In the past two decades, the open source community has evolved from an
obscure grass-roots movement of wild-eyed crusaders, indigent grad
students, and spare-time hobbyists to an unprecedented worldwide
collaboration of full-time professionals and extraordinarily committed
volunteers. We pride ourselves on our openness to new contributors,
from any country or social background, and most often describe the
power structure of open source projects as a meritocracy. Many of us
believe that open source is inherently progressive - a way to level
the playing field that operates across all social categories and class
And yet, here it is, the year 2010,
female friends and I are still being insulted, harassed, and groped at
at open source conferences. Some people argue that if women
really want to be involved in open source (or computing, or corporate
management, etc.), they will put up with being stalked, leered at, and
physically assaulted at conferences. But many of us argue instead
that putting up extra barriers to the participation of women will only
harm the open source community. We want more people in open source,
In this article, we will first explore the current state of harassment
in open source through interviews with ten women (including myself)
about their experiences at open source conferences. Then we will
describe some concrete, simple actions anyone can take to help reduce
harassment for everyone, not just women (who have no monopoly on being
the target of harassment). In particular, we'll discuss the recently
anti-harassment policy for open source conferences - basically,
HOWTO Not Be A Jerk At A Conference.
I interviewed by email nine women about their experiences at open
source conferences. Harassment can and does happen to anyone of any
gender identity or persuasion (just ask anyone who has been to middle
school), but I know enough to write about only two kinds of
harassment: the kind you get for being female, and the kind you get
for using Emacs. I strongly encourage other
people to write about their experiences being harassed at conferences,
as harassment is an important problem no matter who it happens to.
The women I interviewed are: Cat
Allman, FOSS community organizer at Google and event professional,
Donna Benjamin, executive
director of Creative Contingencies, Beth Lynn Eicher,
an organizer of Ohio LinuxFest,
Selena Deckelmann, major contributor
to PostgreSQL and founder of
Open Source Bridge,
Mackenzie Morgan, Ubuntu developer,
Deb Nicholson, an
of LibrePlanet and
the FSF Women's Caucus,
Noirin Shirley, Executive VP
at Apache Software Foundation,
Sarah "Sez" Smith, and one
anonymous respondent. I
interviewed myself for a tenth
woman. Nine of us have been harassed at one or more conferences. Of
the nine of us who have served as conference organizers, eight of us
have dealt with at least one incident of harassment at a conference we
First, I asked each person about their first open source conference:
Which one was it, what year, and what do you remember the most?
Cat Allman recalls the atmosphere at the 1998 forerunner
of OSCON: It was "Joyous
pandemonium: it was a gathering of the tribes, a religious festival,
the morning of the first day of a Children's Crusade; so much passion
and belief in one room." Donna Benjamin went
to LCA 2006 "Intending to stay
just for the miniconfs, but having such an awesome time, meeting
awesome people and changing my flights to stay for the whole week."
Sarah Smith loved the "grass roots feel"
of LCA 2002. Selena Deckelmann
says of LISA 1997: "I
felt energized and enjoyed meeting new people - students and
professionals - and talking about all the free software we all used to
do our work."
My first open source conference was Ottawa Linux Symposium 2002. I
was surprised by how nice the other kernel developers were in person.
People I knew as unholy terrors on the mailing lists smiled and shook
my hand and said, "How nice to finally meet you in person!" I ended
up inviting ten or so people back to my hotel room to play
the TCP/IP Drinking
Game, including (to my delighted newbie surprise) Alan Cox and
Next, I asked about a time each person felt uncomfortable at a
conference. Unfortunately, this was an easy question to answer for
most. Anonymous says:
One event a group of men put print-outs of
Hans Reiser on sticks and carried them around. They approached women
(and possibly men) to tell us that every time we use ext3, Reiser will
kill another woman. Later someone was caught taking up-skirt photos of
my friend's partner.
Mackenzie Morgan says,
A presenter had
slide followed by a slide of bikini-clad women holding laptops, which
he said was just to get people to pay attention. I'm not sure if we
were supposed to pay attention to the women or to what he was saying
Selena Deckelmann says:
I give talks, organize and spend a lot of
time in conference booths, I frequently have to deal with conference
attendees ignoring me and asking questions of male colleagues standing
next to me because they think that I am non-technical.
as for many women, it's a double-bind: "I have to be very aggressive
when initiating conversation to get people to talk with me about
technical subjects," but then her behavior is "incorrectly
as flirting." Beth Lynn had the same experience: "I was at a
conference where a man mistook my friendliness and technical interest
as sexual attraction to him." Mackenzie says, "At one
was implied that another engineer was only agreeing with me on a
technical matter because I would pay him back with a sexual favor
Cat Allman says that computer conferences have come a long way in the
last 25 years - but that they still have a long way to go. She says
of a conference in the mid-1980s: "Male attendees would walk up to you
- even if you were in a group - and ask 'How much for a (sex act)?'
