If you’re still maintaining a LiveJournal, your journal’s now in Russia

Signal-boosting this news as I know a few people still maintaining a LiveJournal who might choose to delete it, or change their use of LiveJournal after learning about this.

LiveJournal is now hosted in Russia

As of late December 2016, the LiveJournal servers (computers) are now hosted in Russia. While LiveJournal has been owned by Russian company SUP since 2007, the servers had until now been hosted in the US and access to them somewhat controlled by Californian law.

SUP has, to the best of my knowledge, not announced or commented on this themselves, but there’s more information at rahirah’s Dreamwidth journal with links to different evidence of the new location of the servers.

A Russian-language LiveJournaller appears to report that Russian law then allows that all the confidential information of [LiveJournal] users is available for [Russian] domestic security services in real time [note though that that’s a automated translation].

A BBC report on Russian law regarding social media in 2014 seems to confirm this:

A new law imposing restrictions on users of social media has come into effect in Russia.

It means bloggers with more than 3,000 daily readers must register with the mass media regulator, Roskomnadzor, and conform to the regulations that govern the country’s larger media outlets.

Internet companies will also be required to allow Russian authorities access to users’ information.

Thanks to my original source of information about this (found via @anatsuno on Twitter).

siderea expresses several important concerns with this:

  1. if you’re in Russia or vulnerable to Russia, and a political opponent, you could now be more easily identified by Russian security
  2. regardless of where you are, your LiveJournal could be possibly be deleted without notice for expressing opposition to Russia or its interests or for other content censored in Russia (eg LGBT-related content)
  3. the flight of LiveJournal users from LiveJournal following this news could simply kill the business and cause everyone’s journals to disappear without notice (Archive Team is storing public entries, regarding it as an at-risk site)

Readers’ connections to LiveJournal aren’t private

LiveJournal redirects secure https links back to insecure http. For example, if you visit https://ohnotheydidnt.livejournal.com/ your browser will connect, but it will be instructed to head to http://ohnotheydidnt.livejournal.com/ before loading the page. (Info from this Dreamwidth comment by mme_hardy, confirming my personal experiences with LiveJournal RSS feeds over the last several months.)

What this means is that the content of any entries you read, including locked ones by both you and other people, are trivially visible to anyone who can eavesdrop on your net connection, including (often) other people on your local network, and anyone on the path between you and LiveJournal such as your ISP and anyone with access to the data flowing across international cables or access to the data as it enters the Russian hosting facility, whereas https connections are encrypted in a way such that those people can see that data is flowing but can’t read it absent considerably more niche and intensive technical measures. (Even if HTTPS were turned on by LiveJournal, you wouldn’t be safe from the Russian law, since they can ask LiveJournal itself to turn over your data in addition to whatever nation-state attacker level techniques they can employ.)

Given my experience with LiveJournal RSS feeds, I’m fairly sure this has been true for some time, predating the move of the servers to Russia. (Here’s one other report that this was already true as of September 2016.) Regardless of timing, this speaks of, at best, disregard for the privacy of their users’ explicitly private (because friends-locked!) information. It’s 2017, mandatory HTTPS for transmission of any data that is sensitive or might, conceivably, somehow, maybe, be sensitive is an absolute minimum standard for user safety. LiveJournal doesn’t even have optional “if you have HTTPS Everywhere installed” or “if you remember to stick the s into the URL yourself” HTTPS (which would still be insufficient as you cannot control whether your readers use HTTPS when reading your journal).

Getting your content out of LiveJournal

If based on this you choose to delete your LiveJournal, here are some options to keep your entries. This list isn’t comprehensive.

If you want to move the content to another website, here’s some blogging platforms that provide imports from LiveJournal:

If you want to download your entries for private use, you can:

  • use LiveJournal’s own export tool but rather painfully (you’ll have to do one download per month), and without comments
  • use ljdump on the command line, which worked for me as of 2015 when I deleted my LiveJournal, but will require that you’re an experienced command line user
  • use BlogBooker to export it to a Word or PDF file (disclosure: I haven’t used this site in quite some time, and would appreciate hearing if it works, but I suggest people at least try it because it exports to a non-programmer friendly format that people could keep as a private archive, and claims to include comments and images)
  • Archive Team lists other backup tools

If your LiveJournal made use of their photo hosting, I am not sure which backup solutions will import your photos or how they will be stored. I am also not aware of any import tool that replaces LiveJournal entries with a “this entry has moved to URL” message or similar. If anyone is working on a competing LiveJournal import/export tool, photo export and redirection text are both features that my friends and I would have found useful at various times.

Creative Commons License
If you’re still maintaining a LiveJournal, your journal’s now in Russia by Mary Gardiner is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Learning more about a remote working position

I’m in the process of wrapping up a long period of working remotely at least part-time from home, beginning in 2006 when I enrolled in a PhD program and continuing through my time at the Ada Initiative and at Stripe to this year.

My take on working remotely in future is really “it depends on the details” (and likely different details for different organizations). To that end, I contributed some suggested questions you could ask to Hypothesis’s Working remotely guide, which they’ve incorporated in a slightly edited form. Here’s my original questions; I’ve also added a few more at my end after some feedback from Andrew (himself a veteran of around seven years of remote work).

Introduction

Before you start working remotely at a new organization, you should explore how they structure remote working and if there are any expectations mismatches between you and the organization. A particular remote job may or may not be a match for a particular remote worker.

Important: I don’t think there is any one right answer to any of these questions. It’s a question of fit between your working style, the position itself, and the relationship of the position to the rest of the organization. But the answers are worth knowing so that you can evaluate your fit and make plans for effective remote working.

