Cogito, Ergo Sumana

picture of Sumana's head

Sumana Harihareswara's journal


(0) : Using Beautiful Soup, Pystache, and Lunr.js for an Archival Site: My third week of my 2014 Hacker School batch, I decided to take on a project that I'd originally thought about doing a year before, during my first go at HS.

Between April 2005 and August 2007, I wrote a weekly column called "MC Masala" for the "Inside Bay Area" section of several papers in the San Francisco Bay Area, including the Oakland Tribune. My work circulated to about a million people, I'm told. A few years ago I grabbed a softcopy of almost all my archives off a periodicals database, and then in 2011 I made an abortive attempt to get the columns online, but gave up on all the fiddly textmunging bits.

But a few weeks ago I felt ready to make a go of it, and I figured this would be a fun and useful way to learn Beautiful Soup and learn to finagle a search engine. So I basically stopped doing the Matasano crypto challenges and started a new project.*

Beautiful Soup, Pystache, and sed

I wrote a script to take a list of HTML files of my old newspaper columns and scrape them using Beautiful Soup. (I only needed a tiny bit of live help from Leonard -- to whit, he got me to use the html5lib parser instead of the default.) My script output a Python dictionary containing the stories as structured data: headline, date, & body. And I wrote a script to render that data through Pystache templates I wrote and write an HTML file for each story, plus a table of contents page. (I don't intend on adding comments or starting the column back again, so I didn't think I'd want a CMS. Pystache, the Python implementation for lightweight Mustache templates, seemed like a reasonable choice.) I got some help on this, notably from a pairing session with Chase Lambert on testing Unicode stuff, and from a pairing session with Geoff Shannon on a Pystache type and inheritance problem.

Unfortunately I never quite figured out how to get one Pystache template nested in another, so there's some code duplication (perhaps partials are the answer). And I had to hack my way around some loopback issues so as to put chronological next/previous links on each article. (Story URLs are just kebab-cased dates. So, my script gets the headline and date (and thus the URL) of the next or previous story by traversing a date-sorted list of dates-and-headlines dicts, then renders the dates and URLs into variables in the template. Oh right, this is where a CMS would have been nice! Lightweight is great until it's not.)

(In the course of all this, I (with help from a sed FAQ) wrote my first real honest-to-goodness "changing a bunch of files in-place with sed" one-liner in years or possibly ever. A ton of links in several files were pointing to the parent directory instead of the current directory. So: sed -i '/head/s/\.\.\///' *.html means "In-place, change ../ to nil, in all the .html files in this directory." Whoo!)

The look, the feel

(There was a cotton ad on TV when I was a kid, with the jingle, "The look / the feel / the fabric of our lives." Sometimes Nandini and I sing it to each other. I suppose if there were an ad for Cascading Style Sheets on TV today it could use the same motto.)

I wrote the stylesheet and arranged the proper elements in the template with a bunch of help from Mozilla Developer Network's guidance on boxes and tables, and that old standby, CSS Zen Garden. I gratefully and curiously perused several nice-looking styles for inspiration and edification. I now more thoroughly understand the difference between margin and padding, and grok better why modern sites have a zillion divs.

For a "home" image, I used a picture of me that Valerie Aurora took, and for a header decoration, I used the GNU Image Manipulation Program to stitch together repetitions of a photo that Kitt Hodsden took and blogged in 2012.

Lunr.js

I thought about adding a server-side search engine with something like Lucene or ElasticSearch, but then I heard about a client-side search engine, Lunr.js. My previous HS batch had included a little JS exploration, and I'd futzed with JavaScript in my Node project the previous week, so Lunr sounded like a good approach. I got it installed okay, and borrowed Ben Smith's minified JS package and Jared Dominguez's index-builder, and got a ton of experience with Chrome developer tools. Over the course of getting Lunr.js working on my site (with help from Nicholas Cassleman and Vito LaVilla) I wrote JS to query the index and return search results. I especially like that the result shows up in the same page, without the need for a redirect or full page refresh.

I've made database schema decisions before, but I haven't previously decided on search indices. It was cool that I had the power to change up the parsed output once I realized that the structured data ought to have hrefs as the unique IDs, rather than otherwise-useless unique doc IDs.

My site!

MC Masala is live! I am so happy that these columns have a nice home now, and that I made it. I got to exercise my Python, which is strong, and I got to strengthen a bunch of other skills along the way. It's not perfect, and I have a TODO list, but it's the nicest-looking site I've ever made, and it fulfills its function well. And I made it in just a few days.


* I basically stalled on the Matasano challenges, and will come back to them someday when I don't feel so time-constrained. I did get some use out of doing the ones I did! I have now grokked byte-level stuff much better, and learned about bytearrays thanks to Allison Kaptur. And I got some laughs out of the process. Example: In challenge six, the Hamming distance the player calculates should be 37. First attempt: came up with 14. Next: 598. I literally laughed aloud. Then, when I finally got 37, I thrust my arms into the air with great vigor because I WAS A DEITY OF PURE LIGHT. But then I started getting depressingly wrong answers and kept getting them; I got help from friends, but decided to hold off and only look at one friend's potentially-spoilery explanation when I'm ready to come back, and I still haven't looked at it. I tried to remind myself of a sort of Allison Kaptur/Carol Dweck "the edge of maybe-can't/"The only thing that makes you smarter is doing hard things" attitude, that I am a Joseph Campbell hero and the greater my struggle the greater my triumph will be. But I was tearing up in frustration, and I decided to give myself a rest from crypto and level up on the main skill I'd come to Hacker School to learn, namely, webdev. And I think that was the right decision. You gotta manage your own morale and momentum -- that's a resource too.

Filed under:


(0) : A Node.js Project, And Deciding to Shelve It: In my second week of my 2014 Hacker School batch, I asked:

What are red flags in scifi/fantasy magazines' calls for submissions? What words/phrases make you think "ew, avoid"? -- @brainwane, 3:48 PM - 13 Oct 2014

As Moss guessed, I was thinking of making an SF&F version of joblint.org, to automatically check for suspect wording in "please submit" pages and posts by speculative fiction publishers.

I take off my hat to Rowan Manning for creating the tool and the site, which I found easy to adapt (my fork of the tool, my fork of the site). The code's in Node.js, and despite an npm problem on Ubuntu, I found it fairly easy to figure out how to change the tests, regular expressions, and error messages, modify the package dependencies and update appropriately (especially thanks to Hacker School colleagues). Check it out: package.json lets you point specifically to a git repo as a dependency, and specify a branch. Even though my JavaScript is terrible, I even figured out how to check for the absence of a thing we want in calls for submissions (specifically, wordcount expectations). Overall, the tech side of this project was easier than I expected. (I also did a few of the Matasano crypto challenges that week, which was a very different approach to looking for signals in text!)

But conversation with some SF&F community members led me to believe that the joblint approach wouldn't help here. In tech industry job descriptions, you can rely on certain buzzwords and key off them; joblint should be only part of a suite that catches problems, the way a code linter should be in a software engineering process, but it prookes thought and is useful on its own. But problems with SF&F calls for submissions are often in subtler approaches rather than easy-to-match strings. So it didn't feel worthwhile for me to try for a regexes-alone approach, and I didn't want to spend my Hacker School time thinking though the automated literature analysis part of this problem; that's not what I wanted to do in this batch.

So I shelved the project and I have not gotten it even close to launch. But the code's up with a TODO list, and y'all should feel free to grab it and run with it if it strikes your fancy!

And I got some hands-on time getting comfortable with Node and I reassured myself that I can cargo-cult JavaScript modifications when necessary, so that was cool. And I got and merged a pull request from an old Wikimedia acquaintance, which made me feel warm and fuzzy. I've left the Foundation, but relationships remain.

Filed under:


(1) : Things I Learned About Drupal And Odd 404s: Back on October 7th, I offered "Some Tips On Domain Names And Hosting", and said: "So, next step: choosing a provider, spinning up a server, loading it up, and pointing my new domain name at it!" And then an interesting unexpected thing came up, which takes up the majority of this post (see the "Weird spam and HTTP tricks" section).

I chose DigitalOcean mainly because a peer had a $10 referral coupon thing, so I could for free enjoy the benefits of using a service that has a business model that makes sense and won't get all ad skeevy (relevant rant, parts one, two, and three).

Security stuff

I faced some two-factor auth problems basically because the most convenient 2FA solutions assume you are fine with installing a closed-source app on a computing device you control.

Also, when spinning up a DigitalOcean droplet for the first time and SSHing into it, I'd like to establish the authenticity of the host by verifying the ECDSA key fingerprint. Where in one's digitalocean.com settings or in the web UI should one look to find that? The answer: one can't. I looked on the web and asked around, and found a lot of people saying, "when you get to 'the authenticity of this host cannot be established, are you sure,' just say yes." There is apparently no way to verify that key fingerprint in the web UI. The attack vector is microscopic (someone else coming in and spoofing the IP address right after you spin it up and before you have a chance to SSH in). But it still annoys me. I hear Amazon EC2 has solved this problem and does give you a way to verify the fingerprint.