You tried hard not get in an elevator in the convention center alone."
Now, women hired to wear company polo shirts and g-strings (true
story) are rare outside of Las Vegas, but the problem of a
I go to technical conferences for business,
technical content and fellowship, not to hook up or engage in
voyeurism. If I go to CES in Vegas I go with the understanding that
porn is part of the business of that conference, but I find overt
sexual behaviors unexpected and off-topic at FOSS conferences.
Nicholson says the days of "eye candy" are far from over. She says of
an event held within the last two years, "When strippers were hired to
mix with people at the Saturday night event everyone attended, that
made everyone uncomfortable."
Three of the ten women reported being physically assaulted at a
conference. Mackenzie says, "I was grabbed from behind and kissed by
a stranger without permission." Later she found out that this person
assaulted another woman at the conference. Noirin Shirley says after
a man grabbed and kissed her at a conference after-party, she told him
she wasn't interested, and "He responded by jamming his hand into my
underwear and fumbling." At
the Linux Storage and
Filesystems Workshop 2007, I organized a group outing to a pub,
only to have one of the invited workshop attendees grab my ass while I
was having a completely normal conversation. (I told him to never
touch me again, warned my friends about him, and refused to speak to
Next, I asked about how people decide which conferences to attend.
Besides the obvious factors - time, location, travel funding, speaker
status, who is attending - reputation of conference organizers and
attendee behavior came out as a major factor.
Beth Lynn says, "If the conference has a reputation for encouraging
unprofessional behaviour such as a sexual environment, I will not
go. For this reason I am not attending Penguicon any more." Cat says,
"If I think an event organizer turns a blind eye to questionable
behavior I'll pass on the event." Noirin Shirley says, "It's
word-of-mouth and knowing some of the organizers, knowing that they're
not going to put on an event where bad behaviour is tolerated."
I base my decision on three major elements: the reputation of the
conference organizers, the word-of-mouth from my friends, and my past
experience at that conference (if any). For example, anything run by
the Linux Foundation will be extremely professional, respectful of
women, and rank high on the getting-stuff-done factor.
I only stopped attending one open source conference altogether
because of consistently bad behavior of both attendees and the
organizers: the Ottawa Linux Symposium. This was a difficult decision
for me because, at the time, attending OLS was almost a requirement
for any serious Linux kernel developer, since that's where a lot of
the face-to-face design work and discussion got done. But every year
I attended, I was insulted, lewdly propositioned, or groped by several
people, by everyone from newbies to top Linux kernel developers. This
happened even though I was a speaker, BOF organizer, or program
committee member for five years. The organizers appeared to condone the
behavior by doing things like giving a wink-wink nudge-nudge review of
conference shenanigans before the keynote, and "playfully" nagging
attendees not to bring girlfriends or women they picked up on the
street to the conference parties. (Message: OLS is for men, women go
home.) I complained to the conference organizers but got no response.
After OLS 2006, I decided that I cared about being treated
respectfully more than I cared about advancing my career, and stopped
attending OLS. Luckily for me, the Linux Plumbers Conference started soon
after, and I volunteered to help get Plumbers off the ground, in large
part because the organizers were clearly committed to creating a
professional, welcoming, get-things-done atmosphere. To be fair, it's
been a few years since these incidents, and the OLS organizers have
gone their separate ways, so I wouldn't be surprised if they have had
a change of heart about what makes a good conference.
Changing the atmosphere
So how we do we go about changing the culture of open source
conferences so that we don't chase off the very people we want to
attract, both women and men? Judging from the past ten years of my
experience, harassment at open source conferences is not going to stop
all by itself. We have to take action.
A good first step is for conferences and communities to adopt and
enforce explicit policies or codes of conduct that spell out what kind
of behavior won't be tolerated and what response it will get. Much in
the way that people don't stop speeding unless they get speeding
tickets, or that murder is totally unacceptable to most people but
laws against it still exist, harassment at conferences may seem
obviously wrong, but stopping it will require written rules and
To get things started, I helped write a customizable,
anti-harassment policy for open source conferences. For online
the Ubuntu code of
conduct is a good place to start.