Sources of information

This entry has a lot of questions, too many for a “do you have any questions?” section of an interview. But you can use other sources of information to get most answers, especially about organization-wide questions:

  • the job description, and descriptions of similar roles
  • the organization’s website, particularly the About and Careers pages
  • the section of the employee handbook dealing with remote work
  • the LinkedIn pages or websites of your future manager and colleagues
  • longer, separate, conversations with your recruiter or hiring manager
  • your offer conversation or letter, or your contract

Some questions you also may only need to ask if you hear of concrete plans to make a change to the organization (eg, you learn that a new office is about to open near you).

Questions

How are you remote and who are you remote from? This post is using ‘remote’ to mean something like “most days, you are not in face to face contact with any colleagues.” But you should be aware of the details: will you be working without in person contact with teammates or with the wider organization almost all of the time? Do you have any colleagues in your team or your wider organization in your city or region, or who regularly visit? Will you work on any joint projects with them? Will you be able or be expected to sometimes work with them in person even if there’s not a permanent office space?

Separately, is in-person contact with vendors or customers part of the job?

Is your immediate team remote? Is your manager remote? Being a remote member of a team that is all working remotely from each other is different from a team which is mostly located in an office with each other. Likewise, being managed by someone who is in an office has some potential advantages (for example, access to information circulating through verbal grapevines, being able to access answers from colleagues for you quickly), as does being managed by someone who is themselves remote (a direct appreciation for experiences specific to remote workers, a personal interest in advocating for them).

How many remote workers are there at the rest of the organization? What percentage of teams you will work closely with are working remotely, and what percentage of employees overall are working remotely? Working as one of very few remote workers for an organization where most employees are in an office together is different from a mostly or entirely remote-working organization.

What’s the future of remote work at the organization? If the organization is mostly or entirely remote, are there any plans to change that? If the organization is mostly office-based, are there any plans to change that? If an office is likely to be founded in your city or region soon, will you be able or be expected to work from it?

You may be considering a job on the understanding that the remote work will be of very short duration (eg, an office is opening in your city in two months time). Is there any chance the time will be longer, and are you OK with that?

What is your manager’s approach to remote workers? How frequently will they speak with you and through what media? Will they expect you to travel to them? Will they sometimes travel to you? Have they managed remote workers before?

How long have there been remote workers for? Is the organization new to having remote workers or has it had remote workers for a long time and bedded down a remote working style?

What is the remote working culture like? Is most collaboration over email, text chat, phone, video conf, or some other means? Are there watercooler-equivalents like social IRC channels or video chats? How active are they? Are remote workers mainly working from home or from co-working spaces? Are there occasional team gatherings for remote workers to meet colleagues in person and are they optional or compulsory?

How flexible are the hours? Not all remote work has flexible hours; you may have mandated work hours, or core hours, or shifts, as in any other role.

Are the remote workers spread across multiple timezones? If so, are your team and closest collagues in your timezone or another one? Are you expected to adapt your working hours to overlap better with your colleagues? How are meetings and other commitments scheduled across timezones? Do they rotate through timezones or are they always held in a certain timezone? Are you ever expected to attend meetings well outside your working hours, and if so, how often is this expected and do your colleagues in other timezones face the same expectations?

What are the benefits for remote workers? Will the organization reimburse any of your remote working expenses, such as membership of a co-working space, home office furniture, or your home Internet connection costs? If you’re working in a different country from most of your colleagues, will you get equivalent benefits to your colleagues (eg, health insurance coverage)?

What are the travel expectations for remote workers? Are you expected to travel to headquarters or other offices or customers, and if so, how often and for how long? What are the travel policies and allowances for remote workers? How do these travel expectations compare to those of non-remote colleagues?

Sometimes you will be remote from an organization with an office or even headquarters in the same city as you. Will you be able or expected to visit the office? How often? Will there be resources for you (eg, hot desks, meal provisioning)?

What are the career progression possibilities for remote workers? As a remote worker in a partly non-remote organization, could you move into more senior positions over time, such as team leader, middle manager, or executive? Could you move into other teams in the organization, and if so, which ones? Are there some roles that are closed to remote workers? Match these answers to your own career goals.

What’s the training process like? Must you or can you spend a period of time in an office or visiting a colleague for training? Must you or can you do your training remotely using documentation, videos and similar? Will a trainer or colleague have some time assigned to remotely train you?

Is there support for first-time remote workers? If you haven’t worked remotely before, will the organization support you in learning how to work remotely, and if so, how?

See also

A very partial list of resources, focussing on individual remote workers and their experiences and strategies:

Creative Commons License
Learning more about a remote working position by Mary Gardiner is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Make your Dreamhost site HTTPS-only

Encrypt all the traffic!

Some of the archival Ada Initiative web content is hosted on Dreamhost, and today I re-enabled HTTPS for it now that Let’s Encrypt certificates are available both on Dreamhost and WordPress.com.

Update October 2017: official Dreamhost documentation on adding an SSL certificate and forcing your site to load securely with an .htaccess file is available.

Here’s how to enable, and insist on, HTTPS connections to sites hosted on Dreamhost:

  1. Log into the panel
  2. Go to Secure Hosting
  3. Click ‘Add Secure Hosting’
  4. Select the domain you want from the dropdown, check the box next to ‘By checking this option you agree to the Let’s Encrypt Terms of Service.’, leave ‘Unique IP’ unchecked, and press ‘Add now’.
  5. Important: wait for an email from Dreamhost telling you the certificate is ready. This seems to take about fifteen minutes or so. The email contains a copy of the certificate but you don’t need to do anything with it, they configure the webserver automatically at about the same time as they send the email.
  6. Once you have received the email, check that your site is available at https://YOUR-URL and that your browswer does not report errors. (If it does, wait around 15 minutes, try again, and if you’re still seeing errors, screenshot them and contact Dreamhost support.)

Now that HTTPS is working on your site, you can then force all HTTP requests to redirect to HTTPS by placing this in the ~/YOUR-URL/.htaccess file:


<IfModule mod_rewrite.c>
# Redirect all insecure requests
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</IfModule>

# tell web browsers not to even try HTTP on this domain for the next year
# uncomment this only after you've confirmed your site is working on HTTPS, since it commits you to providing it over HTTPS
# Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

Check that visiting http://YOUR-URL now redirects to https://YOUR-URL, and the same should be true of pages underneath http://YOUR-URL.

