How do you research a market from the outside? Especially in digital/saas products where the barrier to entry is already low, it seems to me that the successful people don't want to give up their competitive advantage by telling the world how to reproduce their business model (for good reason).
Start talking to potential customers. Find out how painful and valuable the problem is. Find out if they are currently using some other solution to the problem (your competitors).
Approach an industry organisation, if there is one, and talk to them about the problem, who has any existing or new solutions and find out if they have market research from their members.
Just a comment about the above two points, you don't have to pitch your specific solution to the problem but I would still leave the door open when you are talking to people and say something like, "if I were to come up with a solution that would do (insert features and benefits) would you be interested in talking further?" If the problem just isn't perceived by your customers to be painful or valuable then I would move on.
Now assuming the pain is sufficient and a solution is valuable then start looking at the economics of the business and start 'building the market.' What I mean by that is start with some assumptions about customer characteristics, for example demographics, and start putting some numbers together in terms of total market size. Try to do this from different angles and use different assumptions.
Then start playing around with what you think your cost and profit structure would look like with different business models. Think about what your cash burn rate will be and what sort of adoption you will need to hit a 'cash neutral' and break even scenario.
Then start applying this to your 'whole of market' model that you did before and start thinking if it makes sense. Do you need 1% or 0.0001% of the market to start adopting your solution? What might it cost to acquire those customers in terms of time and money? Start thinking about how that relates to hitting your 'cash neutral' and break even scenario.
Take a step back. Does this make sense? How much work is involved? How much capital are you going to need to achieve this? Then multiply that by say 4-5 times to give you a margin for error.
Now start thinking about post 'cash neutral' scenarios where you are capturing different rates of the market. How much do your costs ramp up? What is your marginal profitability? What does this equate to in terms of return on capital? If the returns are low then forget it. Investors want you to return their capital plus a big fat profit. If you don't think you can grow a big enough pie so you can get a slice of it that will satisfy you then forget it and find another opportunity.
If things look like they are stacking up well and you got a good story to sell to investors then good luck. Raising money is a bitch. Assuming you manage to get enough then things get harder because you will now have to execute within the cash 'runway' you have been given and well the rest at that point is up to you, your team and luck.
I just wanted to chime in and say that I had always avoided infosec as "too hard" (I'm primarily a UI guy), but the Snowden leaks have made me a lot more conscious of my digital footprint and security in general. I even spent several months on khan academy learning the requisite maths to understand the stanford crypto 101 class on coursera (awesome course by the way!). Of course I'm far from journeyman status but I believe there are many more like me whose awareness of the issue was significantly raised by the leaks. Even if no political changes come about as a result, that's a huge aggregate effect that will only increase over the next years/decades.
I think it's a bit odd so many hackers view technology as even a possibility to their saving grace in this struggle. Were hackers the ones largely supporting actionable development efforts of Tor? Do they continue to? How many people do you know that use Tor for casual internet browsing vs spending more time on Facebook?
Take a look at your paycheck, expenses, taxes, and then contributions to technological solutions by-the-people, for-the-people. How many of you work at $job doing data-analysis for marketing schemes verses something useful to society. After all of that, then do some rough statistics on programmers that contribute to meaningful projects regarding cryptography (properly implemented, not talking about crap like 'secret') and freenet-type ideas. How many of us are going to quit our jobs to focus on this problem, how many of us could if we wanted to. Stop kidding yourselves, we're all literally paying for the work of evil-doers to subvert long extinguished ideas of privacy. Either adapt to survive or resist in a meaningful way, stop diluting yourselves with ideas of grandeur.
Tech people are nothing more than glorified marketers by-and-large. We handed the reigns of technology to those with capital, and the results are sickening. RMS was and will always be correct. The rest of you live in a vacuum fortified by paychecks and social support.
> The rest of you live in a vacuum fortified by paychecks and social support.
It's all of us really. The enormous amount of money pumped into tech by the surveillance state reaches nearly every software company (and beyond). Your examples for worthwhile projects are Tor, freenet, and crypto. The surveillance state finds those projects useful too.
This problem is larger than what you're considering and blaming particular industries and spaces understates the amount of cash pumped into the world by governments.
And just because corn farmers have a subsidized crop that drives the processed food industry which give us cancer/diabetes doesn't mean those farmers shouldn't follow best practices unless we want another dust bowl. Likewise, I think it's great that UI programmers are more aware of security.
Also, we're not literally paying for the surveillance state. They're essentially stealing from the people by arbitrarily printing money which devalues our own. If taxes were raised commensurate with spending and debt, we'd certainly be making some more prudent decisions about how best to spend tax dollars.
I assure you I have no delusions of grandeur. I believe that you are underestimating the halo effect of the negative attention that sovereign and corporate spying have received in the last few years. And I don't pay taxes to the US government.
I was careful not to specify US taxes. The US may have started the awareness of this issue, but they're far from the only government involved. I've underestimated very little so far, retrospective to my predictions. However I've argued with plenty that have overestimated as history now proves.
Again, my point was looking at the overall useful contributions the average hacker can make while focusing on the struggle of maintaining 98F, verses the hiring, monetizing and actionable efforts coming from the adversary. Making progress in this day and age largely depends on accurately understanding the actual adversary. If you think that's limited to the 'US Government'... well then...
The captue of silicon valley by madison avenue never ceases to Amaze me. That's the difference between now. Amazingly, it has nothing to do with the NSA. But the privacy landgrab really stated with all of the VC backed companies desperately trying to become profitable in a stock bubble.
Apparently they are making (or made already?) it easier to sue people in Turkey for p2p copyright infringement. However, the fact that put.io is still up tells a lot about how effectively those laws are enacted.
There's nothing technically wrong with this, but one could make the argument that once a project expands beyond a single developer, you have a greater chance of namespace collisions with vague class names like `.large`. Eventually someone will come along and make a `.large` class for headlines that will make your buttons have 36pt labels.
Edit: I have a suspicion that most attempts at "semantic" CSS are a symptom of a slightly OCD designer wanting to write pretty markup, which is, in my opinion, probably the last thing you should be optimizing for productivity.
You can't guarantee that someone won't add a 'top-level' class name in the future that matches one of your 'modifier' class names. It's essentially the same argument as saying that global variables are OK because no one will ever have a global variable with the same name as yours.