Server setup

I followed some useful tutorials to refresh my memory so I could set up an Ubuntu server and get a LAMP stack installed. Another helped me install Drupal. I have now successfully installed Drupal!

Drupal

Generally, if you want to make Drupal do what you want it to do, it's helpful to install modules that other people have made, and maybe themes. You can check out popular modules such as Views, and you can look up how to install modules and themes, and learn how to install modules and themes specifically in Drupal 7.

Thanks to much help from Fureigh (example), when I looked up an "installation profile" ("ngpprofile") that interested me, I found out about Drush and installed it. It seems as though drush wants or seems to need to do everything as root, which doesn't feel right to me, so maybe I misunderstood. Then again, a sysadmin of my acquaintance mentioned his "you gotta be kidding me" reaction to a Drupal installation HOWTO that blithely said "now chmod 777 the web directory", so maybe I just have a different attitude to privileging than Drupal does! Some more thoughts on Drush: a slide deck, GitHub, a homepage, and a project page.

And Fureigh submitted a patch to get ngpprofile to work properly with Drush! ... And then I ungratefully did not try to use ngpprofile, and instead looked at a very very simple theme, and then fiddled manually with templates and the admin dashboard to make my site look just slightly different from a regular stock Drupal site. Drupal theming seems to be a pretty deep skill in and of itself.

I got help from the #drupal-support IRC channel on Freenode as I went -- thanks! If I ever dip into Drupal again, I'll check out a video resource they recommended, including a "build your first Drupal 7 website" video sequence.

Weird spam and HTTP tricks

I bought a brand-new domain name via Hover and pointed it to my DigitalOcean droplet. The next day, I looked at various admin logs and noticed strange 404s that had nothing to do with my site. Clearly they were spam and the attackers hoped I would click on their URLs thinking they were referrers, or similar (if the attacked site's 404 logs are public, intentionally or accidentally, then this tactic would increase the spammer's pagerank). I'll reproduce one here, with the actual URL replaced with "myphishingsite.biz" and eliding the IP.

TYPE page not found
DATE Thursday, October 9, 2014 - 10:46
USER Anonymous (not verified)
LOCATION http://myphishingsite.biz/http://myphishingsite.biz
REFERRER 
MESSAGE ttp://myphishingsite.biz
SEVERITY warning
HOSTNAME [IP address elided]
Hmmm. The spammer left their URL in the LOCATION field somehow, but there's no referer (Drupal spells it "referrer in the admin console). I found that I could cause a "page not found" log entry by going to a nonexistent page on my site, e.g. /bleeber, but then the LOCATION for that log entry was http://[hostname.tld]/bleeber. How was the spammer manufacturing an entry with a LOCATION of http://myphishingsite.biz? And what was up with the truncated initial "h" in the MESSAGE field?

With a few pointers from two Hacker School colleagues, a bit of reading up on how Drupal logs 404s, what access logs look like in Apache, and what 404 actually means, and some trial-and-error, I began to see what was happening. If I went to http://myhostname.tld/http://panix.com , then my access logs included GET /http://panix.com . But the attacker sent requests that logged as GET http://[spamsite] (notice that there is no leading /). So I began to suspect that the attacker programmatically sends GET requests with some kind of intentionally malformed header. (And then this helped me explain why, in the report overview in the web-based admin console, the spammed URLs miss their first character (the h in http) -- usually you don't care about the leading slash or about the base URL when you're skimming that overview, so Drupal programmers made some kind of "omit the first character" choice.)

Time to break out netcat! Usually, the first string after GET in an HTTP request header is the location of the resource you want on the host that you're sending the request to (below, "myhostname.tld" is the host that I'm sending the request to). You'll often see GET / or GET /favicon.ico, for instance. But there's no reason you can't do something like this:

$ nc myhostname.tld 80
GET http://berkeley.edu HTTP/1.1
Host: berkeley.edu
Referrer: 
User-Agent: netcat

When I sent that HTTP request manually, I could replicate precisely what the spammers were doing, in terms of what characters showed up or got clipped in the relevant logs. For instance, the access log entry:

[IP address elided] - - [11/Oct/2014:16:23:47 -0400] "GET http://berkeley.edu HTTP/1.1" 404 7574 "-" "netcat"

And if I were specifically attacking Drupal administrators and wanted them to click on things, and I knew about the initial truncated character in the web-based admin console view, I might send a GET request that includes an initial character to throw away:

$ nc myhostname.tld 80
GET /http://nyc.gov/ HTTP/1.1
Host: nyc.gov
Referrer: 
User-Agent: netcat

Success

So, my first week of my second Hacker School batch, I succeeded in learning a bunch about using the domain name system, hosting, and Drupal, AND I learned how to do hilariously wrong things with HTTP requests. (The site isn't up anymore, because that wasn't the point.) I then went on to build some more sites with different tools, and I'll blog about the rest of them in upcoming posts.

Filed under:


(0) : Shelter and Memory: Mary Schmich wrote in that 1997 "wear sunscreen" advicedump, which has stuck with me and overall proven a good guide for adult Sumana:

Understand that friends come and go, but with a precious few you should hold on. Work hard to bridge the gaps in geography and lifestyle, because the older you get, the more you need the people who knew you when you were young.

This weekend I hung out with a couple of Wikimedia engineers I'd known for a while -- heck, I'd helped one of them move. One of them mentioned, "I was looking at the Wikipedia article for Team America: World Police --"

And I joked something like, "Oh, because it was interfering with the Education Program's Team America namespace?"

And he laughed at my joke, because he remembered that two years ago, we tried to help out professors by introducing a Course namespace (basically wiki pages starting with "Course:"), but that this caused a conflict with the article about the Star Trek: Voyager episode "Course: Oblivion". Such an obscure joke.

That's the time and the place for the coziness of an inside joke -- among friends, the ones who've helped you shape your identity, so the homosocial bonding doesn't exclude newbies and imply to them that if they don't get the joke then they don't belong. I wonder what idiom speakers of other languages use; the phrase "inside joke" carries these connotations of shelter and interiority to me.

There's a saying that you know you're a New Yorker when you point to a storefront and say "I remember when that was [something different]." I've been here going on nine years, longer than I have ever lived in any other city, and I can imagine visual diffs for scores of blocks. It makes me feel rooted, like a tree. I can sense -- and sometimes give in to -- the temptation to assume that the change began when I arrived and began to observe it, as though the only important change is the change I witnessed.

My family moved over and over when I was a child, and I was poor at socializing as a teen, and I've only retained a handful of college friendships. Today I'm doing a big inbox scouring, and this musing reminds me to prioritize replying to the old pals, the ones who knew a Sumana I can barely remember.


(1) : Sometimes Paths Are Useful: I just finished a six-week batch at Hacker School. As an alumna, I had the option of asking to come back for three months or for a six-week minibatch, and I decided on the latter. I'll be writing more about my lessons, but today I can mostly point to my programming partner's writeup and add a silly story.

I met Greg Hendershott at !!Con months back, and then we ended up in the same batch and found that we laugh at each other's jokes. So we tried to figure out what to work on together. He's way into functional programming, Racket, Clojure, stuff like that, and has for instance written an emacs mode for Racket. In contrast, I'm only fluent in Python and have been concentrating on web dev. We found common ground in Python and an interest in security, and made a webservice that runs a static analyzer on a user-submitted code sample and returns to the user a "report card" of vulnerabilities in their code. That's what I spent the last two weeks on.

In his post, Greg describes how we rejected smaller and smaller web frameworks, finally settling on subclassing from BaseHTTPServer (built into Python's standard library). When you do that, you have to literally define methods so that the server can handle even the most basic HTTP verbs, like GET and POST. We defined POST but didn't define GET, because we didn't need to! It felt so tremendously subversive, creating a web service that gave you a 501 (Method Not Supported) if you tried to GET / , and yet actually did other things. Deliciously wrong.

(Also amazing: reading and subclassing from code whose initial code comments specifically and relevantly cite the work of Tim Berners-Lee and Roy Fielding. I felt such awe and gratitude, that I am part of a grand heritage of innovation and infrastructure. What an inheritance!)

So then a few days later we decided to make a simple web page or two, so that someone using a web browser could use the service. I loved the experience of API-first design, and felt amused when I implemented our server's second method, do_GET. (One nice thing about long-term collaboration is that you can pair some of the time and also do some bits on your own, bringing them to your partner for code review.) do_GET, like do_POST, didn't care about the path, because there's only one thing a user is ever going to do with our service. No URL routing required. A GET request always caused the server to return index.html.

