Cogito, Ergo Sumana

picture of Sumana's head

Sumana Harihareswara's journal


: Help Tell People About Outreachy: I'd like for you to consider doing something for me.

Think about the people in your circles. Your cousins, your neighbors, your friends' kids. Do you know anyone who is trying to figure out how to get ahead in their career, or how to get a foot in the door in the tech industry?

Outreachy logo Then check whether any of those folks are eligible for Outreachy, a paid, mentored telecommuting internship program to help people get started in the open source industry. And "Anyone who faces under-representation, systemic bias, or discrimination in the technology industry of their country is invited to apply."

You can send them a link to the Outreachy applicant guide. Applications for the May to August 2020 round are due February 25.

And even if you don't know anyone who should consider applying, you can put a poster up at a local coffee shop, laundromat, or community college.

I love Outreachy. It's a curated, mentored, paid first step to help grow people's careers and capabilities, and it steadily introduces more diversity -- on many dimensions -- into our teams. Help more people discover it?


: Recompiler is Hiring: The beloved indie feminist print and online magazine The Recompiler is back! New issues are up, and the mag is hiring for help with editing, design (print and ebook), and research. All positions are remote paid contracts, and flexible regarding timing.


: My First Exascale Computing Project Annual Meeting: Some interesting things about attending the Exascale Computing Project Annual Meeting for the first time, and stuff I have learned here so far!

[Edited 1:10pm CT to add: By the way, here is a contextual note for people who don't usually read my blog. I'm Sumana Harihareswara, a project manager and open source consultant who hadn't heard of ECP before November, and who primarily works in Python and outside of government stuff. I haven't done any kind of systematic survey of all ECP participants/attendees so these are my impressions based on people I've talked with and talks I've attended.]

  • Here is the overview of the Exascale Computing Project, which started a few years ago. Giant high-performance computing hardware, software, applications, training, and so on, working a lot at the United States's National Laboratories (like Lawrence Berkeley, Oak Ridge, Argonne, Los Alamos, and so on). Thus there is a lot that is public (for instance, see this report on improving scientific productivity, or this capability assessment), but then there are talks I'm not allowed to attend because I haven't signed the relevant nondisclosure agreement.
  • They contribute a bunch to LLVM and to Spack, a package manager. There are like 6-7 full-time funded people working on Spack [Edited 1:11 CT for correction: no, this is more like 6-7 people who work full-time and who spend at least a chunk of their time on Spack], and dozens of people attended the Spack state of the project/feedback roundtable session. Researchers and developers within ECP are working on a bunch of open source projects (example), some extremely specific to high-performance computing math things, but some more generally useful tools, and many folks in the project would like to get broader publicity and adoption for the latter. There are some opportunities here for cross-pollination, funding, user testing, and de-duplication between work being done by DoE and work being done in the larger open source industry.
  • Exascale Computing Project logoThe ECP is sponsored by the US Department of Energy. And, you know, that means fossil fuels too. There's an Industry Council and ExxonMobil is on it. The National Labs do a bunch of work for DoE and other US government departments -- and for the private clients who can afford it [Edited 1:23pm to correct this; those orgs aren't paying the labs to do work, they're getting to use the facilities just like anyone else could (example)], which is often the fossil fuels companies who want to run simulations having to do with oil and gas. When I've talked to folks here about how that feels weird, I get a variety of responses. Some people point out that there is a National Renewable Energy Laboratory among the ECP Participating Labs, or that the combustion work in the labs helps energy companies figure out how to use gas more efficiently so we burn less fuel, and so on. One person basically said: They're an important industry and it's part of our job to help them; it's the Department of Energy and that means all energy. Another person basically said: As soon as feasible, I want us to not do that work anymore.

    [Edited 1:12pm CT to note: of course these are my personal observations and not a "here is an official position" thing.] I don't think anyone here denies that climate change is happening. I think they're supposed to make an attempt to not use that phrase in official published materials and they're not supposed to talk about it when they go to DC, though. In one talk a speaker mentioned that one of the categories he was listing was "Earth and Space Science -- what we used to call climate." I said, "Sorry, I'm new. What do we call it now?" and got the answer: "Earth Systems."

  • Weapons! Yeah the DoE includes the Office of Science (SC) and the National Nuclear Security Administration (NNSA). And the National Labs do some work for the military, the Department of Homeland Security, National Security Agency, and so on. Also there's some back-and-forth where sometimes people, for instance, start at the Department of Defense and then start working within DoE. Approximately everyone at this meeting is fine with the fact that some of their work (or maybe a lot of their work) has to do with weapons. [Edited 1:16pm and 4:50pm CT to say: so I've been told that this is mega inaccurate and that a buuuuuuunch of people's work here has NOTHING to do with weapons, is just pure open science, that there are several labs where nearly no one directly works on weapons stuff, or that there are several labs where no one does. Also I've been pointed to the DoE budget where only a fraction of the yearly spend goes to NNSA labs, and those labs also do a bunch of open science research. I need to look into this more to understand the nuances. Also, it was pointed out to me that, if I'm saying "this work is not directly weapons work but it is foundational to weapons work," then, one could also justly say that my work in Python also supports weapons research. Yup, it sure does! I am definitely complicit in things I am uncomfortable with! It's complicated.] Again, some people, when I bring this up, point out how much of the work has nothing to do with weapons, or talk about the work of stockpile stewardship as being primarily about safekeeping of and knowledge transfer about nuclear warheads where there is no likely near-term path to the US completely getting rid of them, or talk about defense in a world where nukes are out there and not about to go away. And at least one person said, basically, I have no problem with the weapons stuff and it's cool.
  • The vast majority of people here have doctorates, usually in one of the mathematical, computational, or physical sciences. I haven't seen a single name badge that has "Dr." on it; I think it would take up room and seem egotistical. Also, I am very rarely the only woman in the room, and some of the leadership are women, but I'm often the only person in the room who doesn't know C (or Fortran; the software ECP is writing for or adapting to the new machines is basically 2/3 C and C++, 1/3 Fortran). So my particular configuration of insecurities this week is different than it often is at tech conferences.
  • I am, here, extremely unusual in that I do not work for Department of Energy, one of the National Labs, a university, or a big company that is in the Industry Council. People squint at my badge, which says "Sumana Harihareswara, Changeset Consulting," and ask "where are you from?" And I say "New York City" and they say, "Oh, Brookhaven?" and then I explain that I'm a Better Scientific Software Fellowship Honorable Mention and that I'm working on materials to help people maintain open source software better. On the second day of the conference, I took a pen and added "BSSw" to the badge to help jump-start this process.
  • People here will refer to "a code" to mean an application or a particular simulation, where I might say "a tool". A person might refer to "running industrial codes" or "legacy codes that have been used for decades".
  • One of the kinds of sessions I'm not allowed in is the detailed PathForward stuff; DoE is contracting with chipmakers to do research and development and get big cutting-edge supercomputers for the ECP.
    Following a rigorous review process, six responses were selected for award and contract negotiations began. All six selected responses successfully led to contracts that were awarded and announced in June 2017. The six awardees were Advanced Micro Devices (AMD), Cray Inc. (Cray), Hewlett Packard Enterprise (HPE), International Business Machines (IBM), Intel Corp. (Intel), and NVIDIA Corp. (NVIDIA).