If you want to do something personally to help stop harassment, you
have a few options. You can email the organizers of conferences you
like to attend asking if they have a policy for dealing with
harassment, and suggesting this one as an
can find a list of conferences and their contact email addresses in
this blog post about the policy.) If you are a conference
organizer, you can skip the middleman and adopt the policy yourself.
If you have the Internet, you can write a blog entry and post on
your favorite short-message site about the policy. And, finally, if you
happening or hear people bragging about it, you can speak up and stop
Donna Benjamin says, "We want harassment not to happen in the first
place, because dealing with it is so deeply unpleasant for all
concerned. But with silence and inaction, women just stop coming to
events, and harassers keep harassing." What Donna is suggesting is
something we can all work towards: a time when polices like this are
no longer needed. I'm going to work for that time. Will you join me?
Comments (311 posted)
The recent uproar in the X.org
community—due to a forged commit to the radeonhd tree—seems
to have largely played itself out. The perpetrators stepped forward,
admitted to what they had done, and voluntarily removed their root
privileges on the freedesktop.org machines. But some other things came out
of the "discussion", including the need for better, or at least different,
mechanisms for handling problems like the repository vandalism. There is
a perception that it is difficult for
"outsiders" to get their code upstream into X.org.
The flash point was a commit made to a branch of the radeonhd tree on
November 2, which
was noticed by Luc Verhaegen
on November 23. The commit itself was pretty obviously bogus, but it
caused some consternation about the integrity of the X.org
repositories—at least until Adam Jackson took responsibility and
disabled his root access on the freedesktop.org machines that house the
repositories. Daniel Stone also noted his
involvement and disabled his root access as well.
While there are different interpretations, the commit seems to pretty
clearly be a poorly thought-out prank. Both Jackson and Stone have called
it "indefensible", and it is. They also stated that it was an
isolated incident—one that can't be repeated now that their root
access is gone—so the belief is that
the repository as a whole is not suspect. That would seem to close the
matter, but there are some other aspects to consider.
There was some unhappiness about how Verhaegen notified the
developers about the commit, with Dave Airlie complaining that the email was sent to "2 mailing lists consisting of 2-300 people who could do
nothing about it". There were suggestions that perhaps alerting the
freedesktop.org administrators privately might have been better. In this
case, though, two of those administrators were the folks who made the bogus
commit, so that may not have been the right course of action as Verhaegen
Eirik Byrkjeflot Anonsen looks at the bigger picture, noting that he is "not
particularly worried about this incident, as anyone with true 'evil
intent' would not have advertised their actions like this". But he
is concerned about "evil commits" and how well the project can detect them
and defend against
them. In addition, he would like to see some kind of policy come about to
make it clear what should be done when the project has been breached in
When incidents are detected (break-ins, abuse of admin rights, evil
commits, what have you...), what processes are in place to deal with
this? What information is published, and in which fora, and when?
What investigations are performed, and what actions are carried out
as a result of such investigations? Where are these processes
Several people mentioned Git as providing a means to detect repository
tampering. Peter Hutterer pointed to
"active maintainership" as a safeguard as well. When a
maintainer tries to push code to a repository or branch that they maintain,
it should be fairly obvious that something has gone awry when that fails
because their repository is out of sync. Airlie concurred: "git + humans using the repos
should catch most things".
It was generally agreed that there are no real policies governing how to
handle incidents like this, though, and some effort may be made in that
area. Airlie would like to see an "escalation procedures in place that
are less public", but Verhaegen disagrees: "more visibility is what is
needed, not less!". Most seem to agree with Verhaegen's actions in
posting about the bogus commit to the list, though the thread quickly
degenerated into what Hutterer called
"the usual fights"—it is clear that there is some bad blood
between Verhaegen and some other X developers from previous disagreements that
spilled over into the thread.
Another issue that came up was Verhaegen's contention that hardware makers
and others outside of the core X development community find it somewhere
between hard and impossible to get their changes upstream:
[...] i was at a hardware vendor two
weeks ago, and i had to listen to their main engineer calling
contributing directly to X a waste of time, and that they rather fix
the versions their customers ship, and hand the patches to their
customers directly, never bothering to submit to X directly. They rather
implement stuff, hand it to their customers, as they know that their
code will not be accepted, and that it will be reinvented a few weeks or
months later. Then they go and use the reimplementation afterwards, and
save a lot of manpower and frustration in the process.
Matt Dew moved that particular statement to a new thread, presumably to disentangle it from
the arguments raging in the original, and asked:
Are there more companies that feel it's
too-hard/not-worth-while for companies to contribute stuff to Xorg?