Then I stubbed out a small index.html page, borrowing bits and pieces from other past projects where I'd solved similar problems. And I thought "well I'll style this a bit" and copied a style.css file from one of my old sites into the project directory, linked to it in the head element of index.html, futzed with some element names and IDs, and reloaded. Hmm, why no styling? Shift-reload. Still looked bare. I opened up the developer toolbar...

...and saw that "style.css" had the text of index.html. Because I had defined GET to always return index.html! And when you want a browser to be able to use a stylesheet, well, it'll have to GET it!

I laughed pretty hard, then inlined the CSS. (And we did end up writing a bit of URL routing so we could serve a favicon to browsers and to serve a capabilities document to service clients.)

I get so much joy out of playing with the building blocks of the Web. It's a great feeling. Thanks for working on this with me, Greg!

Filed under:


: Snapshot: Sometime in early 2010, I jotted down a few notes that I meant to blog at the time; I've now expanded them into the following entry. I was in between jobs; I think it was just after my time at Collabora, and the year before I started working for Wikimedia Foundation. I'd been in New York City for a little over four years. It's interesting to look back -- I never did turn any of those ideas into a proper conference talk, and I still remember the atmosphere of that evening, feeling out of place of course among the men in business suits in some dim bar, but still connected to them because of what we'd studied together.

Today I thought up some proposal ideas for conferences... [terrible ideas elided]

Today I also reread bits of Rick Yancey's tax collector memoirs, and I went to dinner/drinks with old colleagues, people I'd done the master's in tech management with a few years previous. Basically all guys (and jeez sexism much?). Evidently SWOT & similar tools really work when you break 'em out appropriately (in the midst of chaos, maybe?). And from what these guys tell me, HR is a mess in most big companies; if I can not just catalyse, but teach other people to replicate my success, that's marketable. The interface between a firm & its clients is crucial, but so is the interface between the firm & its employees.

It sounds like one way to keep those corporate accounting and finance skills honed would be to try looking at the financials of a company without knowing its name, and work out what it is.

What do I want in my next job? I should be open to larger orgs, larger than any I've worked with in the past, but I don't want some things I've heard are common in big organizations:

  • stifling bureaucracy
  • stifling political atmosphere that stops necessary things from being said or asked
  • lengthy processes lasting more than 3 months to get rid of an underperformer
Most touchingly, my old classmate [name] said he's forever remembered my interaction with that executive who came to guest-lecture us, about whether he considers himself a success, and would he do it again. Hearing that answer changed his mind. Before coming into the Master's in Tech Management program, he'd thought, "I want to be a CIO of a big corporation." Afterwards: "I want time for family."


: .illusion(): Last night one of my Hacker School peers was practicing sleight-of-hand with a card deck, and another peer walked over and said, "Oh, I used to run a magic tricks website."

I waited with bated breath for the punchline. None came! So I had to make some up.

I used to run a magic tricks website, but it disappeared.

I used to run a magic tricks website; I wrote it in Haspell.

I used to run a magic tricks website; it ran RabbitMQ.

I used to run a magic tricks website; I used SQLAlchemy. (predicated on the false memory that SQLAlchemy's logo is a tophat and cane)

I used to run a magic tricks address book application; pick a .vcard format, any .vcard format!

I used to run a magic tricks website; this is my lovely helper function.

But I felt stymied. When I think of magic tricks, I think of visuals and descriptions, not easy-to-pun jargon. And I couldn't think of any puns on the names of GOB Bluth, Penn and Teller, David Copperfield, or Criss Angel/Mindfreak.

And then Cerek Hillen came up with: "I used to run a magic tricks website; I wrote it in Brainfreak." And I thought: yes. It is done.

Filed under:


: Vestiges: I know some Russian, some French, and some Kannada, and every once in a while, my vocabulary fractures and I say a word from some other language. "Nodu" is Kannada for "look" (imperative second-person), and to this day, if I want to point something out to an interlocutor, I'll find myself saying "Nodu." (By now I think Leonard's learned that bit of Kannada through repetition and pattern-matching.)

I know some Python, some Bash, and some Scheme, and every once in a while, as I typetypetype in a Python file in emacs, I'll find myself wanting to car to get the first element from a list, or wanting to pipe (|) the output of one function into another.

Filed under:


(1) : A Few Intermediate Git Tips: Today I led an intermediate Git workshop at Hacker School, with occasional help from more experienced Git users. We covered:

  • cherry-picking versus merging a commit from one branch to another
  • git blame [filename] to see who last touched a line
  • git log --full-diff -p [filename] to view full diffs, and a few cool things to put in your .gitconfig to better view your log, e.g., aliasing something to log --oneline --graph --all --decorate -30
  • better search with git grep, and file listing with git ls-files, to only look at the files in your repository (thus ignoring files mentioned in your .gitignore)
  • git add -p to make your commits cleaner and improve your pull requests (with thanks to this blog post by Allison Kaptur)
  • git rebase -i to rewrite history in your branches and thus also improve your pull requests
  • shallow cloning with git clone --depth 1 (demonstrating that it is faster and takes less disk space, but this took a few tries, since Git is so efficient at storing past revisions that the effect barely registers for small, young repositories)
  • git reset and the differences among default, --soft, and --hard
  • ways to talk about history and what git rev-parse does under the hood (and thus HEAD~1 and HEAD^2 and parents and ancestors and whatnot)

Only afterwards did I see this super useful explanation of the Git model which articulates what's actually doing what.

As we were discussing rebase, I said I didn't yet feel smart enough to do non-interactive rebases. My peer Connor frowned at that. I sought a replacement word. Skilled? Experienced? Audacious? Confident? Maybe that last one.

I'm also going to play around with the gitk GUI tool, maybe with tig, and git bisect. And I heard a brilliant suggestion: when you're about to do something in Git that feels scary, in terms of rebasing or resetting or whatnot, clone your repo and try out your idea on the clone!

Filed under:


: Epithets for Basilisks: I saw a theatrical showing of an Indian movie the other day. I noticed that the filmmakers had censored a few words and phrases. Most confusingly, when one character (an Indian lawyer in 2012) hyperbolically talked about criminals going free, he referred to some person, someone obviously guilty. But the audio blanked out when he said the person's name, and the subtitles also elided the name as "K***".

I am so underinformed on major Indian criminals that my first thought was "Karna". But I talked with an Indian relative who hypothesized: they're referring to in-and-out-of-prison celebrity Sanjay Dutt -- who was, in 2012, not imprisoned -- by his nickname "Khalnayak" (the eponymous villain in his career-making film), and they're blanking out all but that initial consonant so that they can refer to him in a plausibly deniable way.

I wonder whether I will ever lose my fascination with the encodings we develop to avoid the Eye of Sauron, to refer to Voldemort without saying his name. Right now I'm seeing creativity flourish on Twitter, as people use "gg", "G________", "actually about ethics in ga-", and similar. My own contribution: "g7e".

(You do realize that, if Twitter wanted to, they could make it so no one could search for that one string on their site, or via their API, or use it in a Tweet, and the hashtag wouldn't work. Closed-source service. Platform we don't control.)


: Hacker School Miscellanea: Found in an email I sent a few years ago: "I'm freaking 30 now, so I have decided to be Mature, stop feeling bad that I don't learn stuff well on my own, and take classes that play to my predilection towards collaborative structure." As it turns out, I think "don't learn stuff well on my own" was an oversimplification; approximately no one truly learns on their own, after all; I needed a more synchronous community rather than a purely asynchronous one.

Found in an old blog draft that I will never turn into a proper post:

virtualenvwrapper and workon

pip freeze

Beautiful Soup

context manager - "with x as y" (especially for files)
Unicode stuff
modules that are often useful - requests, os, sys, time, datetime, codecs, unittest
list comprehension

different remotes
git add -p
What it looks like to merge a pull request

http://osrc.dfm.io/

Written? Kitten!'s code uses localStorage

Laura Lindzey blogs about whether she'd do Hacker School again; her answer is that she would not, though she loved it, because "Programming is no longer the thing I struggle most with." I smiled at the very last item on her list of things she particularly wants to learn about right now, because I'm genuinely comfortable with my skills in that area and that's one reason I can take a break from it to be at Hacker School.

My batchmate Alyssa Carter has the best About page I have seen in eons.

I got stuck on the sixth of the Matasano crypto challenges last week. I'm going to take another look at it this week now that I've cried a bit, gotten a new perspective from Alex Clemmer, and spent the weekend in Rhode Island at a friend's wedding reception. Gosh those trees are pretty right now, perfectly autumnal. I'm also eyeing Natas which is more directly the type of serverside web security game that piques my interest. All this on top of the main thing I'm doing during Hacker School this go-round, webdev play.

Filed under:


: The Thing You Garden: What are you making? And what are you metamaking? That is, what are you doing to, directly or indirectly, help other people create good things?