    HPE has bought Cray so that reduces the competition among these vendors -- and the redundancy in case one of them delivers late, goes bankrupt, or what have you.

  • Some people who are not US citizens work at the National Labs, including the more weapons-centric ones. [Edited 1:13 CT to note: I said "many" originally, but this is not to say that non-US-citizens are a majority! There are thousands of people working at the National Labs; "many" does not mean "most," just, like, there are some. I don't have exact numbers here and am changing "many" to "some".] They are open to hiring people from other countries. Also, National Labs employees are kiiiiiiiinda US government employees and kinda not in a way that I don't understand well enough to explain. But there are national security projects within the US government that would appreciate if more US citizens got into science and engineering research -- hence, for example, the National Science Foundation Graduate Research Fellowship Program (GRFP) which

    helps ensure the vitality of the human resource base of science and engineering in the United States and reinforces its diversity. The program recognizes and supports outstanding graduate students in NSF-supported science, technology, engineering, and mathematics disciplines who are pursuing research-based master's and doctoral degrees at accredited United States institutions.

    Fellows share in the prestige and opportunities that become available when they are selected. Fellows benefit from a three-year annual stipend of $34,000 along with a $12,000 cost of education allowance for tuition and fees (paid to the institution), opportunities for international research and professional development, and the freedom to conduct their own research at any accredited U.S. institution of graduate education they choose.

    And they don't require a GRE score, by the way. Also you can sign up to help review applications!

  • The researchers at the National Labs, like a lot of scholars within academia, care about getting papers published, and sometimes that gets in the way of good maintainership for their open source projects. For instance, if you are worried that sharing your feature roadmap for your open source tool will let someone else get the jump on you and get a paper submitted sooner, you might hold that information kinda secret, which makes it more likely users will duplicate that work in their own forks.
  • The different National Labs have different cultures and "the further they are from a city, the weirder they get".

Thanks to BSSw for bringing me here! [Edited 4:57pm CT to add: I went on so long about these pseudo-anthopological observations that I need to start a new entry about cool tools I found out about here! Hope that will be next.]


(1) : MOSS Video, BSSw Honorable Mention, and The Maintainership Book I Am Writing:

Video

Mozilla interviewed me about the Python Package Index (PyPI), a USD$170,000 Mozilla Open Source Support award I helped the Python Software Foundation get in 2017, and how we used that money to revamp PyPI and drive it forward in 2017 and 2018.

From that interview, they condensed a video (2 minutes, 14 seconds) featuring, for instance, slo-mo footage of me making air quotes. Their tweet calls me "a driving force behind" PyPI, and given how many people were working on it way before I was, that's quite a compliment!

I will put a transcript in the comments of this blog post.

(Please note that they massively condensed this video from 30+ minutes of interview. In the video, I say, "the site got popular before the code got good". In the interview, I did not just say that without acknowledging the tremendous effort of past volunteers who worked on the previous iteration of PyPI and kept the site going through massive infrastructure challenges, but that's been edited (for brevity, I assume).)

This video is the first in a series meant to encourage people to apply for MOSS funding. I mentioned MOSS in my grants roundup last month. If you want to figure out whether to apply for MOSS funding for your open source software project, and you need help, ping me for a free 20-minute chat or phone call and I can give you some quick advice. (Offer limited in case literally a hundred people contact me, which is unlikely.)

BSSw

The Better Scientific Software (BSSw) Fellowship Program "gives recognition and funding to leaders and advocates of high-quality scientific software." I'm one of three Honorable Mentions for 2020.

The main goal of the BSSw Fellowship program is to foster and promote practices, processes, and tools to improve developer productivity and software sustainability of scientific code. We also anticipate accumulating a growing community of BSSw Fellowship alums who can serve as leaders, mentors, and consultants to increase the visibility of those involved in scientific software production and sustainability in the pursuit of scientific discovery.

Exascale Computing Project logoThat's why I'll be at the Exascale Computing Project Annual Meeting next week in Houston, so if you're there, I hope to meet you. In particular I'd like to meet the leaders of open source projects who want help streamlining contribution processes, growing more maintainers, managing communications with stakeholders, participating in internship projects like Google Summer of Code and Outreachy, expediting releases, and getting more out of hackathons. My consulting firm provides these services, and at ECPAM I can give you some free advice.

Book

And here's the project I'm working on -- why I received this honor.

In 2020, I am writing the first draft of a book teaching the skills open source software maintainers need, aimed at those working scientists and other contributors who have never managed public-facing projects before.

More than developer time, maintainership -- coordination, leadership, and management -- is a bottleneck in software sustainability. The lack of skilled managers is a huge blocker to the sustainability of Free/Libre Open Source Software (FLOSS) infrastructure.

Many FLOSS project maintainers lack management experience and skill. This textbook/self-help guide for new and current maintainers of existing projects ("brownfield projects") will focus on teaching specific project management skills in the context of FLOSS. This will provide scalable guidance, enabling existing FLOSS contributors to become more effective maintainers.

Existing "how to run a FLOSS project" documentation (such as Karl Fogel's Producing Open Source Software) addresses fresh-start "greenfield" projects rather than more common "brownfield", and doesn't teach specific project management skills (e.g., getting to know a team, creating roadmaps, running asynchronous meetings, managing budgets, and writing email memos). Existing educational pathways for scientists and developers (The Carpentries, internships and code schools) don't cover FLOSS-specific management skills.

So I'm writing a sequel to Karl's book -- with his blessing -- and I'm excited to see how I can more scalably share the lessons I've learned in more than a decade of leading open source projects.

I don't yet have a full outline, a publisher, or a length in mind. I'll be posting more here as I grow my plans. Thanks to BSSw and all my colleagues and friends who have encouraged me.


: Everyone Has Bugs To Report, Everyone Has Bug Reports To Accept: I was partway through college. I was taking a class about US films of 1939 and their social/historical context. The professor said something in a lecture about Upton Sinclair. I went to his office hours and checked: had he meant Sinclair Lewis? He had! And in the next lecture, he said: I made an error last time, I said Upton Sinclair when I meant Sinclair Lewis in [context], Sumana corrected me, thanks Sumana!

And then several weeks later, we were discussing some movie and I raised my hand and said something about a male character seeming "effete" but I pronounced it like "eff et", like the "ette" part was like how you pronounce the end of "suffragette". I think I'd never heard it aloud before, just read it. Classic autodidact pronunciation mistake.

And Professor Michael Rogin said: what?

And I said: Effete. Like, effeminate.

And he said: Oh, you mean effete! [And he pronounced it like "ef-feet".] But you corrected me about Sinclair Lewis before, so it's fine. And then we carried on the actual conversation and I didn't feel bad. It was like: well, we've both made mistakes and corrected each other, and we're fine, and let's talk about the substantive point now.

I'm using italics instead of quotation marks here because I'm sure my memory is paraphrasing. My point is: Professor Rogin, you made me feel okay about taking that particular bug report, may you rest in peace, and I still remember the nonchalant humility and self-confidence you demonstrated and encouraged in me.

