The author, Steve Friedl (brother of Jeffrey Friedl, of regex fame[0]), is not only a wizard but also an inspiration; this article had a huge positive impact on me early in my career. Here are two other times it generated a number of comments on HN:
He's a wizard who apparently can't be bothered to configure HTTPS on his webserver to protect the security of visitors, nor enjoy the benefits of better search results placement...
Another legendary wizard, Paul Graham (founder of HN), also sees fit to serve his personal page[0] purely unencrypted; "elegant protocols for a more civilized age" (apologies to Ben Kenobi).
A few years ago someone reviewing a public page I was serving over HTTP came and asked "It is breaking the page on my browser, producing a weird console error, and I don't like the look of some of the things the JavaScript code does."
This person's review affected whether we'd use my work or not. I found the criticism puzzling, because I couldn't explain the condone error, and did nothing bad in JavaScript.
It took several days before I asked them to show me the page in their browser, and then to show me which bit of JavaScript was bothering them.
I didn't recognise the code, and wondered what I had screwed up with my build scripts. But when I looked at the page with my browser we found the source of errors:
The ISP used by the institution we worked at was injecting its own code into every HTML front page for tracking or some other unclear purposes.
It had been doing this for all devices connected to the network and nobody knew.
That was our motivation to switch all our static pages to HTTPS asap, and towards an HTTP client relay VPN at the router, because other sites accessd by users inside the institution should not be subjected to ISP code injection either.
Wow, that's pretty crazy. I thought hijacking failed domain resolution queries was bad. Thanks, under this threat model (which I hadn't considered), ubiquitous https makes sense.
depends on the site. you generally get the privacy from others knowing which pages on a site you read. if the whole site is just like that of my company which describes my business and my projects then that's no win for privacy because they can follow the ip and assume you read all of that. however if the site is a static copy of wikipedia, they can infer a lot from knowing which pages you actually looked at.
Read this one before, I think before I came self-employed. Made a few of the mistakes he's talked about. I'll share them in the hope it might help someone else.
Your customer certainly has to believe you can do the job, but they cannot wonder if you're going to get back to them, or if you're going to do something stupid (again?), or offend one of their customers.
I've definitely offended a customer of a customer before. It was a customer who was well known for being rude - a running joke through the whole company. But I definitely ruffled some feathers when I got sick of their shit and left the call.
Part of me thinks I should have been more zen and let the insults wash over me. But another part of me thinks that prevention is better than the cure and a frank conversation with my client about what I was willing to tolerate would have been the way to go. I mean, do you have to be a smiling doormat to excel in business?
You have no job security, even if you think you do
Yeap. Twice at the end of a full time contract, I found another one extremely easily. The one I left at the beginning of this year I still haven't really covered from, and I've essentially had to change niches and start from scratch.
Very keen to optimise for multiple part time roles from now on.
You are primarily in the customer service business, not the technical business
I have made this mistake before to an extent. Zero in on what your customer actually wants not your technical wizardry.
This is the easiest to manage: you work an hour, you invoice the customer for a hour. For occasional or ill-defined work, it's hard to use anything but hourly billing. The customer bears the brunt of projects that get out of hand, and the customer is really at the mercy of the consultant for being fair.
I disagree with this one though. An hour is way too fine grained - there's much less paperwork and micro accounting with daily. Strongly considered charging weekly next year.
“You have no job security, even if you think you do”
This is a 100% true for consultants as well as agencies. Now matter how “partnery” things feel you are always as good as your last billable hour.
When COVID started we got an email at 6am march 1st. Effective immediately no consultants or agencies. Boom revenue gone that we have depended on for maybe 5-6 years. Another client we had been doing Wi-Fi analytics for their 1200 retail locations in North America, 12 years. March 15th they said they cannot budget services any longer. For all the years we had been partners, you really are in a “nothing personal business engagement”.
I’ve been doing this 22 years so I’ve seen it all. The key is to not let these things drive the day to day interaction with the customer but you need not forget what’s possible so you can plan accordingly.
When your customer pages you, his timer starts: return his call immediately
this really depends on the customer. if the customer is of the kind that won't let me off the hook once i respond, then i won't respond immideately. (unless i actually have time to focus for at least an hour). on the other hand my best/favorite customer is wonderful at this front. while i don't always reply immediately, there is never a problem to listen to his message and tell him i'll get to that in a few hours or whenever my schedule allows.
Admit your mistakes
while i wouldn't have returned both the original and the accidentally duplicated fee since the error and the reason for the error was an obvious slipup, returning money for shoddy work or for any work that causes the customer to loose money is definitely something i like to do.
a customer being always late with payments is the least of my reasons to fire someone. i may do that when i have more work than i need. but i rather have a customer that's pleasant to work with and pays late than an uncomfortable one that pays on time.