I keep thinking about Growstuff, my friend Alex "Skud" Bayley's startup and open data platform for food gardeners (interview). Skud has taught me a lot about open source communities and pitfalls and public collaboration over the past several years, not to mention the geek feminism work she's done.

Frances, Sumana, and other open source interns and mentors at Wiki Conference USA 2014, by Geraldshields11 (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons This past summer I played Skud a bit and mentored Frances. She was already a better coder than me; I helped her grow as an engineer, as a Wikimedian, and as an open source contributor.

Now Skud is asking for AUD$20,000 to massively improve Growstuff's API, and if she gets that money, she can hire Frances to do the work.

I'm so proud that I've helped till some soil and plant some seeds, to make it possible for an open source, open data project to empower even more people. But we only have four days left in the campaign and we haven't even reached AUD$6,000 yet.

You might worry that Growstuff is just yet another vaporware project. Don't. Growstuff works. Federico Mena-Quintero, one of the founders of GNOME (one of the biggest open source projects in history), wrote this month:

Skud started coding Growstuff from scratch. I had never seen a project start from zero-lines-of-code, and be run in an agile fashion, for absolutely everything, and I must say: I am very impressed!

Every single feature runs through the same process: definition of a story, pair programming, integration. Newbies are encouraged to participate. They pair up with a more experienced developer, and they get mentored.

They did that even for the very basic skeleton of the web site: in the beginning there were stories for "the web site should display a footer with links to About and the FAQ", and "the web site should have a login form". I used to think that in order to have a collaboratively-developed project, one had to start with at least a basic skeleton, or a working prototype — Growstuff proved me wrong. By having a friendly, mentoring environment with a well-defined process, you can start from zero-lines-of-code and get excellent results quickly. The site has been fully operational for a couple of years now, and it is a great place to be.

Growstuff is about the friendliest project I have seen.

Watch the video (below) or read the Growstuff blog to see why it's uniquely important to support. And please donate, for the garden we share.


: Lee Iacocca and Malcolm X: I read Malcolm X's autobiography at about twelve and Lee Iacocca's autobiography at around eight. (You know how it is with childhood; you read what's around you.) This past weekend I dipped back into the X, and realized something they have in common: both of them get fired from the number two jobs at their respective organizations.

In their stories, as they tell them:

X converts to Islam in prison and from that point onwards devotes his total loyalty to the Nation of Islam. Iacocca starts working for the Ford Motor Company right after getting his degree. Both rise through the ranks till they're reporting directly to the heads of their orgs, and they live and breathe their orgs' missions.

And then something goes rotten. The top guy in each org is insecure, flawed, can't deal with having such a charismatic, effective, headline-grabbing guy as his direct subordinate. So he gives our protagonist the runaround, then fires him. And our protagonist undergoes the most severe emotional and even physical confusion of his life, reeling from the betrayal.

What next? After Ford fires him, Iacocca goes on to head bankruptcy-bound Chrysler and help turn it around. X founds new organizations, takes the hajj, changes his views. (And assassins kill him a year later.)

Of course Iacocca's and X's self-serving biases skew these narratives. But I still got something interesting out of this repetition, I think, related to what I got out of John Morearty's mentorship -- a belief that, contrary to that old quote, there can be second acts in American lives. That you might rise and fall and rise again.

And that you should be hesitant to love anything that can't love you back -- and institutions can't love you back.

Filed under:


(3) : Recent Reading Responses: Data & Society (which I persist in thinking of as "that New York City think tank that danah boyd is in" in case you want a glimpse of the social graph inside my head) has just published a few papers. I picked up "Understanding Fair Labor Practices in a Networked Age" which summarized many things well. A point that struck me, in its discussion of Uber and of relational labor:

The importance of selling oneself is a key aspect of this kind of piecemeal or contract work, particular because of the large power differential between management and workers and because of the perceived disposability of workers. In order to be considered for future jobs, workers must maintain their high ratings and receive generally positive reviews or they may be booted from the system.

In this description I recognize dynamics that play out, though less compactly, among knowledge workers in my corner of tech.

This pressure to perform relational labor, plus the sexist expectation that women always be "friendly" and never "abrasive" (including online), further silences women's ability to publicly organize around grievances. Those expectations additionally put us in an authenticity bind, since these circumstances demand a public persona that never speaks critically -- inherently inauthentic. Since genuine warmth, and therefore influence, largely derive from authenticity, this impairs our growth as leaders. And here's another pathway that gets blocked off: since since criticizing other people/institutions raises the status of the speaker, these expectations also remove a means for us to gain status.

Speaking of softening abrasive messages, I kept nodding as I read Jocelyn Goldfein's guide to asking for a raise if you're a knowledge worker (especially an engineer) at a company big enough to have compensation bands and levels. I especially liked how she articulated the dilemma of seeking more money -- and perhaps more power -- in a place where ambition is a dirty word (personally I do not consider ambition a dirty word; thank you Dr. Anna Fels), and the same scripts she offers for softening your manager's emotional reaction to bargaining.

I also kept nodding as I read "Rules for Radicals and Developer Marketing" by Rachel Chalmers. Of course she says a number of things that sound like really good advice and that I should take, and she made me want to go read Alinsky and spend more time with Beautiful Trouble, but she also mentions an attitude I share (mutatis mutandis, namely, I've only been working in tech since ~1998):

I've been in the industry 20 years. Companies come and go, relationships endure. The people who are in the Valley, a lot of us are lifers and the configurations of the groups that we're allied to shift over time. This is a big part of why I'm really into not lying and being generous: because I want to continue working with awesome, smart people, and I don't want to burn them just because they happen to be working for a competitor right now. In 10 years' time, who knows?

Relationships, both within the Valley and with your customer, are impossible to fake, and is really the only social capital you have left when you die.

No segue here! Feel the disruption! (Your incumbent Big Media types are all about smooth experience but with the infernokrusher approach I EXPLODE those old tropes so you can Make Your Own Meaning!)

Mark Guzdial, who thinks constantly about computer science education, mentions, in discussing legitimate peripheral participation:

Newcomers have to be able to participate in a way that's meaningful while working at the edge of the community of practice. Asking the noobs in an open-source project to write the docs or to do user testing is not a form of legitimate peripheral participation because most open source projects don’t care about either of those. The activity is not valued.
This point hit me right between the eyes. I have absolutely been that optimist cheerfully encouraging a newbie to write documentation or write up a user testing report. After reading Guzdial's legitimate critique, I wonder: maybe there are pre-qualifying steps we can take to check whether particular open source projects do genuinely value user testing and/or docs, to see whether we should suggest them to newbies.

Speaking of open source: I frequently recommend Dreaming in Code by Scott Rosenberg. It tells the story of the Chandler open source project as a case study, and uses examples from Chandler's process to explain the software engineering process to readers.

When I read Dreaming in Code several years ago, as the story of Chandler progressed, I noticed how many women popped up as engineers, designers, and managers. Rosenberg addressed my surprise late in the book:

Something very unusual had happened to the Chandler team over time. Not by design but maybe not entirely coincidentally, it had become an open source project largely managed by women. [Mitch] Kapor [a man] was still the 'benevolent dictator for life'... But with Katie Parlante and Lisa Dusseault running the engineering groups, Sheila Mooney in charge of product management, and Mimi Yin as the lead designer, Chandler had what was, in the world of software development, an impressive depth of female leadership.....

...No one at OSAF [Open Source Applications Foundation] whom I asked had ever before worked on a software team with so many women in charge, and nearly everyone felt that this rare situation might have something to do with the overwhelming civility around the office -- the relative rarity of nasty turf wars and rude insult and aggressive ego display. There was conflict, yes, but it was carefully muted. Had Kapor set a different tone for the project that removed common barriers to women advancing? Or had the talented women risen to the top and then created a congenial environment?

Such chicken-egg questions are probably unanswerable....


-Scott Rosenberg, Dreaming in Code: Two Dozen Programmers, Three Years, 4,732 Bugs, and One Quest For Transcendent Software, 2007, Crown. pp. 322-323.

I have a bunch of anecdotal evidence that projects whose discussions stay civil attract and retain women more, but I'd love real statistics on that. And in the seven years since Dreaming in Code I think we haven't amassed enough data points in open source specifically to see whether women-led projects generally feel more civil, which means of course that means here's where I exhort the women reading this to found and lead projects!