Filed under:


: 10+ Years Later: Back in 2009, my spouse and I edited and published an anthology of original speculative fiction and art called Thoughtcrime Experiments (here's why, and how you can do it yourself).

I wrote some followup posts: a few months later, a little after that, one year later, four years later, five years later. It cheers me whenever I meet one of our authors or artists in person. And I get to brag about the Ken Liu story we published and how (as he keeps saying) TE publishing that story was a huge turning point in his writing career.

There's a newish New York Times piece today about Liu's work as a translator, bridging the worlds of English- and Chinese-language scifi. His experience, fame, and connections as an author of speculative fiction help him advocate for Chinese-language science fiction in Anglophone markets.

We planted seeds more than a decade back, and they're still sprouting.

In the last few years I made, encouraged, and promoted performance art about making technology. This year I'm handing those responsibilities over to others, passing the baton to title of conf and other events, so I can concentrate on my clients, my family, and writing about open source maintainership.

So I've just set a calendar reminder for myself, for 2030, to ask myself: how is the legacy of "The Art of Python" doing?

I don't have a ten-year plan. But I have at least one ten-year question.

Filed under:


: An Annotated Bibliography of the Inside of My Head: A friend suggested:

You know those books that you can’t stop thinking about, won’t shut up about, and wish everyone around you would read? The ones that, if taken in aggregate, would tell people more about you than your resume?

So, per request, this is a "list of books that you recommend over and over... the handful of books that you ENDLESSLY recommend, or refer to, or what have you," but since I have a cold, this is late and somewhat unlinked and VERY non-comprehensive. And I reviewed many of these books at more length in my Reading tag.

  • Making Software: What Really Works, and Why We Believe It, edited by Andy Oram and Greg Wilson. If you are a technologist, skim at least the table of contents and you'll see something that will help you work better and/or win an argument.
  • Getting to Yes by Fisher and Ury: gave me a framework for doing negotiation, including in those moments I might not have realized were negotiations.
  • Perfecting Sound Forever by Greg Milner. Here's Scott Rosenberg's review. I listen to music all the time; this gave me a new dimension on which to appreciate it.
  • In A Different Voice by Carol Gilligan. How do you reason about your moral choices? What are the ways we might reason differently?
  • The Dispossessed by Ursula Kroeber Le Guin. What personalities, dilemmas, approaches would you see and struggle with if you really tried nonhierarchical cooperative modes of making civilization together?
  • The Left Hand of Darkness, again by Le Guin. Such a great road buddy story.
  • Steerswoman series, by Rosemary Kirstein - my review & recommendation post.
  • China Mountain Zhang by Maureen McHugh. Labor, vulnerability, travelogue, queer love, goats on Mars, entrepreneurship, people finding ways to make our lives work in the aftermath of epochal change.
  • The Great Arizona Orphan Abduction by Linda Gordon. A fascinating, awful tale interweaved with explanations of ways religion, race, class, gender, and geography played into what happened.
  • Dear Genius, the letters of Ursula Nordstrom. Short review here.
  • How To Win Friends and Influence People by Dale Carnegie. My memoir/review.
  • Slow River by Nicola Griffith. Like China Mountain Zhang, about rebuilding one's life, engineering, learning to have healthy relationships, and making a place for oneself in a massively screwed-up world.
  • Producing Open Source Software by Karl Fogel. The basics that every open source software maintainer should know.
  • Notes On Nursing: What It Is, and What It Is Not by Florence Nightingale. Nightingale focuses on executive energy, attention, and putting the proper processes into place such that patients (employees) have the resources and quiet they need to get better (do their work). Once you get to a certain administrative level, instead of solving problems ad hoc you have to think strategically. "How can I provide for this right thing to be always done?"
  • Bury the Chains: Prophets and Rebels in the Fight to Free an Empire's Slaves by Adam Hochschild. A really inspiring tale of the British abolition of the slave trade and slavery. Reminds us that social justice battles are winnable. And reminds us of the historical connection between civil rights and women's rights. Hochschild specifically wrote to remind us that activists really can achieve what seems impossible. We've done it before and we will do it again. There will be setbacks and challenges and half-steps and repetitions over and over.
  • Ben Franklin's Autobiography. So subtle and perceptive about how to change oneself and how to persuade others, and about the folly you'll run into along the way.
  • The Great Gatsby by F. Scott Fitzgerald. Empirically a book that fits the brief. Tells me more about how a certain subset of people think every time I read it.
Filed under:


: Some More Grants for Open Source Work:

This is a followup to my 2014 post on grants you could apply for.

Several foundations and funders are seeking applicants who are working on free and open source software projects. I am listing a small sample here to illustrate project eligibility and available funding levels. Any financial amounts are in US dollars unless I say otherwise.

About to open

Chan Zuckerberg Initiative's Essential Open Source Support for Science. Open source projects that are in some way foundationally useful to biological and medical researchers.
Deadline: Next round opens 17 December (in 2 weeks). Expect it to take a few months to find out whether you've been selected, then finalize and award. (In the first round, we applied by August 1 and then learned of acceptance in October, with the earliest project start date possible being 1 December.)
Amount: between $50,000 and $250,000, for 1-year projects. In the award I just helped pip apply for, they awarded $200,000.

Currently open

Mozilla Open Source Support (MOSS) Awards. I have some experience successfully applying for the Foundational Tech track ("supports open source projects that Mozilla relies on, either as an embedded part of our products or as part of our everyday work"), but they also fund "open source projects that significantly advance Mozilla's mission" and "security audits for open source software projects, and remedial work to rectify the problems found".
Deadline: monthly, rolling applications. Expect it to take at least a few months to finalize & award.
Amount: historically between $5,000 USD and $150,000 USD; it's going to be pretty hard to ask for more than $250,000 USD. In the award I just helped pip apply for, they awarded $207,000.

Comcast Innovation Fund. Seeks to "Create or advance important open-source projects".
Deadline: rolling; not sure how long notification/payment takes.
Amount: $150,000, one-year.

NLNet. They are particularly interested in projects that improve the Internet (see their themes).
Deadline: frequently rolling; next is February 1, 2020; notification within a few months
Amount: up to 50,000 euros (about $57,000 USD)

Python Software Foundation. The PSF gives out grants especially for outreach and diversity work, but also funds some other open source work.
Deadline: Rolling. Request money at least 6 weeks before you need it.
Amount: "no set maximum, but..." plus more guidance is in the FAQ.

Open Technology Fund. Several different funds , including the "Core Infrastructure Fund" which "supports the 'building block' technologies, infrastructures, and communities relied upon by digital security and circumvention tools strengthening Internet freedom, digital security, and the overall health of the Internet." Also note OTF's Red Team for security audits.
Deadline: Varies. Initial submissions for the next round of CIF are due January 1, 2020.
Amount: Varies. CIF goes from $5,000 to $300,000. The PSF got $80,000 for PyPI improvements from OTF (I helped write the grant proposal).

OpenHumans. "Explore, analyze, and donate your data -- doing research together!" Grants are available if you "have a project that might help grow the Open Humans ecosystem".
Deadline: "No application deadline: This opportunity remains open while funds last."
Amount: Up to $5,000 USD.