I know the linux kernel has this issue, but is X's contribution
Verhaegen didn't think it likely that
companies would respond with their reasons for not contributing, but that
didn't stop others from considering the issue. Matthew Garrett sees it, at least partially, as a consequence
of the modular development model. Hardware vendors can keep their drivers
out-of-tree, but those drivers will still work with the X server and the
rest of X.org:
The unsurprising outcome is that drivers in X.org only tend to be
regularly updated if they have someone who can work with the X.org
community. If they don't, it's far easier to keep the code in their own
tree. Working out ways to improve this situation would seem worthwhile,
but simply being more enthusiastic about accepting contributions doesn't
seem like a great plan (compare the code quality of nouveau, intel and
radeon to that of some of the out of tree drivers, for instance)
But there is more to it than that, according to
Alan Cox. X development has been "rather closed" at
times, which has served to reduce the number of developers, but it is also
It consists (for much of the relevant stuff) of a very small number of
very large and very complex drivers for insanely complex bits of
hardware. That doesn't have the same scaling for newbies the kernel does
where there are hundreds of random USB widgets you never knew you needed
that make good starting points.
Maintaining the old Voodoo2 driver was a bit like minor kernel hacking. I
can't even imagine how KeithP [Packard] fits everything he needs to know for the
intel drivers into his head.
Garrett also noted a lack of documentation
that creates a fairly large hurdle: "I found X development far more intimidating than getting
involved in the kernel". Alan Coopersmith agreed, noting that
documentation is an area that is currently being addressed through several
different efforts, including setting aside "a few days
before the 2011 X Developer Conference for a 'book sprint' to produce
documentation for developers". While there is a fair amount of
information available in the X.org 1.9 tree, it still needs work in
bringing it up to date, which is something of a never-ending battle.
While projects are loath to air their dirty laundry in public—that
was certainly part of the complaint about Verhaegen's email—there are
lessons in this incident for other projects. X.org is hardly the only
development community with administrators that occasionally show a lack of
good judgement. Nor is it the only community with a perceived, or actual,
barrier to participation. The embarassment suffered by the project may
well be overshadowed by the ability of other projects to learn from it.
That is one of the advantages of an open development model.
Comments (none posted)
Here is LWN's thirteenth annual timeline of significant events in the Linux
and free software world for the year.
In what is becoming a fairly standard pattern, 2010 brought various patent
lawsuits, company acquisitions, new initiatives, and new projects. It also
brought new releases of the software that we use on a daily basis. There
were licensing squabbles and development direction
disagreements—all things that we have come to expect from the Linux
and free software world over a year's time. Also as expected, though, were
the improvements in the kernel, applications, distributions, and so on that
make up that world. Linux and free software just keep chugging along, and
we are very happy to be able to keep on reporting about it.
Like last year, we will be breaking this up into quarters, and this is our
report on January-March 2010. Over the next month or so, we will be
putting out timelines of the other three quarters of the year.
This is version 0.8 of the 2010 timeline. There are almost certainly some
errors or omissions; if you find any, please send them to firstname.lastname@example.org.
LWN subscribers have paid for the development of this timeline, along with
previous timelines and the weekly editions. If you like what you see here,
or elsewhere on the site, please consider subscribing to LWN.
For those with a nostalgic bent, our timeline index page has links
to the previous twelve timelines and some other retrospective articles
going all the way back to 1998.
SpamAssassin suffers from a Y2K10 problem. It increased the spam
scores of email with 2010 dates, which suddenly became much more prevalent
(SA developer blog
post, LWN coverage).
Application developers want systems that work the way the man pages
say they work. They do not want additional or conditional restrictions.
How many commercial applications start their installation instructions
with "disable SELinux"? (Hint: lots)
-- Casey Schaufler
Ted Ts'o leaves the Linux Foundation for Google. His two-year
fellowship as LF CTO, on-loan from IBM, was completed in December (news
The Linux laptop orchestra (L2Ork) debuts (news
linux.conf.au 2010 is held in Wellington, New Zealand. This is the
tenth linux.conf.au (under
that name, anyway), and the second held in New Zealand. LWN had extensive
coverage from the conference (Overview, Community destruction, Package copyrights and license
GCC static analysis, HackAbility, and Graphics drivers).
Canonical announces a switch to Yahoo as the default search provider
for Ubuntu, starting with Lucid Lynx (10.04). This change is reverted in
April and Lucid ships with a Google default (announcement, reversion).
SpamAssassin 3.3.0 is released. This is the first major release of
filtering solution since 2007 (announcement).