(Parenthetically: Women have been noticing sexism in free and open source software for as long as FOSS has existed, and fighting it in organized groups for 15 or more years. Valerie Aurora first published "HOWTO Encourage Women in Linux" in 2002. And we need everyone's help, and you, whatever your gender, have the power to genuinely help. A man cofounded GNOME's Outreach Program for Women, for instance. And I'm grateful to everyone of every gender who gave to the Ada Initiative this year! With your help, we can -- among other things -- amass data to answer Scott Rosenberg's rhetorical questions. ;-) )

Filed under:


: How I made a tidepool: Implementing the Friendly Space Policy for Wikimedia Foundation technical events: Back when I worked at the Wikimedia Foundation, I used the Ada Initiative's anti-harassment policy as a template and turned it into the Friendly Space Policy covering tech events run by WMF. I offer you this case study because I think reading about the social and logistical work involved might be inspiring and edifying, and to ask you to please donate to the Ada Initiative today.

Donate now

Wikimedia hackathon in Berlin, 2012, by Guillaume Paumier (Own work) [CC-BY-3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons I was working for Wikimedia Foundation for ~8 months before I broached the topic of a conference anti-harassment policy with the higher-ups - my boss & my boss's boss, both of whom liked the idea and backed me 100%. (I did not actually ask HR, although in retrospect I could have.) My bosses both knew that Not So Great things happen at conferences and they saw why I wanted this. They said they'd have my back if I got any flak.

So I borrowed the Ada Initiative's policy and modified it a little for our needs, and placed my draft on a subpage of my user page on our wiki. Then I briefly announced it to the mailing list where my open source community, MediaWiki, talks. I specifically framed this as not a big deal and something that lots of conferences were doing, and said I wanted to get it in place in time for the hackathon later that month. Approximately everyone in our dev community said "sure" or "could this be even broader?" or "this is a great idea", as you can see in that thread and in the wiki page's history and the talk page.

Sumana with two other women running Wikimedia hackathon in Berlin, 2012, by Yves Tennevin [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons I usually telecommuted to WMF, but I happened to be in San Francisco in preparation for the hackathon, and was able to speak to colleagues in person. My colleague Dana Isokawa pointed out that the phrasing "Anti-harassment policy" was offputting. I agreed with her that I'd prefer something more positive, and I asked some colleagues for suggestions on renaming it. My colleague Heather Walls suggested "Friendly Space Policy". In a pre-hackathon prep meeting, I mentioned the new policy and asked whether people liked the name "Friendly Space Policy," and everyone liked it.

Sumana teaching a Git workshop at Wikimedia hackathon in Amsterdam, 2013, by Sebastiaan ter Burg from Utrecht, The Netherlands (Wikimedia Hackathon 2013, Amsterdam) [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons So I made it an official Policy; I announced it to our developer community and I put it on wikimediafoundation.org.

This might have been the end of it. But a day later, I saw a question from one community member on the more general community-wide mailing list that includes other Wikimedia contributors (editors/uploaders/etc.). That person, who had seen but not commented on the discussion on the wiki or on the developers' list, wanted to slow down adoption and proposed some red tape: a requirement that this policy be passed by a resolution of the Wikimedia Foundation's Board of Trustees (so, basically, the ultimate authority on the topic).

Wikimedia hackathon in Amsterdam in 2013, by User:Multichill (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons But approximately everyone on the community-wide list also thought the policy was fine -- both volunteers and paid WMF staffers. For instance, one colleague said:

"If a policy makes good sense, we clearly need it, and feedback about the text is mostly positive, then we should adopt it. Rejecting a good idea because of process wonkery is stupid.

Sumana is not declaring that she gets to force arbitrary rules on everyone whenever she wants. She is solving a problem for us."

My boss's boss also defended the policy, as did a member of the Board of Trustees.

"Perhaps you misread the width of this policy. Staff can and generally do set policies affecting WMF-run processes and events."

I didn't even have to respond on-list since all these other guys (yes, nearly all or all guys) did my work for me.

Sumana and other Wikimedians enjoying a canal ride during the Amsterdam 2013 hackathon, by Andy Mabbett (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons I was so happy to receive deep and wide support, and to help strengthen the legitimacy of this particular kind of governance decision: consensus, including volunteers, led by a particular WMF staffer. And, even though I had only proposed it for a particularly limited set of events (Wikimedia-sponsored face-to-face technical events), the idea spread to other affiliated organizations (such as Wikimedia UK) and offline events (Wikimania, our flagship conference -- thank you, Sarah Stierch, for your work on that!). And the next year, a volunteer led a session at Wikimania to discuss a potential online Friendly Space Policy:

"Explore what elements are essential for you in such a policy and what we can do collectively to adopt such a policy for Wikipedia and other Wikimedia websites."

Lydia Pintscher and Lila Tretikov at the Wikimedia hackathon in Zurich, 2014, by Ludovic P (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons So perhaps someday, all Wikipedia editors and other Wikimedia contributors will enjoy a safer environment, online as well as offline! I feel warm and joyous that the discussion I launched had, and is having, ripple effects. I felt like I took a gamble, and I looked back to see why it worked. A few reasons:

  • The Ada Initiative's template. I cannot imagine writing something that good from scratch. Having that template to customize for our needs made this gamble possible at all.
  • I started the discussion in January 2012; I had joined Wikimedia Foundation (part-time) in March 2011. So I had already built up a bunch of community cred and social capital.
  • In early 2012, open source citizens saw more and more reports of hostile behavior at conferences; people saw the need for a policy.
  • I added "or preferred Creative Commons license" to the big list of attributes (gender, disability, etc.), which gave the document a touch of Wikimedia-specific wit right at the start of the policy.
  • Sumana teaching a workshop participant at the Wikimedia hackathon in Amsterdam, 2013, by Sebastiaan ter Burg from Utrecht, The Netherlands (Wikimedia Hackathon 2013) [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons I balanced decisiveness and leadership with openness to others' ideas.
  • Honestly, I narrowly focused the policy to an area where my opinion carried weight and I held some legitimate authority (both earned and given), phrased my announcement nonchalantly and confidently, and ran the consensus process pretty transparently. I believe it was hard to disagree without looking like a jerk. ;-)

(If you can privately talk with decisionmakers who have have top-down authority to implement a code of conduct, then you can use another unfortunate tool: point to past incidents that feel close, because they happened to your org or to ones like it.)

Indic Wikimedians gathering at Wikimania, 9 August 2013 in Hong Kong, by Subhashish Panigrahi (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons By implementing our Friendly Space Policy, I created what I think of as a tidepool:

"...places where certain people can sort of rest and vent and collaborate, and ask the questions they feel afraid of asking in public, so they can gain the strength and confidence to go further out, into the invite-only spaces or the very public spaces....spaces where everybody coming in agrees to follow the same rules so it's a place where you feel safer -- these are like tidepools, places where certain kinds of people and certain kinds of behavior can be nurtured and grown so that it’s ready to go out into the wider ocean."

With the help of the Ada Initiative's policy adoption resources, you can make a place like that too -- and if you feel that you don't have top-down authority, perhaps that no one in your community does, then take heart from my story. If you have a few allies, you don't have to change the ocean. You can make a tidepool, and that's a start.

Donate now




: Some Tips On Domain Names And Hosting: Here are some things I recently learned or re-learned about setting up your own website.

Domain names

There are a ton of domain name registrars out there and a lot of them are subsidiaries of Tucows. At least one acquaintance of mine uses NameCheap and finds it low-fuss with a reasonable web UI. I decided to try Hover since they have, in the past, sponsored the In Beta podcast. You will often expect to pay about USD$10 per year, though sometimes you get deals (".club" was $5 through Hover when I last checked).

As long as I was futzing with domains, I decided to transfer over an old domain name to Hover. In order to do that, I had to obtain the auth code, a.k.a. EPP (Extensible Provisioning Protocol) code from my old registrar (the "losing" registrar). Sometimes this should be visible in the web UI when you log into the losing registrar's site. Sometimes you'll have to phone in. And then you might get a shock, because registrars evidently think it's totally okay and normal to ask you for your account password in order to authenticate you, and to send the EPP code over plaintext email. Sadface. But at least some vendors, including Hover, offer two-factor auth! And the two-factor auth applications can live on my laptop or some other device, not necessarily my phone (which is good because I haven't yet checked whether there's a 2FA app for MeeGo but I doubt it).

Once you transfer a domain, it takes maybe 24 hours for the change to propagate; after that, the losing registrar has no residual effect on the domain or on DNS (Domain Name System) resolution.

Hosting

I found Maciej Cegłowski's "The Five Stages of Hosting" helpful. Right now I'm interested in hosting a reasonably simple joke site, and in learning a bit about sysadmin and deployment, so I want to be able to SSH into a standard-ish Linux machine and set up Drupal or WordPress or similar, and I don't expect my site to need to scale. So I will go with a VPS (Virtual Private Server) provider, under the "dorm room" model in Cegłowski's framing. Stan, my Hacker School colleague who let me interview him to learn this stuff, is most familiar with Linode and Digital Ocean.

