treated.


If you don’t have time to read this, we are not a good fit. Continue reading

hapi, a Prologue

For the past 2 years I have had the pleasure (and luck) of working with node full time. It’s an amazing technology and a remarkable community. Oh, and it’s crazy fun. My focus this year was rethinking web services at Walmart Mobile, from the business layer all the way down to the tools and process we use. A significant part of this effort focused on developing hapi, a new web services framework for node.

But before I write my traditional ‘Introducing’ post, I wanted to first discuss the evolution that led us to build a whole new framework. To truly understand the judge a new framework, it is important to understand the context and objectives leading to its creation. Continue reading

OAuth 2.0 and the Road to Hell

They say the road to hell is paved with good intentions. Well, that’s OAuth 2.0.

Last month I reached the painful conclusion that I can no longer be associated with the OAuth 2.0 standard. I resigned my role as lead author and editor, withdraw my name from the specification, and left the working group. Removing my name from a document I have painstakingly labored over for three years and over two dozen drafts was not easy. Deciding to move on from an effort I have led for over five years was agonizing. Continue reading

You, Me, and Node @WalmartLabs

Another adventure begins.

Two months ago I’ve joined @WalmartLabs to lead the mobile web services team. Surprised? I was. After working for one of the largest web companies in the world, all I wanted to do was go to a startup. That’s not exactly right; I wanted to be part of a tiny team with a big mission, a place where the size of the challenge is matched by the freedom and resources to address it. Oh, and a lot of node.js!

I am excited to share this and tell you all about it, especially on the heels of this morning announcement of the acquisition of Small Society. But I’m not going to lie to you: I have an agenda and I am trying to recruit you. If you are contemplating a career move and I “had you at node”, feel free to jump right to very end of this post to find more about the team we’re building.

Continue reading

Is the Party Winding Down at Facebook?

A picture started to emerge from casual conversations I’ve had over the past few weeks with friends working at Facebook. I have noticed how Facebook engineers are using a different, more restrained vocabulary to describe their jobs. What once was ‘amazing’ is now ‘challenging’, ‘exciting technology’ turned to ‘learning a lot’, and ‘having fun’ toned down to ‘still engaged’. They are all very ‘content’. Continue reading

Netflix Forcing the Issue Too Soon

(A note to my long-time readers, I’m planning on expanding this blog to include opinions about current technology trends and news beyond my usual fare of standards, open web, and engineering posts.)

This morning I logged into my Netflix account and changed my plan from 3 DVDs + Streaming to DVDs Only. Despite the excellent analysis by many about Netflix’s reasons for the recent changes, the fact is that today the company is making $95.88 less annually from me than they did the day before. That’s a lot of money to lose from a single, loyal customer. Continue reading

The Unauthorized Node Knockout #2 Awards

I’ve spend the past week participating as a judge in the 2nd Node Knockout competition – a 48 hours worldwide hackathon using node.js. The event included 720 contestants organized in 294 teams and resulted in 178 entries submitted for review. Overall, a fantastic event and a testament to the awesomeness that is the node community.

The competition includes prizes for the best hack in the following categories: fun or utility, design, innovation, completeness, popularity, and overall, as well as overall for a solo participant. While judging is still on-going, and while many of the top entries do deserve to be there, I found the categories to be a bit uninspiring.

Also, as the only crazy person to judge every single entry (including some that dropped out in the process), I wanted to highlight some entries that might not get the attention they deserve. The following are the nominees and winners in my unauthorized awards.

Continue reading

A Farmer Walks into Facebook

A few weeks ago I went to visit some friends at Facebook’s headquarter. We had an interesting chat about OAuth and other geek topics. As is common these days, the conversation drifted to my recent adventures in farming. I was describing my setup, the chickens, ducks, geese, and pigs I’ve got running around, and then mentioned my three emus all named Kevin.

Someone who was listening in from a nearby cube stood up and asked, “When did they add emus?”

Get it? At Facebook everyone’s a farmer.

OAuth 1.0 Blog Cleanup

As I’m getting ready to finish work on OAuth 2.0 and add new content to this site, I decided it was time to finish the OAuth 1.0 chapter of this site. I’ve finally cleaned up the OAuth 1.0 guide and other pages. The guide is now updated to reflect RFC 5849 as well as some bug fixes in the scripts used to generate the signature base string tutorial. If you are linking to this site for OAuth resources, please link to the OAuth page.