Feature request for Dreamhost: make a “force HTTPS” option in your standard config.

For more information on Strict-Transport-Security see HTTP Strict Transport Security for Apache, NGINX and Lighttpd and Stack Overflow: How to set HSTS header from .htaccess only on HTTPS.

Bonus round: update absolute links

If your site is a bunch of static HTML files, and you have done a lot of absolute linking to your own webpages, here’s a possible command you could run, replacing example.com with your own domain. I don’t recommend running it unless you know the UNIX command line, and you have a fairly good idea of what find and sed both do:


DOMAIN=example.com
cp -a ~/$DOMAIN ~/$DOMAIN-backup-before-https-edit
cd ~/$DOMAIN
find -type f -name "*.html" -exec sed -i "s/http:\/\/$DOMAIN/https:\/\/$DOMAIN/g" {} \;

Creative Commons License
Make your Dreamhost site HTTPS-only by Mary Gardiner is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Remembering Telsa Gwynne

Telsa Gwynne, whom I knew through my time in the LinuxChix community between 2000 and around 2007, died this week:

Telsa is the direct inspiration for the entire 15 years of content on this website, especially the personal diary. Before joining LinuxChix, I first knew Telsa through her online diary (its archival title, “This was a diary, once”, is painful to read now), which I heard about through someone who read Alan Cox’s diary, and I was struck by how striking daily life could be in written form. Telsa’s diary was full of personality and snark, and singlehandedly inspired me to begin writing about my life online too.

I thought of her as a net celebrity, although not in the usual way of “married to Alan Cox”, but as “writer of one of my favourite websites”. I was therefore a little bit shy about directly interacting with her when I initially joined the LinuxChix lists in 2000, but I first met her in person in 2001 at linux.conf.au when she and Malcolm Tredinnick were hanging around debriefing and complaining about CVS, on which he was teaching a tutorial that year which Telsa later wrote up. She was grumpy and kind and normal, even if she did know CVS.

Andrew saw her again at LCA in 2003, but I didn’t go and I think I only met her one more time, in Wales in 2004 when we visited their house and due to poor planning with trains, ended up staying the night. Telsa and Alan were kind hosts and we enjoyed Telsa’s huge knowledge of local history as we walked all around Swansea.

Telsa’s final diary entry in 2006 says she “plain[ly] and simpl[y] los[t] interest in running to stand still just to understand how to use anything mechanical.” However hard she worked for it, I remember her as profoundly technically knowledgeable and an excellent teacher. A great deal of my initial learning about both CSS and character encodings came from her, and she was well known as a high level user of DocBook. A friend shared one of her posts to a private LinuxChix technical list today, walking through the differences between library packages and -devel packages in Linux distributions, and their implications for compiling software.

I hadn’t been in contact with Telsa since she or I variously withdrew from our common online communities, so since 2007 or before. I kept an eye on the very occasional updates to her website, and was pleased to think that she had found a more satisfying life outside her Free Software community volunteering. I still find this a happy thought.

Telsa was also a critical inspiration to me as an activist: in the early 2000s (and still) it was hugely controversial to either believe that open source communities could still work if they were more civil (the entire LinuxChix project was partly an experiment with that), and even more so to insist that they should be. Telsa is the earliest person I can think of who stood up in an open source development community and asked it to change its norms in the direction of civility. I don’t know how heavily her online harassment experiences played a part in her departing Free Software and some online communities — I hope it wasn’t a large part — but I’m sorry it happened and I’m angry.

Telsa was a brilliant and kind and strong person, and I am sorrier than I can say that we will never be in contact again. To Alan, Debbie and others who loved her: my profound sympathies for the loss of an amazing person.

Other memorials:

Telsa online:

Creative Commons License
Remembering Telsa Gwynne by Mary Gardiner is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Handling harassment incidents swiftly and safely

This article was written by me and originally published on the Ada Initiative’s website. It is republished here according to the terms of its Creative Commons licence.

As anti-harassment policies become more widespread at open technology and culture events, different ways of handling harassment incidents are emerging. We advocate a swift process in which final decisions are made by a small group of empowered decision makers, whose focus is on the safety of the people attending the event.

Open technology and culture communities, which often make decisions in a very public way, can be tempted to also have a very public and very legalistic harassment handling process, a judicial model, but we advocate against this. It prioritises other values, such as transparency and due process, over that of safety. Alternatively, because many members of such communities find ostracism very hurtful and frightening, sometimes they develop a caretaker model, where they give harassers lots of second chances and lots of social coaching, and focus on the potential for a harasser to redeem themselves and re-join the community.

But neither of these models prioritise safety from harassment.

Consider an alternative model: harassment in the workplace. In a well-organised workplace that ensured your freedom from harassment — a situation which we know is also all too rare, but which we can aspire to, especially since our events are workplaces for many of us — an empowered decision maker such as your manager or an HR representative would make a decision based on your report that harassment had occurred and other relevant information as judged by them, and act as required order to keep your workplace safe for you.

A well-organised workplace would not appoint itself your harasser’s anti-harassment coach, have harassment reports heard by a jury of your peers, publish the details of your report widely, have an appeals process several levels deep, or offer fired staff members the opportunity to have their firing reviewed by management after some time has passed.

Like in a well-organised workplace, we advocate a management model of handling harassment complaints to make events safer: reasonably quick and final decisions made by a small group of empowered decision makers, together with communication not aimed at transparency for its own sake, but at giving people the information they need to keep themselves safe.