I am going to act as my own sysadmin for this site, so I'm going for "unmanaged" hosting. Most VPSes offer you "unmanaged" hosting by default, in which you can only ask the provider, e.g. Linode, for help if the problem is their fault (e.g., "hey, I don't seem to have an IP address anymore!"). "Managed" means you have access to a sysadmin but you pay, say, $100 per month (sometimes less). This person performs tasks such as incident response, fixes if the site goes down at 1am, and help switching you to a new database. The point is that it's cheaper than hiring a full-time sysadmin.

Unmanaged VPS services seem to run about USD$5-20 per month, if they're flat rates, as Digital Ocean provides. (Evidently Digital Ocean caused a bit of a price war when they entered the market, so prices are lower now.) If your VPS operates on a utility model, where you pay for the resources your site consumes, then you have to watch out for spikes that run up your bill. Some services will also offer a backup service, either for free or as a paid add-on.

Linode has a good reputation for very fast customer support; they have often responded to support tickets in under five minutes. Digital Ocean also seems pretty quick. And it's helpful to have a big community of other users who can help you figure stuff out. Linode and DigitalOcean have active IRC channels and web fora, and the Linode Library and Digital Ocean's text resources cover a lot. Amazon EC2 has a huge community of existing users.

Hosting providers also compete on security, or at least they should. Several providers offer two-factor auth. One good signal: having a bounty program, where the company welcomes and pays for vulnerability reports (example: GetClouder's beta program). After watching Matthew Garrett's "Freedom, Security, and the Cloud" talk at Open Source Bridge 2014, I understand that a published security policy also sends a strong positive signal. And I hear that Linode is on its way back up after a few black eyes in this area, and has shored up its security. (Also, some people are beginning to use Docker on production sites, partly for convenient environment management, and partly for additional security. But the Docker developers don't really promise you more security, I gather. And I don't quite get what Docker is, yet, and may look into it. It's not really a virtual machine; it's more like a super-intense and very guarded virtualenv; I'm told it's like a chroot jail but I won't understand that till next week or so.)

For various reasons, security being one of them, when you get an unmanaged VPS, you get a "bare bones" Linux box with, say, vi on it, but not much else. You decide what software you want on that server. And on most VPSes, there's some set of (perhaps community-written) templates, scripts, or recipes for common types of setups you might want, e.g., a simple WordPress blog. These sound a bit like Chef or Puppet to me, but usually aren't. You can activate one of those scripts to run only on the initial boot of the box; you can also write your own, and use includes to nest/point to other scripts. (Since I'm trying to learn a bit of sysadmin, I'll look at those templates, but install the software more manually.) I am not quite clear yet on whether I choose those via the web UI or something more esoteric; maybe it varies per provider.

For some actions you'll need to use the web UI. For instance, once I own my domain name and I have a VPS account and a server set up, I'll need to tell my registrar that my domain's nameservers should point to the hosting provider's nameservers, e.g., ns1.linode.com. And then I'll need to log into the VPS's website and tell them what the IP address of my server is -- evidently there are "zones" and whatnot, but I haven't gotten that far. Stan confessed that he likes Linode's and Digital Ocean's web UIs a lot better than Amazon EC2's.

Speaking of Amazon: I today finally straightened out my understanding of the Amazon hosting services taxonomy!

  1. Amazon Web Services (AWS): an umbrella term for everything.
  2. S3 (Simple Storage Service): just for serving static files.
  3. EC2 (Elastic Compute Cloud): the thing most people are talking about when they mention AWS. It's "elastic" in that you can use software to tell Amazon to bring some more resources online to serve your needs, and you don't need to physically haul plastic and silicon around, but you do need to explicitly manage that elasticity as needs change, as is the case for about all VPSes.

And now I understand more about "elasticity". Heroku et alia (the "Monasteries" as Cegłowski calls them) provide more insta-elasticity, as the provider senses your growing or waning needs and accords you commensurate resources. Many monasteries offer a free tier, but costs can grow rapidly (cost evidently played a part in the RapGenius/Heroku tiff).

(If you just want to run a reasonably simple WordPress/Drupal/similar web app on your site and don't need or want to SSH in, there exist hosts like Dreamhost; one Dreamhost plan offers you FTP plus a web UI. For another variation, you could do what my friend Skud does, and use Dreamhost VPS to get SSH and, say, cron, but not root or sudo. That's a decent compromise for Skud; they can use it for their personal stuff (mostly WordPress and MediaWiki), set cronjobs for backups, write scripts, and generally poke around in the file system, but they can't install stuff or configure major services, since one must set up new user accounts, mailing lists, or web hosts via a web UI config panel.)

So, next step: choosing a provider, spinning up a server, loading it up, and pointing my new domain name at it!

Thanks to Stan Schwertly, a fellow Hacker Schooler, for talking me through a bunch of the hosting stuff! All errors and oversimplifications are my own.

Filed under:


: Kronda Adair and Self-Determination: Donate nowAda Initiative's interview with Kronda Adair reminded me:

I meet lots of people at conferences, and then have a hard time recollecting nearly all their names and faces, even if we've had long, interesting conversations. So, at a recent Open Source Bridge, I stuck my hand out and said "nice to meet you," and Kronda Adair said something like, "Oh we met last year! We had a long talk and you told me to quit my job."

"I what?"

"Oh it's okay, they fired me. But it's totally fine, you were right."

(Or something similar.) Adair went on to start her own business, speak and write about why you should "Stop Crying in the Bathroom and Start Your Own Business", and say,

"There's not a lot of narrative in the tech industry about being able to directly use your skills to benefit people without the overhead of trying to get biased hiring managers to give you a job, or dealing with sexism, racism, homophobia or transphobia on a daily basis. I wanted to model that and show people that it's possible because it's the way that I see myself being able to stay in the industry long term without sacrificing my emotional health."

In order to exercise the four freedoms that F/LOSS guarantees us, we also need economic freedom and nurturing environments. Adair and I have both benefited from the Ada Initiative's work in those areas, and so I'll remind you that you can help: donate now. Thanks.


: If I Did It: As we passed a closed-up storefront, Leonard informed me of the type of restaurant it's turning into, and I allowed as to how that was fine, but I'd rather one of the transforming storefronts in our neighborhood turned into a feminist makerspace.

Leonard pointed out that what I really want is an Ethiopian restaurant. I do. MenuPages knows of no Ethiopian or Eritrean restaurants in Astoria.

But I immediately hit a snag with my fantasy: an Ethiopian restaurant in my neighborhood would potentially propel further gentrification. "How could I make it so that the Ethiopian restaurant is good and all, but doesn't attract even more yuppies like us to live here? How can I make it less appealing to people like us, but in a way that doesn't bother me?"

"How about an Only Sumanas sign?" Leonard suggested.

"But I don't want something de jure, just offputting de facto," I said.

"It's just a sign! It's decorative! It's historical."

"And it's heritage? Leonard are you doing a Confederate flag argument?"

"I kind of went in that direction, yeah."

We discussed some more tactics that would not work, and then Leonard gently suggested that I just accept that sometimes other people like the same things we like.

"But this is just a hypothetical fantasy restaurant! Can't I try to imagine a way that it wouldn't attract even more ..."

"Sumana, you're redlining the imaginary restaurant."

(And it was at this point that I asked for permission to blog.)

Filed under:


: Travel Tips: A few things I do.

  • Never put anything in a seat-back pocket unless you're willing to walk away from it. For me, this means magazines, snacks, and miscellaneous rubbish go in the seat-back pocket on airplanes, buses, and trains, but books, electronics, and durable water bottles don't.
  • To fall asleep on a flight: red wine, pasta, melatonin, sleep deprivation for the previous day, eye mask, hoodie with the hood up, and a sleep playlist that I only ever listen to while going to sleep.
  • Plug and chug: Carrying a two-foot CAT-5 (Ethernet) cable in my electronics zip-top bag comes in handy more often than it would if all Wi-Fi were reliable.


: Pretentious And/Or Portentous: Ramble ramble ramble, in rather an autumnal tradition.

Leonard and I bought a new wall clock Saturday. The thing about living in a super walkable but not absolutely gentrified neighborhood (that is to say, our corner of Astoria) is that we don't have a Williams-Sonoma or something like that within walking distance, so we satisficed pretty quick. For $2.18 (including tax) we got a thing that is nearly certainly made under terrible labour conditions, which now sits above me and sweeps past the seconds.

Later we watched the "In the Cards" episode of Star Trek: Deep Space Nine (Leonard's favourite) and a couple episodes of the 1990s animated Superman TV series. It's so much less interesting than the contemporaneous Batman, which I loved and can still enjoy! I've always preferred Batman to Superman, in that I find stories about extraordinary humans more interesting than stories about gods. More suspense, better balance of power, and more wit. I think Batman:Superman::Yudhisthira or Arjuna:Rama, in that no one in the Mahabharata is as perfect, as much of an idol as is Rama in the Ramayana. But a few years ago I came across some litcrit suggesting that the big interesting question the Ramayana addresses is: how do you reconcile conflicting obligations? And at its best, Superman does that too, e.g., Red Son which shows the urge to utopia leading to tyranny.