Introducing Sled

I’ve been obsessed with project management and personal productivity for a almost two decades. My experience ranges from tiny lists to gigantic project plans with hundreds of people and resources. In the past I’ve been a certified PMP and managed large engineering teams. What I’ve learned above all, is that we tend to overcomplicate everything.

Four years ago my startup Nouncer failed for many reasons, none of which had much to do with the product itself. Looking at where Twitter is now and how it evolved, it is a clear validation of my original vision. But even if I had gotten passed the challenges that doomed Nouncer, I still think it would have failed. It was just too complicated, too soon.

I’ve long considered Twitter’s biggest asset to be its 140 character limit. It completely democratized personal expression by making everyone as expressive and articulate. It also helped people communicate more by making their content small enough for casual, constant consumption.

A year ago I started thinking about applying this philosophy – empowerment through restrictions – to project management. I’ve started thinking about enterprise-scale problems and what a restrictive tool might look like. But no longer working on large scale enterprise projects, my attention shifted to personal productivity and “home projects”, and so Sled was born.

Continue reading

Node.js: Express,, and everything LearnBoost

This post is part of a series of articles about my recent experience building Sled using Node.js.

Express It

There wasn’t much of selection 6 months ago when I started coding Sled when it came to Node frameworks. Node itself provides very little. You create an HTTP server and get a callback when a new HTTP request comes in. Modern web applications require session management, request routing, and view rendering at the very least. These functions are provided by frameworks.

At the time, the only two popular frameworks were Connect and Express. Connect provides a basic middleware framework with some built-in facilities such as a static file server, route management, cookie parser, form-encoded and JSON-encoded body parser, and logging. Express, built on top of Connect, adds a much more robust routing facilities, view rendering and other goodies. I’m not doing these frameworks justice with this descriptions.

I use Express extensively and it is fantastic.

Express’ biggest asset is its maintainer, TJ Holowaychuk. I have seen first-hand how Express grew and matured into a stable and powerful framework. Express made it easy for me to write the application server used for login, registration, account management, and other static assert (developer pages, about) with very little extra effort. If you are going to develop a traditional web application in Node, you should probably start with Express.

I plan to open source some of the additional functionality I’ve added on top of Express to validate request bodies and query parameters, a flexible authentication configuration facility for routes, and a light layer to make it easier to building API servers. Given my focus on OAuth, I’m going to share my OAuth + Express experience in a followup post.

Express really shines when you combine it with Jade, another brilliant brainchild of Mr. Holowaychuk – a simple templating language for HTML which is easy to learn, easy to read, and unlike all the rest, doesn’t suck. We had to restrain ourselves from converting some static HTML files into Jade because once we started using it, we didn’t want to read actual HTML ever again. is Magic


I am willing to bet that a large percent of those taking a look at Node for the first time are doing it because of a -powered demo they have seen. provides a trivial-to-use server and client library for making real-time, streaming updates between a web server and browser client. It makes building cool real-time games a matter of hours, and it works on every crappy browser known using the best available option from Flash to WebSockets.

We use to power Sled’s real-time features which include live updates to your shared list as changes are made. To put this in perspective, it took us one day to add real-time streaming updates to the API server, and another day or two to add it to the client. So in three days we got full, real-time updates going between multiple browsers. What used to be months of work when Google Docs was first introduced, is now trivial with

So yeah, it’s magic. comes from Guillermo Rauch and the team of superstars at LearnBoost. There are days when I have to wonder if these guys get anything done for their own startup, given the amazing open source projects they push out on a weekly basis. I’m bummed that I’m not the target audience for their product because looking at the technology it must be amazing. I consider them part of the Sled team, given just how much of their code we are using.

In fact, I appreciate their work so much, I’d like to get a small fundraiser going to send these guys to dinner or whatever else they feel like doing for fun. I hope you join me in showing our appreciation. Without their continued work and dedication, Node would be an amazing platform that is just too raw to use.

Thanks to Blaine Cook for the idea.

Thoughts on Technology, Standards, and the Open Web