Generally, you cannot reuse a whole project because it represents customer-specific functionality
hardly. at least in web development the only thing customer specific is the graphic design. most everything else is reusable. i am not even writing custom backends anymore, but i reuse the same backend for all projects. it's mostly just CRUD. and maybe one or two custom functions added to an object in the backend somewhere. to that end, the backend i use is GPL, and together with the frontend framework makes up the bulk of the code. but that's all done. what little code i end up writing is custom for the project, and that is what the customer pays for.
> It's tempting to just get a good tax guy, but the taxes are not the hard part: it's the recordkeeping that categorizes which of your expenses are properly business expenses. It's not fair — or at least a bad idea — to drop off a box of receipts to your tax guy and have him try to read your mind. Good tax guys are not cheap, and you want to pay him to prepare your taxes, not do your bookkeeping.
This insight is gold. Seriously. Everyone thinks they want a rockstar accountant when what they really need is a bookkeeper (or to just organize their books in a systematic, consistent way).
This is the consultant training course I never received but wish I had. Even now, 8 years into my consulting career (not tech but many of these ideas still apply), I found a lot here that either confirms what I've learned the hard way or spells out something I've encountered but never thought about. This is exactly the kind of stuff I come to HN for, great share.
My one rule is that I don’t do “staff augmentation” under any circumstances. I only “consult” when I am actually bringing in my subject matter expertise or projects where there is a “definition of done” and I can put myself out of job.
In all fairness, I work in the cloud consulting department at $BigTech. I have to be able to talk about my projects based on results, not just that I billed the customer $x hours a week. You can get staff augmentation people a lot cheaper than us.
We don’t want the customer to have an ongoing dependency on us. We want them to either be self sufficient after we complete a project or be using a third party “partner”.
We may work at the same company. This is how the consulting department operates here.
With regards to Staff Aug, I was speaking to my consulting experience at another company. That company operated like a lot of consulting companies I've worked with, where their attitude was (and I quote): "A maniacal pursuit of revenue"
One of the many things I would add: Don’t get bullied into signing overly broad NDA’s or contracts. Never be afraid to walk away from heavily one-sided agreements. They are not worth the potential future consequences.
On the other hand, amateur-hour super-broad NDA’s are not enforceable. You either need experience or an attorney to spot these. Be careful or you could NDA yourself out of an industry.
Don’t get bullied into signing overly broad NDA’s or contracts. Never be afraid to walk away from heavily one-sided agreements.
I have been stunned a few times by terms proposed by very large and well-known recruitment agencies here in the UK. A few lawyers I know and a few recruiters I know who work for better firms couldn't believe them either. We're talking basic stuff like you agree to fix any defects free of charge when there's barely any spec there in the first place, you accept unlimited financial liability and must carry an amount of insurance wildly disproportionate to the value of the gig itself, you give indefinite commitments that could interrupt your future work at any time forever, you accept an NDA with enough scope to potentially exclude working within entire industries, or my personal favourite, they have a right to refuse to pay you for services rendered if they arbitrarily declare those services not to be satisfactory.
I've noticed that these terms always seem to be proposed with some kind of imminent deadline. They can't possibly confirm tomorrow's introductory phone call with the real end client until you've signed their NDA and the 30 pages of unrelated legalese like the above that are bundled with it. They need you to agree in writing that you'll accept the gig based on nothing but a short summary and then they finally send the full terms late on the day before you're supposed to start and you need to agree to those as well or the deal is off. But don't worry because they've placed a million other people using those terms before and it's been reviewed thousands of times by other lawyers and remarkably not a single one has ever noticed the things you spotted in ten seconds that literally made your lawyer laugh out loud when you said "This looks bad and I shouldn't agree to it, right?".
These days if I had to deal with recruiters or agencies at all and they came up with anything like that I would just take it as a big warning sign that absolutely everything they say or do is not to be trusted and must be vetted by your own legal and financial advisors before agreeing to it. Walking away becomes the default response unless the agency agrees to a counterproposal locked up tighter than Fort Knox. And those agencies never do IME so actually just walking away immediately is probably the best option.
We just rejected a military contract because the company wanting to hire us sent us the most ridiculous NDA I have seen in a while. The first job amounted to thermal design and simulation. Two weeks of work, maybe three. The way these contracts work, we might not hear from them for a year after that, or five.
In exchange for two weeks of work they wanted us to sign a wide-and-deep five-year NDA. Five years. For two weeks of work.
What’s worse is the work did not require disclosure of anything proprietary at all. Power, area and environmental conditions. That’s it.
I found this really insightful as someone who runs a small consultancy/professional services department within a larger company. I agree with a lot of what he's written (some terminology aside), but we have different perspectives on billing.
My department's engagements are exclusively 'fixed-bid projects'. Truth be told, I'd prefer hourly billing as it reduces our risk. There is an omnipresent danger that we've horribly under-estimated the effort required to deliver a project, but the customer isn't concerned about that. They are interested in minimizing their own risk. And the fixed bid is a guarantee of X results for $Y, which has more safeties in place. I suppose that's why the author has to explicitly spell out how to fire him.