America's Seed Fund -- National Science Foundation -- SBIR | STTR. "Since 1977, America’s Seed Fund powered by NSF (also known as the NSF SBIR/STTR program) has helped startups develop their ideas and bring them to market." "Small Business Innovation Research" (SBIR) and Small Business Technology Transfer (STTR) offers "Seed capital for early stage product development". I only heard of this because their funding supported Kandra Labs, the makers of Zulip.
Deadline: I think there are several different ones depending on the specific solicitation.
Amount: Up to $1.5 million.

Edited 10 December to add: Ruby Together. Thanks, Stephanie Morillo, for the addition! Open source projects that "benefit the Ruby community" are eligible. "We are happy to fund both boring work like triage and bugfixes as well as exciting work like creating new tools that have never existed before."
Deadline: Rolling, reviewed every three months.
Amount: Between $3,000 and $30,000.

Future/further research

The Open Source Center within the Digital Impact Alliance gives out grants. They're interested in helping both projects that specifically target humanitarian/international development needs and upstream software that undergirds that kind of work, funding (in a past round) "Enterprise-Level Quality Improvements", "Multi-stakeholder Collaboration", "Platform Building and Generalization", "Product Consolidation", and "Managing Upstream Dependencies and Downstream Forks". "For as many as 5 grant awards, DIAL anticipates providing up to $900,000 USD total and up to 480 hours total of complementary in-kind technical assistance through participation in the Open Source Center program. This award is expected to span six months of project activity, with an option to extend." They answered some questions in this OSC forum thread.

Maybe Segment will sponsor an Open Fellowship again at some point.

The Open Society Foundation gives out relevant grants.

The Shuttleworth Foundation fellowship applications open on 1 August 2020.

The annual Better Scientific Software (BSSw) Fellowship Program will open for applications in mid-2020.

The Ford Foundation is encouraging public interest technology and points to other orgs doing that funding.

Applying does not have to be too scary

Everyone who applies for a grant has to at some point write their first grant proposal. It will often feel tricky for people who haven't done it before! But it is doable. Asking questions on any relevant forum, looking at sample documents and training resources, and talking to someone who's done stuff like this before (I have) will help.

Try translating application requirements into plainer language to help you understand how to answer them. For example:

"Proposal including Concept for project in consideration of grant objectives and merit criteria": what is it you want to do, and why does it suit the criteria we have set out?

"Budget and Budget Narrative": how much money do you need, and how will you go about spending it?

I do grantwriting, and you can ask me for a free 30-minute consultation to help you figure out what to apply for. Hope this helps!


: A Heritage: I was talking with a friend earlier today about how I've come to understand some different temperaments and skills I inherited from my different parents.

And the specific thing I am reflecting on now is how very into learning and teaching I am, and their two influences showed up differently in my childhood.

My mom was a teacher from the time she was a teenager. She developed curricula, she's worked as a teacher or as a volunteer for so many stints, she's gotten so much pleasure out of regularly meeting and working through a course of instruction with people and helping them grow more capable.

And my late father loved learning, and was an enthusiastic independent scholar of eclectic topics, and loved passing that knowledge on ... anywhere and everywhere was a stage for this sage. In writing, in formal and informal lectures, anytime -- he loved telling you stuff he knew. What a waste it would be not to!

And so here I am.

Filed under:


: My New Title, Improving pip, Availability For Work, And SSL (No, The Other One): A few professional announcements.

Seeking developers for paid contract on pip; apply by Nov. 22

One is that I helped the Packaging Working Group of the Python Software Foundation get funding for a long-needed improvement to pip. I led the writing of a few proposals -- grantwriting, to oversimplify -- and, starting possibly as soon as next month, contractors will start work. As Dustin Ingram explains:

Big news: the Python Packaging Working Group has secured >$400K in grants from multiple funders (TBA) to improve one of the most fundamental parts of pip: its dependency resolver. https://pyfound.blogspot.com/2019/11/seeking-developers-for-paid-contract.html

The dependency resolver is the algorithm which takes multiple constrained requirements (e.g. "some_package>=1.0,<=2.0") and finds a version of all dependencies (and sub-dependencies) which satisfy all the constraints.
https://pip.pypa.io/en/stable/user_guide/#requirements-files

Right now, pip's resolver mostly works for most use cases... However the algorithm it uses is naïve, and isn't always guaranteed to produce an optimal (or correct) result.

.....

These funds will pay multiple developers to work on completing the design, implementation and rollout of this new dependency resolver for pip, finally closing issue #988.

Not only will this give pip a better resolver, but it will "enable us to untangle pip’s internals from the resolver, enabling pip to share code for dependency resolution with other packaging tooling". https://pradyunsg.me/blog/2019/06/23/oss-update-1/

This is great news for pip and Python packaging in general. Huge shout out to @pradyunsg for his existing work on the resolver issue and guidance here, and to @brainwane for all her tireless work acquiring and directing funding for Python projects.

If you or your organization is interested in participating in this project, we've just posted the RFP, which includes instructions for submitting proposals, evaluation criteria and scope of work.
https://github.com/python/request-for/blob/master/2020-pip/RFP.md

If you're interested, please apply by 22 November.

NYU, Secure Systems Lab, and my new title

Working at the new space on NYU Tandon's campus, left to right: Sumana Harihareswara, a volunteer with the PSF's Packaging Working Group, a contracted project manager for the Python Packaging Index, and a visiting scholar in NYU Tandon Professor Justin Cappos's Secure Systems Lab; Stephanie Whited, communications director for the Tor Project and visiting researcher in the Secure System Lab; and Santiago Torres, a computer science doctoral candidate working in the Secure Systems Lab. Photo by NYU publicity.In further news: I am now a visiting scholar in Professor Justin Cappos's Secure Systems Lab at New York University's Tandon School of Engineering. And I get to use an office with a door, shelves, whiteboards, and so on (per the picture at right). If you contribute to Python packaging/distribution tools and live in/near or sometimes visit New York City, let me know and perhaps we could cowork a bit?

The Secure Systems Lab stewards The Update Framework (TUF) and related projects, and works to improve the security of the software supply chain. The Python Package Index is likely going to implement TUF to add cryptographic signatures to packages on PyPI, and so I've gotten to give TUF's developers some advice to help that work move along. (I won't be the manager on that project but I'll be watching with great interest.) PyPA may also choose to use more of SSL's work in implementing further security improvements to the package distribution toolchain, and I'm learning more to work out whether and how that could happen. Also, Cappos's research on backtracking dependency resolvers has been helpful to the pip resolver work.

Edited 19 Nov 2019 to clarify role.

PSF projects

I'm grateful to get to help connect the Python Software Foundation with more resources and volunteers. Changeset's current and recent projects have mostly been for the PSF. Last month we finished accessibility, security, and internationalization work on PyPI that was funded by the Open Technology Fund, and Changeset's work on communicating about the sunsetting of Python 2.x continues and will go through April 2020.

Availability for one-day engagements in San Francisco in February

But I am interested in taking on new clients for short engagements starting in February 2020. In particular, I will be in the San Francisco Bay Area in mid- to late February. If you're in SF or nearby, I could offer you a one-day engagement doing one of the following:

  • developing a contributor outreach/intake strategy
  • researching potential funders and writing a rough draft of a grant proposal
  • auditing and improving your developer onboarding documents

I'd spend a little time talking with you, then sit in your office and finish the document before leaving that afternoon. (Photo at right provides a sample of how I look while sitting.) Drop me a line for a free initial 30-minute chat and we can talk pricing.