The management model of harassment handling is that:

  1. you have a public harassment policy that clearly states that harassment is unacceptable, and gives examples of unacceptable behaviour
  2. you have a clear reporting avenue publicised with the policy
  3. you have an empowered decision maker, or a small group of decision makers, who will act on reports
  4. reports of harassment are conveyed to those decision makers when reported
  5. they consider those reports, gather any additional information they need to make a decision — which could include conduct in other venues and other information that a very legalistic model might not allow — and they decide what action would make the event safer
  6. they communicate with people who need to know the outcome (eg, with the harasser if they need to change their behaviour, avoid any people or places, or leave the event; volunteers or security if they need to enforce any boundaries)
  7. they provide enough information to the victim of the harassment, and when needed to other attendees, to let them make well-informed decisions about their own safety

Further reading

Creative Commons License
Handling harassment incidents swiftly and safely
by the Ada Initiative is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Based on a work at https://adainitiative.org/2014/07/23/handling-harassment-incidents-swiftly-and-safely/.

The Ada Initiative founders on funding activism for women in open source

This article was co-written by me and Valerie Aurora. It was originally published in Model View Culture and was later published on the Ada Initiative blog. It is republished here according to the terms of its Creative Commons licence.

In December 2010, Valerie Aurora, then a leading Linux filesystems developer, announced that she was leaving software development to work on women in open source software activism full time. Behind the scenes, she asked several other geek feminist activists to join her to work on women in open source activism full time. “I don’t know what the world-wide economic capacity for paid activists [for women in open source] is, but let’s find out together!” she wrote.

In 2010, the smart money said that the world-wide economic capacity for paid activists for women in open source was well under one person. And only Mary Gardiner, then an unpaid computer science PhD student looking to leave academia, took Valerie up on the offer.

Thus began our long journey towards answering the question: “How does an activist get paid?

This article chronicles our own painful and sometimes expensive learning experiences around funding diversity in tech work, as well as advice and techniques from several other successful full-time diversity in tech activists and fundraising experts: Ashe Dryden, diversity advocate and consultant; Kellie Brownell, CiviCRM implementer at Giant Rabbit and former Ada Initiative fundraising consultant; Frances Hocutt, founding president of the Seattle Attic feminist hackerspace; and Emily May, executive director of Hollaback!.

Paying Activists and Funding Complications

The question we struggled with initially was why activism, and feminist activism in open source software in particular, should be a paid job at all. Thanks to the work of people including Kate Losse, today the tech community is increasingly aware that this kind of community-building labor is valuable and should be compensated. But in 2010, all we knew is that volunteer activism was not working. Women in open source software were working for free, burning themselves out while fighting for rights as simple as basic physical safety – let alone equal pay, equal treatment and a non-sexist culture.

And yet the expectation that women in open source should be unpaid activists was so high that in 2009, Emma Jane Westby formulated the “Unicorn Law,” which states: “If you are a woman in Open Source, you will eventually give a talk about being a woman in Open Source.” In October 2011, Skud — herself an activist and target of harassment — adapted Arlie Hochschild’s term “the second shift” to describe this phenomenon. But after ten years, and tens of thousands of hours of difficult, draining work, the percentage of women in open source software was still in the low single digits.

Valerie’s insight — radical, at the time — was that we needed full-time paid activists working on the problem in order to make any progress. We founded the Ada Initiative with the principle of paying fair market wages to anyone doing work for us more than a few hours a week. In 2010, this was a moonshot. In 2014, it’s increasingly how things are done. More and more diversity in technology initiatives are becoming paid activities, and a growing proportion of the technology industry recognizes this labour as something worth paying for.

For all this progress, relatively few “pre-fabricated” diversity in tech jobs exist, and the ones that do exist tend to be co-opted by corporations to narrowly focus on recruiting and, in effect, marketing. Many existing large diversity-in-tech non-profits are primarily corporate-funded and therefore end up compelled to do recruiting and marketing for for-profit tech corporations. An employee of a for-profit corporation who wants to advocate for significant cultural change as part of their job is stuck in an additional catch-22: they can’t criticize their competitors, because it looks like a conflict of interest, and they also can’t criticize their own employer, because that’s a great way to get fired.

Thus, full-time diversity activists who want to do effective, controversial, culture-changing work must often work out how to pay themselves, rather than taking existing jobs at tech companies or diversity in tech non-profits.

What follows is a survey of some of the most popular funding sources: corporate sponsorship, individual donations, and consulting and training.

But first…

Why you shouldn’t try them all

Often activists will reach for every funding opportunity they can: individual fundraising campaign, yes! Government grants, yes! Selling stickers, yes! Sucking up to wealthy potential donors at lavish one-on-one dinners, absolutely! But it is crucial to pick just two or three funding sources and concentrate on them.

Raising money in any form takes time, practice, dedication, and skill. Pursuing too many forms of funding will just mean that you’re bad at all of them. Some diversification of funding sources is often recommended, but the base requirement is a reliable funding source.

An activist’s choice will depend both on their mission and who they are able to reach. The Wikimedia Foundation is focusing exclusively on small donors from all over the world giving an average of $25 each and giving up pursuing most grants or large donors, in part because small donors are inherently diversified. However, the Wikimedia Foundation can use Wikipedia, one of the world’s most-read websites, as a fundraising platform, a rare advantage. No diversity in tech activists will have such a large pool of potential donors! Each individual and organization needs to assess which sources of funding are compatible with their mission, and of those sources, which they can access.

Corporate Sponsorship

The Ada Initiative, like many diversity in tech groups, initially planned on getting most of our funding from technology-related corporations. Our focus was on women in open technology and culture, which includes open source software, Wikipedia-related projects, open data, and similar areas. Our logic was charmingly naïve: since corporations reaped most of the benefit of open tech/culture, they should pay most of the cost of increasing the percentage of women in their talent pool because fairness. Also, corporations tend to have a lot of money.

Major corporate sponsorship for diversity in tech work comes in several common forms: conference sponsorships, grants for specific projects, fellowships employing a specific person for a few months, and completely unrestricted grants (our favorite). Corporate donors are attractive because, compared to the typical activist, many have effectively infinite amounts of money.