I want to describe my internal state, which is a generally optimistic one, but find the words don't come easily. I don't usually think in images but I consistently come back to this imaginary scene, of a grimy encrusted clump breaking up to allow for an unobstructed flow. I've taken to attending a meditation class regularly, and at one session I confessed that I find meditation scary -- what if I let myself change and I do? What if some bit of me that constituted an important part of my identity slips away, because I let it go, or because I looked at it too hard?

And one of the other fellas in the class, who practices meditation to deal with his anger, responded (and I'm paraphrasing): but isn't that the goal of meditation, traditionally? to let go of the illusion of self, to get rid of the ostensible divisions distinguishing us from the other? I took his point, on an intellectual level at least, and then he said, "The less you carry, the further you can walk."

Yes.

In 2012 my colleague said, offhand, "You're an everything person, you just don't know it yet." Which is to say that it's okay to say yes and try something new, that I don't have to run a TSA-style inspection on every new experience or feeling or idea that wants to come inside me. Then, this year, Christie Koehler's advice (in podcast form as well!) about leaving old commitments so as to make room for new ones spoke to me; I left some mailing lists, I changed my job, I left the Geek Feminism bloggers, I limited how much time I'd put into the Outreach Program for Women career advising, and so on. And then a couple of months ago I heard, "The less you carry, the further you can walk," just a little bit before I really did experience that, again, walking (for instance) thirteen hours in a single day, away from the internet, "taking away the usual stimuli so I can hear the susurrations of the self beneath".

And I decided to leave my job, the best job I've ever had, working on the infrastructure of one of the world's most important intellectual resources. My last day there is the 30th and when I go to Wikipedia I can't believe that in just a few days I won't be able to say "we" the way I do right now.

The Hacker School sabbatical last year, the meditation, the practice at letting go of projects and expectations, the Coast-to-Coast walk, all of it contributed to this ongoing disintegration of the anxious mental and emotional hoarding I've been doing since I was a little kid. I am dropping a great deal, really, carrying less and less, and I don't have an Ordnance Survey map to highlight tomorrow's route on each night at dinner. I have skimmed some guidebooks but I think there are things they aren't telling me, elisions and oversights I want to rectify for myself.

How do you reconcile conflicting obligations? To yourself, to the great work, to your household, to those who admire your work and ask your advice? How do you use your power, and your time?

The old clock just had an hours hand and a minutes hand. This new clock we bought has a red seconds hand that sweeps smoothly past the seconds. I counted along with it, one-one-thousand, two-one-thousand, three-one-thousand, four-one-thousand, five-one-thousand, because that red needle seemed to be pivoting just a bit fast. But everything seems to be in order. I am in my mid-thirties now. I have perhaps 40+ years to go. At the moment that I write these words I feel closer than I have for many years to a rapprochement with the fact of mortality; I'll do my bit and then pass on, the choir will take over, and that's okay. Practically speaking, it'll have to be, as none of us get much of a choice.

Filed under:


: Five Things Make A Post: (The LiveJournal/Dreamwidth user community use this title & format a lot; am borrowing from them.)

  1. Freddie Mercury's video for "The Great Pretender" doesn't just use clips from previous Queen videos; it visually quotes them by recreating/reusing the sets and costumes and showing Mercury singing "The Great Pretender" lyrics in those contexts. I spent a few hours this morning looking up, for instance, thoughts on Mercury's desi origins and legacy. Like a lot of Indian-American folks, I grew up idly hearing Queen songs in the background of my life, not knowing his parents were Gujarati. I think back to my life as a disaffected teen, when I was listening to Weird Al Yankovic and the Capitol Steps, unaware of any Indian pop culture figures outside of India, and using HoTMaiL, founded by an Indian, Sabeer Bhatia -- what a different life it might have been if I'd noticed Mercury as a diaspora South Asian role model. (Although he was dead by then.)
  2. Dozens of people have written to the Wikimedia developers' mailing list to say they're sad I'm leaving Wikimedia Foundation. It is nice to know I will be missed.
  3. Leonard and I have richly enjoyed a few episodes of Just One More Thing: A Podcast About Columbo. The "Etude in Black" episode features Mallory Ortberg because of her fantastic essay on Columbo. I've also started enjoying Kumail Nanjiani's The X-Files Files but haven't recently watched nearly as much of the source material and am thus waiting before really diving in. We really live in an amazing era, historically speaking; with a bit of money, I can easily access Columbo, The Dick Van Dyke Show, Queen, Prime Suspect, and so much other rewarding entertainment!
  4. Leonard and I have also gotten a bit into doing crossword puzzles from the American Values Club. Witty and recommended.
  5. An artist has made a Twitter bot that is making a new Anatomy of Melancholy by retweeting tweets that include the word "melancholy".


: The Continuing Adventures (Transitioning From Intern To Volunteer): 2014 WikiConference USA (Group F) 25 By now dozens of women have stepped into open source via Outreach Program for Women, a paid internship program administered by the GNOME Foundation. I recently asked several of them whether they had been able to transition from intern to volunteer.*

Are you succeeding at continuing to volunteer in your open source project? Or are you running into trouble? I'd love to know how people are doing and whether y'all need help.

When you were an OPW intern, you had a mentor and you had committed to a specific project for three months. Volunteering is freer -- you can change your focus every week if you want -- but the training wheels are gone and you have to steer yourself.

(I bet Google Summer of Code alumni have similar experiences.)

I got several answers, and in them I saw some common problems to which I suggest solutions.

  1. Problem: seems as though there are no more specific tasks to do within your project. Solutions: ask your old mentor what they might like you to do next. If they don't respond within 3 days, repeat your question to the mailing list for your open source project. Or switch to another open source project, maybe one your friends are working on!

  2. OPW mentors and interns at Wiki Conference USA 2014 Problem: finding the time. Solutions: set aside a weekly appointment, just as you might with a therapist or an exercise class. Pair up with someone else from the OPW alum list and set yourself a task to complete during a one-hour online sprint! Or if you know your time is being eaten up by your new job, set yourself a reminder for 3 months from now to check whether you have more free time in December.

  3. Problem: loneliness. Solutions: talk more in the #opw chat channel on GNOME's IRC (irc.gnome.org). Use http://www.pairprogramwith.me/ and http://lanyrd.com/ and https://lwn.net/Calendar/ to find get-togethers in your area, or launch one using http://hackdaymanifesto.com/ and http://meetup.com/.

  4. Karen Sandler, GNOME and OPW advocate. Problem: motivation. Solutions: consider the effects you're having in the world. Or focus on the bits of work you enjoy for their own sake, whatever those are. Or teach others the things you know, and see the light spark in their eyes.

These are tips for the graduating interns themselves; it would be good for someone, maybe me, to also write a list of tips for the organizers and mentors to nurture continued participation.


* OPW also provides a list of paid opportunities for alumni.

Filed under:


: On Status: From Susan McCarthy, specifically from her great book Becoming a Tiger: How Baby Animals Learn to Live in the Wild.

Animals learn about individuals through play. If little coyotes cheat, the other pups won't play with them. On the other hand, the dingo Hercules was raised by humans, an only child, and didn't get to play with other puppies. Dingo puppies learn through play fighting with other puppies when to back down. Hercules had a full repertoire of aggressive behaviors but no submissive behaviors. When he was three months old, researchers released Hercules into the wild, where he could play with a litter of five wild dingoes of the same age. The wild pups were baffled by Hercules and his apparent belief that he was invincible. No matter how badly he was losing, he persisted in aggression. "After two days, Hercules displayed no submissive behaviour (essentially because he did not know how to), and became the leader of the group; the wild pups followed his movements and usually submitted passively whenever they made direct contact." - p.54

Becoming a Tiger is charming and warm and informative, and I recommend it.

Also, if you liked that particular quote, you may also be interested in On the Psychology of Military Incompetence by Norman Dixon (my thoughts), Elliot Aronson's The Social Animal, China Mountain Zhang by Maureen McHugh, and How to Be Black by Baratunde Thurston.

Filed under:


: Miscellaneous Links, Nothing To See Here: Things that have crossed my screen recently and I find worth sharing. Hum de dum.

Mel Chua on a single microcosm of the experience of being deaf. Sarah Sharp, very sensibly, suggesting we speed up code review by breaking it up into a few logical phases.