: Art of Python Seeking Organizers for 2020: In May, I chaired "The Art of Python", a festival of arts about programming that took place at PyCon North America. People presented short plays, monologues, songs, and a video remix that explored how it feels to program and play with Python.

I am very glad I did it! But I have to concentrate on other projects now.

I cannot be one of the co-organizers for "The Art of Python" at PyCon North America in 2020; I hope someone else steps forward to lead it so it can take place again. If you want to organize "Art of Python" at PyCon 2020, please submit a Hatchery proposal as soon as possible. The deadline for Hatchery proposals is January 3, 2020. If you are interested but need help to do it, post about that someplace public -- your blog, Twitter, etc. -- and tell me, and if I hear from multiple people, I'll put you in touch with each other.

To help: I have written up a retrospective and HOWTO document about "The Art of Python". It's in two parts: "Why I Did This" and "How I Did This".

As I say in there: I saw a lack. I was not and am not a professional playwright, performer, or festival planner. But I didn't have to be, and you don't either. You don't have to be a professional performer to show what you experience when you're programming -- you just need a stage, and I wanted to create the stage. And now we have. I hope the show goes on.

Thanks to Kim Wadsworth and Leonard Richardson for editing help.


: Availability Update for October: I'm going to be off social media a lot between October 4th and about October 30th. Please email if you want to reach me - https://www.harihareswara.net/ & https://changeset.nyc/#contact have my address - but I will probably be slow & terse in response.


: The Breath Before: A few days ago, Leonard and I went to see a movie at our local museum/arthouse theater. We settled into our seats and turned off our phones and chitchatted, and I mentioned a funny line from a Paul Ford interview.

A curator came in to briefly introduce the film, and mention the film series this screening was part of, and to tell us that the director would be there in person for a screening of another film several days from now. An appreciative "oooh!" rippled through the crowd.

And then the lights went down and everyone hushed and looked forward and the movie was about to start. And then it did, and it was fun, but the moment I most treasure was that little tiny moment of civilization where we were all waiting together in anticipation.

Filed under:


: Cambrian explosion of discussions about the future of software freedom: In 2009, Dreamwidth user rydra-wong did the great favor of making link roundups to help people keep track of a distributed conversation happening on lots of people's blogs about a current controversy.

I'd love for someone to take up that kind of work ("linkspam" roundups) or point to something similar, a Pinboard tag or a TagTeam instance/tag/team, to help us all see people writing about the future of open source software licensing. This post by Molly de Blanc and this one by Karl Fogel, for instance.

Edited on 25 November to add: Thank you, Audrey Eschright, for doing this!


: Futureproofing Your Python Tools: The people who maintain Python and key Python platforms want to help you protect the code you write and depend on.

If you write software in Python, or depend on something that's in Python, this is for you.

Some of you are writing Python 2, or you still have software you depend on that is written in Python 2. January 1st, 2020, is the day that official support for Python 2 stops. So this is a fresh heads-up that you should really have a migration plan and start working on it, to move to Python 3. A lot of stuff you depend on already works on Python 3, and is even pledging to end Python 2 support in or before 2020. And it's easier than it's ever been to port your own code from 2 to 3.

You should probably upgrade to Python 3.7. If you want to test out 3.8, it has some changes in how it does warnings, and the first release candidate is out.

But, speaking of futureproofing:

Code authors move in and out of projects and companies. Six months or 18 months later, maybe you want to update and re-use, re-release or re-deploy code someone else wrote. Or you want your team to be able to reuse what you did after you leave, which means you need the code to run, and you need them to have the password so they can update stuff.

Have you written Python code that they have published as a package on the Python Package Index, pypi.org, so other people can use pip install to install it?

(And if you want to do that but don't know how? Check out this recently improved tutorial to help you do that.)

Publishing that package is a great way of making it so other people can run and deploy it, even within other parts of your organization.

But -- who actually has the keys to the castle? Who can upload a new version, or delete a version that has a problem?

You should probably make sure multiple people have either "owner" or "maintainer" privileges on the project on PyPI.

And you should review your project security history display, which lists sensitive events (such as "file removed from release version 1.0.1") in your PyPI user account and your PyPI project. We just added this display, so you can look at things that have happened in your user account or project, and check for signs someone's stolen your credentials.

And then how do you make it a little harder for vandals, spammers, and thieves to take over your account and upload malware or delete all the packages? Add two-factor auth for your login, like you would with your bank. Use an app on your phone to give you a six-digit code, or use a physical security device like a Yubikey.

And how do you make it easier to automate publishing new versions of your package, and make it safer to save your credential in the cloud? We've made it possible for you to create an "API token" where all it can do is upload, so you can use that instead of your PyPI password.

With well-tested Python 3 migration tools and new PyPI security features, now is a great moment to invest in robustness for Python software that you make or depend on.

[This blog post is kind of unwieldy, because it's about too many different things. I won't be publicizing it that much and instead will probably reuse text from it in more focused announcements elsewhere. But I'm publishing it here as a summary of my recent work, because management and communications for the projects above are what I've been working on recently for the Python Software Foundation. (A different kind of summary is on the Clients page for Changeset Consulting.)]


(1) : When/How Do People Decide To Apply To CS Grad School?: I'm trying to understand how people decide to go to CS grad school in the US. For instance, what proportion of PhD applicants are coming straight from undergrad, versus another graduate degree (such as an MS in math), versus industry? Do they generally decide first on what they want to research, whom they want to work with, or that they want to go to grad school at all? I presume there is a survey of this somewhere?

I've found the Computing Research Association's Center for Evaluating the Research Pipeline's report on why grad students choose computing, and I've also looked at the National Center for Science and Engineering Statistics website. I have found a little data on what proportion of doctoral recipients were previously in a baccalaureate program, a master's program, or industry, but not about what proportion of applicants, or accepted applicants, come from those categories.

Any pointers?

(Maybe there's paywalled research on this within the ACM's special interest group on CS education? If so, lemme know and I will try looking for that?)

The reason I am asking this is to help professors and guidance counselors I know (maybe you've heard that Outreachy has a new career advisor). They want to improve their abilities to help students and programmers consider research careers, and better target their outreach consider applying to specific graduate programs. How does the engagement funnel currently work? And thus, where are the gaps? I presume there are a bunch of people who would do well in grad school, and find it fulfilling, and use their research and their degrees in ways that would benefit the world, but no one ever says to them "hey have you thought about going to grad school," so they don't think of it as a possible thing for them.

Filed under:


: Kickoff for Communications Work on the Python 2 Sunsetting: Python's 2.x line will reach End of Life on January 1, 2020, meaning that the maintainers of Python 2 will stop supporting it, even for security patches. Many institutions and codebases have not yet ported their code from Python 2 to Python 3. And many of them haven't even heard yet about the upcoming EOL. Volunteers have made many resources to help publicize and educate, but there's still more work to be done.