However, corporate sponsorship has clear downsides for many diversity in tech activists. The sponsor’s goal tends to be making sure the corporate sponsor has access to a diverse hiring pool. Most companies therefore prefer to support events and education initiatives that serve as recruitment opportunities in the short or medium term.

Corporate sponsorship is also often very cautious. They are looking to associate their name with a popular message, and groups who do not yet have a history of successful programs may have trouble accessing corporate donations. Organizations intending to rely on corporate donations may have to bootstrap with other funds or volunteer labor while building a history of success.

The main exception to these rules, in our experience, is smaller privately-held companies whose owners account only to themselves for how the company’s money is spent. They tend to be less conservative and more risk-tolerant than publicly owned companies. In the Ada Initiative’s case, these kinds of corporate donors were crucial to our success and included Puppet Labs, Dreamhost, Dreamwidth, and Inktank.

Early on, our philosophy at Ada Initiative was to accept any no-strings-attached corporate sponsorship as long as the company’s business model wasn’t fundamentally anathema to our mission. But since many corporations — and corporate management — are complicit in discrimination and harassment of women in tech, much of the effective work to support women in tech involves criticizing the status quo and has the potential to offend the very corporations who sponsor us. We gradually came to realize that every corporate sponsorship has an invisible condition: unspoken internalized pressure to avoid any actions that might cause that corporation to stop donating to us.

We had another motivation for our initial corporate-funded model: guilt. We felt guilty asking individual people to support our work but no such compunction when it came to corporations. We suspect this kind of guilt plagues many activists; we tend to want to help others, not ask others to help us. Our guilt about asking individuals to support our work instead of corporations drove us to end our first fundraiser early, resulting in the loss of tens of thousands of dollars from eager donors and forcing us to start another, less-efficient fundraising campaign only 5 months later. Reframing how we viewed asking individual people for donations took three years, a career counselor, a therapist, several books, and a perceptive fundraising consultant, Kellie Brownell.

So let’s talk about…

Individual Donations

Since mid-2011, the bedrock of the Ada Initiative’s funding has come from a few hundred individuals within the technology community. Being accountable to donors who are primarily interested in culture change even when it has no direct benefit to themselves allows us to take on more radical programs. This includes work that is not directly connected with hiring or careers, or that is connected with gift and alternative economies like media fandom with little direct connection to corporate profits.

Perhaps the most compelling reason to adopt an individual donor funding model is that donors often become advocates for diversity in tech themselves. Kellie Brownell, our former fundraising consultant, says, “While fundraising at the Electronic Frontier Foundation, I kept noticing that our donors were the first to take action when we asked for help.” Many an Ada Initiative donor has gone on to successfully advocate for an anti-harassment policy or a diversity scholarship in their community. We also receive many thank-you notes from people too shy, too burned out, or too busy to be advocates themselves, who are relieved that they can take action in some way by donating. Individual donors create a virtuous circle where fundraising supports our mission, and our mission increases our fundraising.

Diversity in tech organizations are increasingly bootstrapped with a crowdfunding campaign. Diversity advocate and consultant Ashe Dryden raised $20,000 in July 2013; Trans*H4CK raised $6,000 beginning in May 2013; feminist hackerspaces Double Union and Seattle Attic raised $15,000 and $11,000 respectively in November 2013; and in March 2014 Lesbians Who Tech raised $29,000 for a summit in San Francisco and $20,000 for a summit in New York.

Crowdfunding, with its constant outreach and rewards is an excellent way to interest donors and community members in an organization, but Dryden cautions that “[it was and] still is a considerably larger amount of work on top of the other work I’m doing.” At the extreme, the work required to publicise a fundraising drive and then fulfill rewards can risk exhausting the funds raised! It may also only work a limited number of times. Emily May, executive director of anti-street harassment non-profit Hollaback!, says “80% of our donors are young[…] They are incentivized to give by new exciting initiatives, but there are only so many ‘new exciting initiatives’ that [we] can launch without overwhelming our capacity.”

Activists are beginning to be able to raise enough money to pay themselves from many very small regular donations. Dryden’s funding now comes primarily from Gittip, a service that allows people to make anonymous weekly donations directly to her. She is the top Gittip recipient with an income of $750 a week, and is not the only diversity in tech activist among Gittip’s top receivers. Others include Lynn Cyrin, a trans woman of color working on a guide to class mobility and CallbackWomen, working to increase women’s representation at conferences.

Dryden says, “Community funding is great because it means I’m working directly for the community. I often tell people that the community is my employer, so I’m working directly for them, instead of what would look best for a company. It also means that I can be impartial in critiquing what’s wrong with the industry without worrying about financial ramifications either through my employer’s view not aligning with mine or people attempting to get me fired for my views, which many other activists and advocates have experienced.” Dryden’s model is beginning to approach what Sue Gardner, the outgoing executive director of the Wikimedia Foundation and an Ada Initiative board member, identifies as the future of non-profit funding: small donations from a large number of donors, requiring relatively little fundraising effort from the organisation compared to traditional models.

Every individual donor population is unique. In Dryden’s case, anonymous donors make small weekly donations on the order of $5. In the Ada Initiative’s case, we tend to have donors with high-paying technology jobs (or who own technology companies themselves) with generous bonuses, stock grants, and programs that match employee donations to non-profits. Kellie Brownell explains how we grew our individual donor base: “We adapted fundraising practices from individual major giving, for example, (1) thanking donors quickly, (2) asking what motivated them to give, and (3) reporting back later what we did with their money. Major giving practices are highly personal and aim to help donors grow in their understanding of an organization’s mission and why this mission matters to them. Once a fundraising team becomes good at doing both these things, you can develop this model further by giving donors opportunities to participate in the process.”