Oh what's this? An introduction, by Leonard and me, in Strange Horizons, to a reprint of Kim Stanley Robinson's head-rockin' short story "The Lucky Strike"? WHY YES IT IS. We're grateful to Strange Horizons for asking us to choose a story to reprint. We chose "The Lucky Strike" for a few reasons. It's gripping and memorable, sure. And Robinson finds a new take on the alt-history WWII story. But "The Lucky Strike" is also one of the best stories we've ever read about complicity, and that's because of how it gets you into the protagonist's head, and what it does to you once you're there. I hope you'll check it out (and, if you can, also find and read the author's associated essay, "A Sensitive Dependence on Initial Conditions").

Well, certainly there won't be anything else my household had a particular hand in. Just more links, a potpourri, you know.

On depression: On understanding high-functioning depression. "Let's talk." How terrible it feels to feel useless. Another person's experience. You can get a mental health speaker at your event, such as Ed Finkler. (Edited 25 September to add: an explanation of the Beck Depression Inventory and what kinds of questions you say "yes" or "no" to if you are or are not depressed.)

Mallory Ortberg's "two monks inventing things" series makes me laugh very hard but also makes me saw "awww" at how the monks teach each other (wrong) things. This Grantland article about a swimmer celebrates human awesomeness in a pretty infernokrusher way, and in case you're into that level of exuberance, you might also run into it in music criticism by or linked to by Matthew Perpetua, and in this old John Darnielle blog post.

I'm thinking a lot about change-making, about how it's worked at Wikimedia in the past and what we need to do in the future, and about leadership and the people who are going in the direction opposite me (that is, I'm going from management to individual contribution, and others are moving the other way). I'm thinking about the responsibility mentors have to interns, about which learning styles the tech industry and open source specifically accommodate more than others, and how that fits in to the learning environments we make, and which of those biases are essential versus inessential weirdnesses.

(Will anyone notice that a few of those are links to my own work? Very few. I move on, furtively, an attention cat burglar.)

In the world of sexism: "So this is the face of harassment. The faces of the men you know, and the faces of the men you respect. How do we create space to talk about that?" What happens when the content at a conference is great but the conduct pushes you away. And the uneven distribution of fun.

And here is a punch-the-air-good Wonder Woman fanvid, and I'm not even a WW fan, or wasn't before I saw this.


(1) : The Ada Initiative, Fanvids I Love, and How I Restarted Ken Liu's Career:

It might be good for the world, though temporarily stressful for one's marriage, to edit an anthology together, as Leonard and I discovered when we created and published our speculative fiction anthology Thoughtcrime Experiments together in 2009.* Despite the risks, maybe you should become an editor. "Reader" and "writer" and "editor" are tags, not categories. If you love a subject, and you have some money and some time, you can haul under-appreciated work into wider discourse, curate it, and help it sing.

Thoughtcrime Experiments cover You can do this with lots of subjects,** of course, but doesn't it especially suit science fiction and fantasy? We love thought experiments. We love imagining how things could be different, with different constraints. I love enlarging the scope of the possible, and both the content and the production of Thoughtcrime Experiments did that. Neither of us had professionally edited science fiction before, we released it under a Creative Commons license,*** and we wrote a "How to Do This and Why" appendix encouraging more people to follow in our footsteps.

Every story needs an editor to champion it. One thing we conclude from this experiment is that there aren't enough editors. We were able to temporarily become editors and scoop a lot of great stories out of the slush pile....

It's well known that there's an oversupply of stories relative to readers. That's why rates are so low. Our experiment shows that there's an oversupply of stories relative to editors. By picking up this anthology you've done what you can to change the balance of readers to stories. I wrote this appendix to show that you've also got the power to change the balance of editors to stories.

Another way to enlarge the scope of the possible is to seek out, publish, and publicize the work of diverse authors.***** But if you don't explicitly say you're looking for diverse content and diverse authors, and make the effort to seek them out, you will fall into the defaults. I ran into this; I did not try hard enough to solicit demographically diverse submissions, and as a result, got far more submissions from whites and men than from nonwhites and nonmen. However our final table of contents was gender-balanced, and at least two of the nine authors were people of color.

And if you do not explicitly mark characters as being in marginalized demographics, the reader will read them as the unmarked state. Here I think we did a bit better. And our selections caused at least one conversation about colonialism, and really what more can you ask?

Mary Anne Mohanraj and Sumana Harihareswara at WisCon in 2009(To the right: E. J. Fischer's photo of me with Mary Anne Mohanraj at WisCon in 2009.) It turns out that Thoughtcrime Experiments made a lot more things possible. For example, we published "Jump Space" by Mary Anne Mohanraj, a story that stars a South Asian diaspora woman. I remember sitting in my brown overstuffed chair in my apartment, reading Mohanraj's submission, completely immersed in the story. As I emerged at the end, I had two simultaneous thoughts and feelings:

  1. This is the first time in a whole life of reading scifi that the protagonist has looked like me. This feels like a first breath after a lifetime in vacuum.
  2. Why is this the first time?
Mohanraj, encouraged by the response to "Jump Space", wrote a book in that universe, and may write more. The summary starts: "On a South Asian-settled university planet" and already my heart is expanding.

And then there's Ken Liu.

It turns out Thoughtcrime Experiments restarted Ken Liu's career. Yes, Ken Liu, the prolific author and translator whose "The Paper Menagerie" was the first piece of fiction to win the Hugo, Nebula, and World Fantasy Award, and who's been doing incredible work bridging the Anglophone and Chinese-speaking scifi worlds. You have us to thank for him. As he told Strange Horizons last year:

I wrote this one story that I really loved, but no one would buy it. Instead of writing more stories and subbing them, as those wiser than I was would have told me, I obsessively revised it and sent it back out, over and over, until I eventually gave up, concluding that I was never going to be published again.

And then, in 2009, Sumana Harihareswara and Leonard Richardson bought that story, "Single-Bit Error," for their anthology, Thoughtcrime Experiments (http://thoughtcrime.crummy.com/2009/). The premise of the anthology was, in the editors' words, "to find mind-breakingly good science fiction/fantasy stories that other editors had rejected, and release them into the commons for readers to enjoy."

I can't tell you how much that sale meant to me. The fact that someone liked that story after years of rejections made me realize that I just had to find the one editor, the one reader who got my story, and it was enough. Instead of trying to divine what some mythical ur-editor or "the market" wanted, I felt free, after that experience, to just try to tell stories that I wanted to see told and not worry so much about selling or not selling. I got back into writing -- and amazingly, my stories began to sell.

There is no ur-editor. It's us.

And there is no ur-geek, no ur-fan. No one gets to tell you you're not a fan, or to stop writing fanwork because it's not to their taste, or that you need to disregard that a work is insulting you when you judge its merits.*****

The Ada Initiative's work in creating and publicizing codes of conduct for conventions, in creating and running Ally Skills and Impostor Syndrome workshops, and in generally fighting -isms in open culture, helps more people participate in speculative fiction. TAI's work is even more openly licensed than Thoughtcrime Experiments was, so you can easily translate it, record it, and reuse it to make our world more like the world we want. For everyone. Please donate now, joining me, N.K. Jemisin, Mary Robinette Kowal, Annalee Flower Horne, Leonard Richardson, and many more. You can help us change the constraints -- help us edit the world.

I'm gonna close out with one of my favorite fanvids, an ode to fandom. This is a different kind of love song / dedicated to everyone.

Donate now


* Some couples can basically collaborate on anything together. Leonard and I, it turns out, can get grumpy with each other when our tastes conflict. Just last night he pointed out that the multi-square-feet poster I presented at PyCon (mentorship lessons I learned from Hacker School) barely fits on the wall in our flat, anywhere, and will be the largest single item of decor we have. My "it would fit on the ceiling" well-actually gained me no ground. I pointed out that it would easily fit over the head of our bed, and mentioned that after all, some couples do put religious iconography there. I backpedaled off this in the face of his utter unconvincedness, and suggested that we *try* it above the TV. It now watches over us, slightly overwhelming. He might be right.

** Maybe you heard about The Aims Vid Album, encouraging and gathering fanvids to the tune of Vienna Teng's Aims? Which is FANTASTIC AND AMAZING and omg have you seen raven's "Landsailor" vid?? I have all the feels about that vid.

*** Although not as free a license as we sort of wished. In retrospect I wish we'd gone for an opendefinition.org license so we didn't have niggling questions about whether our sales counted as commerce, etc.

**** Strange Horizons is seeking out submissions from new reviewers, and a Media Reviews Editor. Why not you?

***** I particularly like Patrick Nielsen Hayden's formulation:

I think it's fine to ignore and not read something because the author has called for harm to you or to people you care about. Art and politics can't ever be completely separated. As a general rule of thumb, when we think our approach to something is politics-free, that generally means the politics are so normative as to be invisible.


about Sumana Harihareswara

Archives


RSS feed
LiveJournal feed
Spam As Folk Art
Identi.ca microblog
Twitter feed

weblog powered by NewsBruiser
Bloggers' Rights at EFFSupport Bloggers' Rights

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.