So the Python Software Foundation has contracted with my firm, Changeset Consulting, to help communicate about the sunsetting of Python 2. The high-level goal for Changeset's involvement is to help users through the end of the transition, help with communication so volunteers are not overwhelmed, and help update public-facing assets so core developers are not overwhelmed.

During this project (starting now and going till the end of April 2020), Changeset's goals are:

  • Create a concise page on python.org giving community guidance on the why and what of EOL
  • Create and publicize a formal press release through the PSF
  • Audit and update every mention of Python 2 on python.org, including in documentation and the wiki
  • Develop a plan to handle redirecting https://docs.python.org/2/* (especially deep links)
  • Publicize the new "what's up with EOL" page to a variety of audiences, respond to questions, and keep the page updated until PyCon US 2020 based on questions that come up

So, towards those goals, you'll see me with my colleagues:

  • Researching, writing, and editing technical documents and the press release
  • Corresponding with stakeholders, writing and publishing announcements and other communications in multiple media
  • Initiating and facilitating meetings (I will try to make them very minimal and short; if I invite you, please let me know your response)
  • Filing, triaging, labelling, prioritizing, and linking issues, such as in the website repo

For accountability, Changeset will provide reporting via:

I'm going to be asking for a lot of help along the way from the Python community: meeting with us, answering our questions, double-checking our drafts for accuracy, publicizing that EOL page to your circles, setting up some parties for January 1st. Thanks in advance and let's get the Python user base further along towards enjoying the shininess of Python 3.


: Background Music: So in my household we have a zillion little shared references, and some of those are about pop songs of the late 20th century. For instance, if we're in a restaurant or something and we hear "Higher Love" by Steve Winwood (I just had to look that up, it's not like I knew the name of the song or the artist already), we laugh because of the time Leonard pointed out that the main lyric kinda sounds like a complaint a customer might give a server.

Bring me a higher love
This love is insufficiently high
Leave bad review on Yelp

(Upon a full listen: the synth riff from 3:04 to 3:11 reminds me of the start of the Doogie Howser, M.D. opening theme. A lot of the folks I meet are not people who went to schools in the US in the late 1980s/early 1990s while younger than approximately everyone else in their grade cohort, and thus they did not experience being called "Doogie". Nor did they experience Head of the Class which was -- for me -- sympathetic representation of book-smart nerddom in mass media. Not sure I'd feel that way if I re-watched it now.)

Every once in a while we go use YouTube to watch the music videos for songs that are in sort of the "you will hear these in public spaces in the US" canon but that we've never really listened to. Always feels like popping the hood in a car where up till now I've just been a passenger.


: Comparing Y2K and Climate Change: When you know there's a big upcoming threat, how do you get big institutions to commit and follow through? And in particular, how useful is it to frighten whole populaces?

I looked into a specific claim on this topic today because a MetaFilter member compared climate change to the Y2K bug, and said,

from my POV as a computer geek who saw what it took to get the... very fine people... in management moving was panic and doom saying....

...those calm and measured meetings only took place because of the general panic. If they were going to have calm rational meetings without the outside pressure of people convinced their toasters would explode (or whatever) they'd have done it earlier.

From my POV panicking the masses, while not good, was literally the only reason the billionaires paid the slightest attention to the problem. The billionaires and the rest of the management types didn't panic, or not much anyway, but their non-panic reaction was produced entirely by the panic.

So I wanted to double-check whether that is in fact the dynamic that actually happened back in the 1980s and 1990s. Was the causality fairly simple, or was the course of events was shaped by lots of conversations among regulators, shareholders, customers, boards of directors, etc. that weren't as visible to a working engineer's point of view?

So I started looking for a little more research and data about Y2K mitigation/prevention decisionmaking especially on the institutional level, beyond the US Senate special committee report. This question -- what caused institutions to take Y2K seriously? -- seemed like the kind of thing historians of technology and organizational sociologists and political scientists must have studied. I did some digging and here are some things I think are useful to consider:

  • Y2K was a technology problem at heart, and so IT investment, where IT sat in an organization, senior leaders' attitudes towards IT, etc. were factors that slowed down planning & compliance.[1]
  • Banks, for instance, found it hard to get their customers/users to understand the importance of Y2K compliance, because it was an abstruse technological issue.[2]
  • Getting companies to actually act involved some amount of influence/pressure from the outside, especially from the mass media and from regulators, state and federal agencies, and industry-wide consortia and working groups (including credible experts talking about the risk of legal liability), but also people inside companies needed to believe that the threat was not being overstated by doomsayers or IT departments seeking more turf.[3] [4] [5]
  • Auditors at private companies -- whose work was often required by insurers -- did lots of disclosure, separately from anything customers or the public at large demanded via grassroots action.[6]
  • Y2K was a software problem, and so countries that made a lot of stuff but made and used way less software didn't need to do nearly as much to address it. I see a bunch of stuff in the Y2K prep literature about the US and the UK, and way less about, for instance, China.
  • Companies in countries with stronger political rights and civil liberties disclosed more about their Y2K preparedness.[7] I'd assume that disclosure made market pressure more possible (from investors and customers) but I haven't researched it.

Apologies for how much of that research is behind paywalls.

I only looked at this for a few hours but (a) I think there are a lot of important differences between the structure of the Y2K problem (and its mitigations) and climate change, and (b) I believe the story's a lot more complicated than "mass panic -> billionaires finally paid up". I think widescale media attention to the concern played a big part in directly motivating regulators and institutional decisionmakers, and grassroots concern in the general public (as citizenry and as customer base) played a part in that, but it looks like insurers and auditors and industry groups were also really crucial. To sum up, yeah, we have lessons to learn from Y2K -- I'm drawn to Bob Bennett's phrasing, that we must be Paul Revere but not Chicken Little -- but I'm very hesitant about drawing the conclusion that literally panicking the world's populaces is the only way to drive climate change mitigation.


[1] Ho, A. T.-K., & Smith, J. F. (2001). Information Technology Planning and the Y2K Problem in Local Governments. The American Review of Public Administration, 31(2), 158–180. https://doi.org/10.1177/02750740122064901
[2] Huang, J. C., Newell, S., & S-L, P. (2001). The process of global knowledge integration: A case study of a multinational investment bank's Y2K program. European Journal of Information Systems, 10(3), 161-174. doi:http://dx.doi.org/10.1057/palgrave.ejis.3000402
[3] Backus, George, et al. "Comparing Expectations to Actual Events: The Post Mortem of a Y2K Analysis." System Dynamics Review, vol. 17, no. 3, 2001, pp. 217. doi:http://dx.doi.org/10.1002/sdr.217.
[4] Chang, Hsiu-Hua, Chun-Po Yin, and Huey-Wen Chou. "Diffusion of Enterprise Resource Planning Systems in Taiwan: Influence Sources and the Y2K Effect." International Journal of Enterprise Information Systems, vol. 4, no. 1, 2008, pp. 34-47. doi:http://dx.doi.org/10.4018/jeis.2008010103.
[5] Solomon, H. (2005, Sep 23). Y2K: The disaster that wasn't. Computing Canada, 31, 46-48.
[6] Clarkson, Peter M., Colin Ferguson, and Jason Hall. "Auditor Conservatism and Voluntary Disclosure: Evidence from the Year 2000 Systems Issue." Accounting and Finance, vol. 43, no. 1, 2003, pp. 21.
[7] S, M. W. (2004). An international investigation of associations between societal variables and the amount of disclosure on information technology and communications problems: The case of Y2K. The International Journal of Accounting, 39(1), 71-92.