Relying on individual donors has downsides. Recruiting the initial slate of donors can take months of full-time work, and reminding them to give again takes more work (which is one reason why non-profits tend to prefer automatic recurring donations). Individual donors may also attempt to redirect the person or organization’s work towards less controversial programs. Dryden explains that the anonymity of her donors, which is not an option for most non-profit corporations, “removes the pressure to fit my message into what I think my larger funders would agree with, which protects the integrity of my work.”

Membership

A variant of individual donations is the membership model of funding, where funders pay membership fees instead of donating, and in return receive benefits from the organization such as access to private events, training or spaces. It often comes with input into the activist group’s governance, usually as the right to vote for or stand for the governing committee.

This model is most successful where activists are primarily working to provide ongoing benefits to a small group of people; for example, feminist hackerspaces (a.k.a., community workshops), which exist for the benefit of local women and others who are not welcomed in existing hackerspaces. Frances Hocutt, founding president of the Seattle Attic feminist hackerspace, says “We aim for members to fund the bulk of our operations because we want our community to be able to continue even if donations drop off. We are trying to build a community that is sustainable and can be self-supporting if need be.”

For organizations like the Ada Initiative, which aims to benefit a very large group of people and provide resources widely and freely, the membership model is less suitable as we have little additional benefit to offer members. Hocutt also observes that it is not ideal when activists are trying to benefit people who can’t afford membership fees: “We believe that ability to pay dues has nothing to do with a person’s ability to contribute to the creativity and energy of the Attic community, and we want to remove barriers that keep some of us from doing that.” Seattle Attic offers the ability for donors to donate memberships for people who can’t afford one, and a transport subsidy to members who don’t have access to transport.

Consulting and training

Counterintuitively, one way to raise money from donors without giving them undue influence is to provide consulting and training directly to them for a fee. This makes the terms of the relationship very clear; they receive a specific tangible benefit in return for their fee, rather than there being an unspoken expectation of a long term PR or recruiting boost.

In addition to her Gittip income, Ashe Dryden funds her work by consulting for corporations looking for help improving diversity in their organization. The Ada Initiative’s training programs include the Allies Workshop, which teaches men simple, everyday techniques to fight sexism in their workplace and open tech/culture communities. The Allies Workshop is a fairly challenging and confrontational program, as it teaches people to directly confront sexism and harassment without being transphobic, homophobic, racist, ablist, or classist. By offering it as a corporate training program on a voluntary attendance basis only, we attracted companies with employees who were ready to take personal action to support our existing strategy.

As with the membership model, providing consulting or training in return for a fee may compromise the ability of an organization to benefit the public.

“I would love a stronger earned income revenue stream, but our values of making it free to launch a Hollaback! in [any] community conflict with that,” reports Emily May, whose organization’s funding is primarily foundations (65%) and government (20%). In order to combat this effect, the Ada Initiative makes our training materials available publicly, and offers cheap and free spots at public training sessions, as well as offering training using the same materials to fee-paying clients.

Incorporation and funding

The Ada Initiative is incorporated as a 501(c)3 not-for-profit in the United States with tax-exempt status. This has some immense practical benefits in exempting us from corporate income taxes and allowing us to receive tax-deductible donations in the US.

Incorporating in some form — non-profit, B-corp, limited liability company, etc. — is not a requirement for funding diversity in tech work. We were astonished to discover how much money people would give us with the ink barely dry on our mail-order certificate of incorporation from the State of Delaware. In retrospect, we realized people were initially donating to Mary Gardiner and Valerie Aurora, not the Ada Initiative, Inc. In the tech sector, people are frequently willing to give hundreds or thousands of dollars to individuals as long as they personally trust the recipient, with or without the incentive of tax deductions or certification by some charity-related authority (e.g., the U.S. Internal Revenue Service).

The decision of whether or not to create a 501(c)3 requires weighing significant trade-offs. Preparing our application for tax-exempt status and then following various accounting and reporting rules to retain it take an astonishingly high proportion of our time — our 2012 taxation filing consumed approximately a month of staff time. In the U.S., non-profit incorporation is most suited to an organization that, like the Ada Initiative, intends to grow into a larger multi-person effort. We deliberately created an organization that would allow our projects to be continued by other activists if and when we burned out and move on to easier jobs (like writing operating systems software or leading a computational research lab).

To The Moon!

In 2010, Valerie described paying one activist to work on issues facing women in open technology and culture as a “moonshot”. In the short time since, so many activists have found that the work they do or the resources they need both should be paid for and can be paid for. The Ada Initiative, Black Girls Code, Seattle Attic, Double Union, Trans*H4ck, Lesbians Who Tech and others have joined older organizations such as the Anita Borg Institute and the Level Playing Field Institute. More are appearing every month. They are joined by community-funded individual activists such as Ashe Dryden and Lynn Cyrin.

Diversity in tech activists are using a wide variety of strategies: corporate sponsorship, yearly fundraising campaigns, monthly or even weekly small donors, foundation grants, conference sponsorships, and many more. The technology and culture around giving are changing so quickly that funding strategies that were completely impractical three years ago can now fund a full-time activist or an entire non-profit with several paid employees. Conventional fundraising experts, raised on a diet of buying email lists and snail mail appeals, are hard-pressed to keep up with these massive changes. We recommend that diversity in tech activists learn fundraising techniques from each other in addition to learning established fundraising best practices. In many ways, diversity in tech activists are outstripping received fundraising wisdom.

We can’t imagine what diversity in tech activism will look like in another four years, but we’d love to see reliance on corporate donations fall back to simply being one of many options for activists to consider. We hope that people who have benefited from the technology industry continue to give back by supporting diversity in tech activism, by joining diversity activist communities and by donating to individuals and organizations working towards a diverse and equitable tech workforce.

[Disclosure: former Model View Culture editor Amelia Greenhall and Valerie Aurora, one of the authors of this article, both serve on the board of Double Union in a volunteer capacity.]