> There is an omnipresent danger that we've horribly under-estimated the effort required to deliver a project, but the customer isn't concerned about that.
Which is why the author states:
> These require highly detailed specifications that list exactly what is expected of the consultant. If it's not entirely clear what the requirements are, there will be endless disagreements over whether this or that is in the scope of work: The customer will think it is (you work for free), and you will think it isn't (customer pay me more).
And when you say:
> They are interested in minimizing their own risk.
You are entirely correct in that this is what customers want. What this also implies is risk is transferred to the consultancy if the aforementioned detailed specifications (contract) does not exist or is sufficiently vague.
> And the fixed bid is a guarantee of X results for $Y, which has more safeties in place.
If and only if the specifications are inflexible or recourse has been established such that "scope creep" can be negotiated.
Otherwise, the only "safeties in place" are that $Y is all a customer will pay, no matter what X becomes.
Seems like so much work, but I guess it's worth it if you get momentum going through word of mouth, which means more billable hours and less self-promotion. Dealing with taxes, invoices, customer demands, etc. Seems so overwhelming.
By thinking of those whom engage your services as customers and not clients (or even worse; "users"), it serves as a reminder that while what a consultant offers is often specialized and hard-to-find skills, those same skills are only of value if they serve to benefit the customer. Within reason, of course.
This was stated in another way by the author:
> A client implies that the consultant is superior, while customer suggests that the consultant is beholden.
I think this is critical too and the author is on point with the same concept.
I just go back to a more old-fashioned application of the terminology.
There is a similarity between a private practice of a single physician, or an individual attorney, whether or not they may operate single-handedly or employ an administrator or staff like nurse or paralegal. OTOH you've got major hospitals and large law partnerships.
But these are "industries" which for centuries it was recognized as unethical to persuasively advertise or use any type of pressurized sales tactics.
Just because advertising these things has been legal for decades now, it remains to be seen if that was actually the wisest aproach.
For one thing patients and injury victims are no longer just the treatment subjects but now financial commodities in addition.
Well back then the attorneys always had clients who were expected to engage them purely based on reputation and word-of-mouth, doctors too except they just called them patients as always. There would seem to be stronger incentive for achieving better reputation when persuasive approaches are recognized as unethical.
In business "clients" were the ones that came to you, "customers" were the ones that needed a little sales pitch.
Now an engineering office, or even a pure sales office, can operate along the same business model. Where the paying client who comes to you based on reputation & word-of-mouth because of what you have to offer is your real bread & butter.
This must seriously project value to the payer, form a good foundation, and it will capture those that would run the other way at the hint of persuasiveness or upselling of any kind.
So for terminology to me the "client" is nothing like the familiar concept in computer science, it is further from being like a "user", and instead a notch above the valued "customer" who is one that needs to be persuaded a bit to come along, sometimes continuously.
The customer gets teated like they are always right, even when it's not true, and the traditional clients end up with an even better feeling.
For the entire experience all must feel like they are getting their money's worth in a more personalized way than a general business "customer" would expect. Nothing could be warmer or fuzzier.
Having more familiarity with each client then will lead to those among them who occasionally would not only respond to a growth marketing effort, but would be eager to participate just to see you grow to serve them better and more extensively. This is probably not something you want to subject all your clients to.
Though it is possible to base many businesses on a marketing strategy for their bread & butter, alternatively it might be better to base it on something unique to offer. So future marketing effort offers more of a bonanza potential rather than just a baseline income stream.
The lovely thing about English is all the nuance words we use can have :-).
> Well back then the attorneys always had clients who were expected to engage them purely based on reputation and word-of-mouth ...
This is a crucial observation IMHO.
> In business "clients" were the ones that came to you, "customers" were the ones that needed a little sales pitch.
And this is where we diverge in our use of "clients" and "customers" in a business context. My use of "customers" is not in a retail type of context, where convincing is often needed, but is instead in a service one.
Perhaps the author's phrasing of:
> A client implies that the consultant is superior, while customer suggests that the consultant is beholden.
Is a bit too strong. What if, instead, the two were categorized as;
- A client implies that the consultant (doctor, lawyer, engineer, etc.) is sought out by someone who will do what the consultant tells them to do due to reputation and/or word-of-mouth.
- A customer suggests that the consultant (doctor, lawyer, engineer, etc.) is sought out by someone who needs their skills and expects the consultant to work with them to achieve their goals.
To me, the former cedes control to the consultant. This is not always a bad thing, BTW, as for example many people will recommend; "listen to your lawyer, they know the law and courts better than you."
The latter conveys to me more of a collaborative interaction, where the consultant and customer are each reminded that what the consultant offers are the skills the customer requires to reach their goals. And, of course, what the customer offers is the ability to express to the consultant, with both vision and remuneration, what they seek.
2008: https://news.ycombinator.com/item?id=411994
2010: https://news.ycombinator.com/item?id=1430968
[0] http://regex.info