: Beautiful Soup is on Tidelift:

I've been doing a tiny bit of consulting for Tidelift for a little over a year now, mainly talking about them to open source maintainers in the Python world and vice versa. (See my October 2018 piece "Tidelift Is Paying Maintainers And, Potentially, Fixing the Economics of an Industry".) And lo, in my household, my spouse Leonard Richardson has signed up as a lifter for Beautiful Soup, his library that helps you with screen-scraping projects.

Leonard writes:

There was a period of about a year in 2017-2018 when I wasn't interested in doing Beautiful Soup work, but Tidelift changed that. Tidelift gathers subscription money from companies that rely on free software, and distributes the money to the developers in exchange for a level of support that I find sustainable.

Nobody builds an entire product around Beautiful Soup (or at least nobody will admit do doing this), but thousands of people have used Beautiful Soup to save time at their day jobs. Bundling Beautiful Soup together with bigger projects like Flask and numpy is a solution that works really well for me.

The other day I looked at the list of featured supported packages and was happy to see that a bunch of Python projects have signed up as lifters, including SciPy and numpy, Flask, setuptools, Werkzeug, websockets, urllib3, celery, coverage, a bunch of Django packages, Jinja2, keyring, Pylint, coverage, and pytest. And I think over the next 6-12 months we're going to see some effects of Tidelift support -- not just in the security and release cadences of the supported projects, but on other issues stemming from unfairness and a lack of reciprocity in open source, like maintainer burnout and expectation-setting. The list of licensing, security, maintenance, and marketing tasks lifters agree to do may end up being a benchmark, like the open source Independent Verification & Validation checklist by Open Tech Strategies, that even non-lifter maintainers use to set realistic expectations for what "supported"/"maintained" means.


: Hey, You Left Something Out: Of course not all the responses I get to my work are positive. Sometimes I get criticism. And a subset of that criticism says more about the person giving it than about the quality of what I've made. I try to keep a thick skin about that but I don't always succeed.

One particular kind of response has piqued my interest lately. Some of the feedback I get means to be praise, but contains a kinda-joking complaint about something that the person thinks I left out. I saw this recently in a recommendation of my PyCon 2016 talk, "HTTP Can Do That?!", and in another commenter's response. And some commentary of the "they/you left x out" variety is straightforward criticism.

At its most loving, I think this kind of commentary means to be a kind of "yes-and" response, sharing the experience of enjoying something and extending it by recommending another related thing. (I have been working on this blog post, on and off, for a few months; the day I am posting it, I see a perfect example.) And I can empathize with that!

But, a lot of the time, this kind of response comes with an explicit marker or implicit connotation of complaint: the author/speaker did not mention the thing that I think should be mentioned, and therefore, something is wrong.* Perhaps a more useful approach would be to wonder, in a genuinely curious way, why the author didn't mention it? Was it out of ignorance? Was it a deliberate choice, and, if so, to what purpose?

Marco Rogers's recently observed: "A lot of men seem to have been conditioned to think that telling someone that you disagree is the same as asking them a question. Like the way they learn to engage is by *creating a conflict*." Maybe that plays into this.

And as Josh Millard notes,

There's a lot of this sort of detached entitlement out there.... "I want content generated to my tastes" collides with "I'm making something with my bare hands" in such a way that the folks in the more passive former camp feel somehow totally comfortable asserting the high ground on the people in the latter.

Personal taste is personal taste and everybody's got a right to it; criticism is useful, at least when it's useful. Beyond that, though, there's a lot of Why Am I Not Being Correctly Entertained out there in the world that manages to get off the leash for no good reason, and from the doing-the-work, learning-the-craft, making-the-content side of things that does get awful tiring.

And maybe that plays into this too.

Compilation-makers, list-makers, etc. run into this kind of criticism frequently, as fanvidders discussed in a Vividcon panel about multisource vids. Perhaps some readers read any list of things sharing particular characteristic as an attempt to make the one canonical list, and thus read any publicly shared list as implicitly inviting corrections and additions toward this goal.

Last year bironic commented wryly,

I love how many multifandom vids lately come with explainers about scope, as we brace for people to come in and yell about someone who was included or left out.

And I appreciate vidder thingswithwings's response:

...there are so many selection choices to make, and only so many seconds of song . . . I think it's good to make it clear that we're making these decisions thoughtfully...

That's the spirit I see in thingswithwings's vidder's notes on their joyous, spirited and dancey vid "Gettin' Bi" and eruthros's vidder's notes on her excellent, moving, incisive vid "Straightening Up the House". And that's the spirit I'd like to inhabit as I make and share recommendation lists, compilations, etc. going forward.

And in that spirit I'll address here the praise-complaints of my own work that I linked to in my second paragraph. I scoped "HTTP Can Do That?!" to discuss underappreciated real, working parts of HTTP and share examples of things that work, even if they're bad ideas, as illustrations. I didn't show the cover of Bradbury's Fahrenheit 451 in my talk because -- as I mentioned during the Q&A -- I think it's fine to leave that particular connection as a bit of an Easter egg so some people have something to figure out when they look up response status code 451 later. I didn't include the teapot response code (418) because it's already fairly popular and well-known as a joke response code, and I wanted to spend my time on stuff folks weren't as likely to run across in other fora, and because it's a joke that isn't in the HTTP standards. I made a tradeoff between concision and nuance. Similarly, I didn't use the word "neoliberal" in that post about feelings of overwhelmption because that wasn't the point.

People who want to compliment work should probably learn to give compliments that sound encouraging. As one writer notes: "I think Twitter, for all its good qualities, can very much be a Killer Of Work exactly because people don't know how to say "that's so awesome!" or lift creators up in the idea stage." And people who genuinely want to submit you-left-something-out bug reports about someone else's work** should probably spend a few moments checking the maker's stated criteria and purpose, and reflecting on whether they perhaps had an interesting reason for the exclusion or omission, or on how much the gut biomes of the creator's intended audience matches the reader's gut biome. "I'm curious about the choice you made" may sound passive-aggressive, but I'd rather hear that than something that's just flat-out aggressive.

(Oh, and to be tiresomely empowering again: a human created the thing you're responding to; you're a human and you could make a thing, too.)

* "You forgot Poland" always comes to mind, even though a face-to-face debate is such an unusual context compared to the ways I usually get feedback like "you forgot x".
** even something tiny like a single joke


Thanks to Mindy Preston and others who commented on drafts of this idea & piece.


: Some Recent Films: I saw several movies recently!

I LOVED Booksmart which is in conversation with Election, Legally Blonde, and (at least visually) maybe Brick. It's hilarious, moving, sweet, and precise -- a delightful confection of a film. As with Clueless there are no villains and everyone gets to be a person. The parable of the laborers in the vineyard (not explicitly), a "Lean In" joke, feminists like me onscreen whose politics are core to their character, a friendship between a straight girl and a queer girl who love and want the best for each other -- so much fun. I went to see this mostly on the strength of knowing Sarah Haskins had cowritten it, because I have loved her for a decade because of her "Target: Women" segment from Infomania. Brendan was the one who informed me that she'd cowritten the earliest version of the screenplay in 2009 and that it'd been on The Black List of best-liked unproduced screenplays (Franklin Leonard's TEDx talk is pretty interesting if you haven't heard of that spreadsheet).