Creative Commons License
The Ada Initiative founders on funding activism for women in open source by the Ada Initiative is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Based on a work at https://adainitiative.org/2014/06/10/the-ada-initiative-founders-on-funding-activism-for-women-in-open-source-from-model-view-culture/.

Remembering Malcolm Tredinnick

I flew home from the US yesterday and when I arrived in Sydney I got a message from my husband saying that Malcolm Tredinnick had died. According to this piece by Simon Dulhunty, he was found on Monday to died at home in Sydney, possibly after a seizure, while I was at PyCon 2013.

Malcolm Tredinnick speaking to an audience
Malcolm Tredinnick speaking at DjangoCon 2008 (by Sebastian Hilling CC BY-NC)

I’ve known Malcolm slightly since my first linux.conf.au in Sydney 2001. In late 2004 I interviewed for a job at CommSecure (since closed) where he was then working, having been a lead developer of and continuing to maintain and develop a real-time data delivery system for the Hong Kong stock exchange. (The eventual end of that contract was the reason CommSecure later closed.) He was also my boss for about half of 2005 until I left to begin my PhD in early 2006.

I still caught up with him at technical events, the last long conversation I remember with him was at PyCon AU 2011 where my husband Andrew and I had a very Malcolm conversation with Malcolm, which roved over the paperwork hassles of having no fixed address (Malcolm travelled a lot and went through periods where he housesat or lived in serviced apartments for a while), the Australasian chess community, and some gentle mutual trolling between him and Andrew over narrative testing.

What I will remember most about Malcolm is that he was a teacher at heart. I never personally had this relationship with him, but I knew several people at CommSecure and elsewhere who Malcolm had tutored or mentored in programming, often over a very long period of time. Elsewhere I know he had taught mathematics (long before I knew him, he very nearly completed a PhD in mathematics when his area suddenly became fashionable and about 50 years of work was done in 6 months by incoming mathematicians) and chess. I will also remember his dry and sadonic approach to nearly everything (for a very recent example, Malcolm gives useful parenting advice), combined with “really, how hard could it be?” used both straightforwardly and distinctly otherwise. Goodbye Malcolm.

Update, funeral plans: Ray Loyzaga who was Malcolm’s close friend, and long-time founder-CEO of CommSecure, has announced that Malcolm’s funeral will be at 2:30pm Thursday April 4, at Camellia Chapel, Macquarie Park Cemetary, North Ryde, Sydney.

Other memorials:

Malcolm online:

Creative Commons License
Remembering Malcolm Tredinnick by Mary Gardiner is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Why my phone is silent during LCA talks

I don’t especially like Tasker’s interface, but setitng one’s phone to silent is nice enough to bust it out, so I thought I’d explain how I do this during linux.conf.au.

A bit of background: Tasker is an Android application (not free in either sense of the word) that does things to your phone when certain conditions (called contexts) are true. For example it could change the wallpaper (task) when you have unread text messages (context). I have, for example, Tasker tasks that turn my phone to silent between 10:30pm and 7:30am local time; and to run rsync backup (which copies the contents of my phone to my home server, ie backs it up) every time it is both on power and connected to my home wireless network.

Tasker somewhat trades between UI simplicity and power in favour of power (although even then I think there are better possible UIs for it). You can generally find specific apps that do individual Tasker-like things (for example, I would not be surprised if there was a ‘Silent at Night’ app), but Tasker lets you specify a wide variety of contexts and tasks.

First: the LCA calendar iCal is in my Google calendar, so it’s available to Tasker through its Calendar contexts. So that’s prior to setting this up.

The basic setup would be this:

  1. Go into Tasker.
  2. Add a Context (called eg ‘LCA activities’), select ‘State’, ‘App’, ‘Calendar Entry’.
  3. In Calendar Entry, go down to Calendar, press the search icon, select your LCA calendar.
  4. Press the tick.
  5. Now it will prompt you for the task, which is silencing your phone. Select ‘New Task’. Name the task (‘Silence’): it might be useful for other contexts!
  6. Press + to add an action. Select ‘Audio Settings’ and then ‘Silent Mode’. Turn ‘Mode’ to ‘On’. Leave ‘If’ alone. Press tick to approve the action and then tick to approve the task.

After this teeny (ahem) amount of work you now have a Tasker task that silences your phone during any event on the LCA calendar.

Fine print

My setup is a bit more complicated than this because I thought ‘wait, I want my phone to ring during meals’. This is a pain in the neck to do.

I added a second Context (long hold on the existing context), another Calendar Entry, also on the LCA calendar, but I also searched for location, selected ‘MCC Foyer’ (which is where the morning and afternoon teas are) and selected the Not tickbox, to make it a negative context. The total effect is that when there’s an event in the LCA calendar AND when there’s not an event in the LCA calendar that is in MCC Foyer, the task triggers. But that’s quite a bit nastier.

It can end up being easier to have a calendar that amounts to a ‘Do Not Disturb’ calendar, which isn’t ideal. Some people do something like “silence during anything in my work[/personal] calendar that’s marked busy”, etc etc, which would be longer lived than my LCA recipe. BUT at least my LCA recipe buys us silence for this conference!

Creative Commons License
Why my phone is silent during LCA talks by Mary Gardiner is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

How to do more writing, by someone who has never made any such resolution

Jonathan Lange asked on Google+ for ideas about keeping a “write more” resolution. I took over his comment section, and in the spirit of taking some of my own advice, here’s a synthesis of what I said there. Since not writing as much as I feel I ought is never a problem I’ve had, this advice is in the delightful genre of someone who has never needed the advice simply making some up and giving it to you anyway! Enjoy my half-baked ideas.

Re-use your writing. A lot of people I know spend an enormous amount of time on crafting lengthy, tightly argued emails. These count, and you can make them feel like they count by editing them for a sufficiently general audience and publishing them on your blog. This is one I actually do do: several of my Geek Feminism pieces originated in annoyed private emails I sent to close friends, or in IRC rants.