Always Be My Maybe is a cute, sweet romcom that will mean more to you if you are Asian-American or have ever lived in San Francisco. I'm always happy to see Randall Park in something (I've loved his silly face since his IKEA Heights videos) and the intergenerational dynamics in his character's family rang true to me.

I enjoyed Mindy Kaling's Late Night because of Kaling's and Emma Thompson's performances, because I've been the only woman or the only nonwhite person in the room so many times, because of a particular exchange between Thompson's and Kaling's characters about tokenism that took me right back to a particular meal in San Francisco many years back when I had a very similar conversation, because I'm still a softie for the fairytale fantasy of making comedy that millions of people laugh at. The movie sort of feels like a 100-minute sitcom on the level of its characters, dialogue, and plot -- people speak their subtext a lot, it brings up an issue that it doesn't then deal with satisfyingly, there are Big Gestures that solve things. But I still had fun.

Funny-but-not note about that last one: one of the trailers before Late Night was for After The Wedding. The first several seconds of the trailer show us a young white American woman working in an orphanage in India. OK, sure, yes, Late Night will attract a lot of Indian diaspora people, so it makes sense to advertise a movie set in India to us. But then that white woman talks with the older Indian woman who runs the orphanage about their financial needs and, seeking a big donation, goes back to the US and gets involved in a whole messy situation with a rich woman and her sketchy husband. And that's the rest of the trailer and probably what most of the movie is about. And I was sitting there thinking -- look, there are other donors you could talk with! Are you seriously the development director for your nonprofit, and if not, have you talked with them about how much trouble this donation is turning out to be? Also, the Indian woman who runs the orphanage -- what's up with her right now? What does she think and what other sustainability leads is she pursuing? By the end of the trailer I was much more focused on questions like "have they already looked at the grant listings at the Foundation Center?" than "will Billy Crudup's SECRET be EXPOSED?" which is a long way of saying that I am probably not going to see this movie.

Oh also the Museum of the Moving Image showed the 1997 John Woo action classic Face/Off which I have now seen for the first time and I may not need to see another action movie again for multiple years because how can you top it? I feel like there are no words for the utter infernokrusher spectacle of Face/Off; it transcends any articulation outside of its own cinematic achievement. And the escapism! As the credits rolled I asked "did I like this?" and realized that my face hurt from smiling, so, yes.

Filed under:


: WisCon Activities: I'm on my way today to WisCon, the feminist science fiction convention. This'll be the tenth anniversary of my first!

I'm a panellist or performer for three sessions:

  1. "Ethics In The Good Place And Crazy Ex-Girlfriend", panellist, Friday 9:00-10:15pm, in Caucus.

    Fantastical US TV shows The Good Place and Crazy Ex-Girlfriend both explore what we owe to each other, and to ourselves. What ethical frameworks do they explore and seem to approve? How do the shows judge the appropriateness of self-sacrifice, the importance of pleasure, the choice to fix or leave a dysfunctional relationship, and other ethical issues? And how do they use fantasy to approach and consider these questions?

  2. Tiptree Auction: comedian and auctioneer, Saturday 7:30-9:30pm (probably more like 9pm), in Capitol/Wisconsin.

    It is totally fine to just turn up for 15 minutes of this and spend no money and laugh at my jokes and then go get dinner. But also all the money we raise goes to the Tiptree Award.

  3. "Imaginary Book Club", panellist, Sunday 10:00-11:15am, in Conference 4.

    Panelists each choose an exciting book from the last year to describe, and the group discusses them all. The catch: we made all of them up. This year, we might talk about Charlie Jane Anders's inspirational romance, a newly discovered YA dystopia by F. Scott Fitzgerald, G. Willow Wilson's entry in the Babysitter's Club series, and the 90s-nostalgia horror anthology I'll Be There for You(r Blood).

And I will be getting cool free clothes during the Gathering and going to the Dessert Salon and subsequent speeches so I may catch you there!

I am also attempting to meet MetaFilter acquaintances on Sunday night and to hang out with other farflung friends over the course of the next week. Here are some tips for contacting me and so on during the con.


: Looking Forward To: I'm trying to note down some things I am looking forward to, and that don't make me want to hyperventilate and hide because they are attached to obligations I have not yet discharged. (Like: I enjoy biking, but it is also a chore I need to do. I will be happy when people enjoy the art/comedy performances at PyCon and WisCon, but also there's backlogged stuff I need to do for those to be successful. And so on.)

Someday Vikram Seth will finish A Suitable Girl and I will get to read it. And someday Rosemary Kirstein will finish the next Steerswoman book and I will get to read it.

I have a ticket to a Crazy Ex-Girlfriend live show next month.

In May when I travel to PyCon and WisCon I'll get to see some friends I don't usually see.

I have faith I will find more things to put on this list. I look forward to finding them.

Filed under:


: Rabbit Hole Interview(s): Recently, the Rabbit Hole developers' podcast interviewed me; we discussed open source sustainability, maintainership, sensationalism among bards who sang the Odyssey, how PyPI is like Wikipedia, and what we think is paranoid.

The interview continued into a second episode discussing PyCon and The Art of Python, my past talks and plays, Halt and Catch Fire, what conferences are for, and the feeling of giving a bad talk.

Thanks to Stride for providing rough transcripts along with the audio!

A listener punned on my username ("brainwane") to tell me, "loved your perspective and insight on the podcast ... for me, it was 'braingain'". Awww!

We recorded these episodes on 27 February. The 7:17-08:06 segment of the first one proved prescient:

David:... NPM does an audit of the packages and says, okay, like, "this version is flagged with a known vulnerability, you should upgrade this." And it will just hammer you with that [unintelligible], infinitely, until you handle it. But like, you know, that’s also a form of open source software, that we’re depending on to nudge us.

Sumana: Right, and then the question of, again, sustainability, of like, well, is NPM, as a venture-backed thing, right..... You stay in this industry long enough and VC sounds like a dangerous term for anything you’re actually going to depend on.

David: Yeah, like the idea of something like PyPI going away. Like, I don't know what I would do? I would just have to find all of the binaries on a website? And like host my own... thing? Or...?

Stride released this episode on 19 March. On 22 March, surprising staff and at least this observer, npm laid off a number of workers on its open source team.

Please note that you can make a one-time or recurring donation of any amount to the Python Software Foundation that specifically supports PyPI and related packaging and distribution work (disclaimer: the PSF currently pays Changeset Consulting to work on PyPI and packaging), and that your org can sponsor the PSF for as little as USD$500 per year. And I am, as always, speaking here entirely for myself and not for any of my clients or colleagues.


about Sumana Harihareswara

Archives by year, archives by category


RSS feed
Dreamwidth feed
Identi.ca microblog
Mastodon feed
Twitter feed
Spam As Folk Art

Changeset Consulting
weblog powered by NewsBruiser
Bloggers' Rights at EFFSupport Bloggers' Rights

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.