Accountability and incentives. This is like all of the “how to exercise more” advice: make it public, make it social. Make a public commitment, make a shared commitment with a fellow writer. Have a competition, one-sided or not (“I will write more blog entries than N will this year”?). Deadlines and someone who will be personally disappointed in you can be an excellent motivator (as long as it doesn’t tip you over into an avoidance cycle), and for writing there’s a whole profession which involves, in part, holding people to deadlines and being disappointed if they fail to meet them: so, find an editor.

Unfortunately, in order to get an editor one generally needs to pitch (leaving aside the whole question of finding an agent, especially when it comes to fiction), which means writing, so you will have to be motivated to do some writing before you can partially outsource your motivation to editors and deadlines.

Becoming a freelancer seems like a big effort in order to fulfil a personal goal to “write more”, but part of the attraction is that you can pitch to places that have a ready-made audience, which means that you have outsourced any implicit “write more in places people will read it and find it useful” goal; you don’t need to put an equal or greater amount of work into building an audience for your writing.

Specific goals. This assists with accountability. What does writing more mean? A certain wordcount? A certain number of blog entries? A certain number of pitches sent out? A certain number of pitches converted to published articles? All of these are more artificial but easier to keep accounts of than “write more”.

Spend money. Enrol in a course or similar. This adds deadlines too, typically.

Creative Commons License
How to do more writing, by someone who has never made any such resolution by Mary Gardiner is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Mourning the Squeezebox

Logitech has discontinued their Squeezebox line of wireless music players.

Background: the Squeezebox was a device originally by Slim Devices, later acquired by Logitech. The Squeezebox (SB) originally supported playing music which was streamed over your home over a custom protocol, it involved running a server process written in Perl on the machine which contained the music. For several years, there has also been a My Squeezebox service which streams music over the Internet. The server/My Squeezebox can in turn stream podcasts, radio stations and so on.

We bought our first Squeezebox in, I think, 2008, which drives some Yamaha reference monitors I’ve had since 2001 (and then spent 7 years searching for a half decent networked music playing solution in order to use them more than occasionally) and added a Squeezebox Boom, which is about the size of a classic micro hi-fi system and has built-in speakers, a year later. We’ve been using them ever since. Both were already discontinued models in favour of the SB Touch and SB Radio, but were receiving firmware updates and support. All support for the entire ecosystem is now being ended by Logitech, in favour of the Ultimate Ears (UE) brand, which so far contains one wireless music player, the UE Smart Radio.

Possible replacements:

The Logitech UE system. Pros: I believe it’s similar hardware, and the SBs have worked well for us. Cons: the UE line only contains one wireless player right now, the UE Smart Radio, and it does not support use of your own speakers. UE devices do not understand the SB protocol, so unless we junked our SB devices we’d need to run two server processes and would lose things like syncing all our players to play the same thing at the same time. Linux is no longer officially supported for running the server software. In addition, I haven’t got confirmation of this, but it seems it is impossible to use the UE Smart Radio without signing up for an online service, which raises the spectre of not being able to play my music when the ‘net is down, or possibly at some point in the future having the UE suddenly stop working forever, when that service is in turn discontinued.

The Sonos. Pros: I don’t follow the wireless music market closely, but I understand this is the brand that’s associated with quality music engineering. Technically, it can stream music from a SAMBA share as well as from the Internet. Cons: it too has made its deals with the we’re-watching-you devils: It will only play RadioTime’s approved podcasts, obviously there’s a workaround involving downloading to the SAMBA share we would use, but that’s still annoying. We again lose the house-wide syncing if we keep our (not cheap, and still functional) SB devices in the house. The podcast thing suggests that the Sonos may also be vulnerable to “do the players still work if Sonos goes away?” concern, but again, I don’t know.

The Roku Soundbridge. Pros: I believe it understands the SB protocol, which means it would be the best fit for our existing music network. Cons: there only seems to be one model in its lineup too, a speakerless one. I’m not intending to buy separate speakers for every room we want music in. Otherwise this is probably the most seamless replacement for an SB.

Bluetooth speakers. Or I guess a receiver, in the case of my reference monitor. Pros: a bigger market to buy from, way less vendor-dependent (even if documented) custom streaming protocols to deal with. Cons: Bluetooth support, or alleged support, in car stereos has not endeared this solution to me, to me Bluetooth means “does not work-tooth”. I have no idea how to achieve the multiple rooms with the same music effect either. And it then leaves the problem of queueing up the music on the headless server. I spent several years seeing how bad all MPD clients could be, I’m not keen to go back to that. In addition, we have enough trouble getting 802.11 signals to span our house, never mind Bluetooth.

I think at this stage, given that luckily the SBs are not going to stop working unless the hardware fails or the software stops running on later versions of Linux (both are possible, of course), that what we’ll probably do is try and snag a SB Radio or two before they get too hard to get hold of, stick with them and our existing devices until the bitter end, and then hope that Bluetooth or some later protocol and its Linux support are up to what we want to do. Since we aren’t likely to subscribe to streaming services in the very near future, this is viable.

If Logitech eventually puts out firmware support for the UE protocol onto older SB hardware, as Gadget Guy suggests they will (but there’s no sign of it on the Logitech forums), it will be more tempting to move to UE than otherwise, at least if the server is known to work on Linux. Otherwise, an additional strike against Logitech products is that they’ve substantially damaged my faith in their longevity. Quoth Matthew Moskovciak on CNET It may be wise to see how Logitech handles its Squeezebox customers before committing to the new UE ecosystem. There’s probably 12 to 24 months of endgame in that.

Update: Sue Chastain has more info, including an apparent confirmation that the UE Smart Radio will indeed not work in the absence of an Internet connection, even when playing locally stored music.

Update January 2016: we moved to Chromecast Audio. No more hardware ecosystem lock-in for us!

Creative Commons License
Mourning the Squeezebox by Mary Gardiner is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.