Ubuntu has had a lot of success by building an entire movement around one simple message, as articulated in Ubuntu's Famous Bug #1: "Microsoft has a majority market share in the new desktop PC marketplace.
This is a bug, which Ubuntu is designed to fix." That's a great big
inspirational message, and their tenacity in pursuing the vision implicit
in that message has won them many fans. But it's also led them into
compromises that are, I believe, ultimately bad for free software.
-- Greg DeKoenigsberg
OpenStreetMap data is used in Haiti earthquake relief efforts (Michael Tiemann's blog posting).
Firefox 3.6 is released (announcement).
Red Hat launches opensource.com to explore applying open source
principles to other fields (About
The European Commission clears Oracle's purchase of Sun, paving the
way for the acquisition to close (announcement).
Mozilla releases Mobile Firefox (aka "Fennec") for Maemo (announcement).
If there's truth to the allegation, here, then it should be possible to produce
a cert. It should be possible to produce a certificate, signed by CNNIC, which
impersonates a site known to have some other issuer. A live MitM attack, a
paypal cert issued by CNNIC for example.
-- Mozilla's Johnathan
Nightingale on the CNNIC uproar
Symbian opens up its code, though it is a short-lived open source
"project" as its web sites will close in December (announcement,
site shutdown announcement -- these links may not function after
Facebook releases its HipHop PHP translator, which translates PHP to
highly optimized C++ (announcement).
If you spend all day with your co-workers, socialize only with your
co-workers, and then come home and eat dinner with — you guessed it — your
co-worker, you might go several years without hearing the words, "Run
Solaris on my desktop? Are you f—ing kidding me?
Matt Asay becomes Canonical Chief Operating Officer (announcement).
FOSDEM '10 held in Brussels, Belgium (LWN coverage).
Maemo and Moblin merge to become MeeGo. Nokia and Intel merge their
mobile Linux initiatives under Linux Foundation stewardship (LWN article).
Fedora implements the "No Frozen Rawhide" plan, which will
stop blocking progress of rawhide in preparation for releases (proposal,
OpenOffice.org 3.2 is released (announcement).
Forks aren't always great, but I honestly don't think of forks as being a bad thing and I've tried to instill in Google the same ethic.
In fact, I'd say that the various forks of Linux, and how the Linux
maintainers have roped back in some forks (and let others go on their merry
way) is what made the Linux kernel great and not just a BSD rehash.
Southern California Linux Expo (SCALE) 8x is held in Los Angeles,
with several LWN authors (and an editor) in attendance. (Moving the needle, Legal issues, Codeplex foundation and open
vs. non-relational, Color
kernel development, Gnash, and 10,000,001 penguins).
LWN editor Forrest Cook departs (announcement).
Linux 2.6.33 is released (announcement, KernelNewbies summary).
The Apache web server turns 15 (announcement).
The Java Model Railroad Interface (JMRI) case (aka Jacobsen vs. Katzer)
is settled on terms
favorable for free software (Andy
Updegrove analysis, previous LWN coverage [1, 2]).
The Ubuntu One Music Store added for Ubuntu 10.04 as a way for
Ubuntu users to buy MP3s while supporting Canonical (LWN coverage).
yikes, that macro should be killed with a stick before it becomes
self-aware and starts breeding.
Apple sues HTC for patent infringement targeting Android (LWN article).
Elliott Associates makes an unsolicited offer to buy Novell, which
starts the process that led to an accepted bid by Attachmate (with Elliott's
assistance) in November (press
Google is forking existing FOSS code bits for Chromium like a rabbit makes
babies: frequently, and usually, without much thought. Rather than leverage
the existing APIs from upstream projects like icu, libjingle, and sqlite
(just to name a few), they simply fork a point in time of that code and
hack their API to shreds for chromium to use.
"spot" Callaway on Chromium's bundled libraries
Ubuntu updates its branding, moving from its brown theme to a
purple-ish look, with updates to its logos as well (announcement). The branding change
also impacts the location of window buttons in the default GNOME interface,
which sets off something of a firestorm (LWN article).
Mozilla starts the process of updating the Mozilla Public License
Open Clip Art Library releases version 2.0 of its collection of SVG
clip art graphics (announcement).
Sony removes "install other OS" support from Playstation 3 firmware
"upgrade", so users can no longer run Linux on PS3s. (LWN article).
But having used both Ubuntu Linux and Mac OS X, as well as Windows, I just
don't think using Linux is tantamount to donning some hair-shirt to pay
penance in the name of freedom.
Novell wins ownership of the Unix copyrights, in yet another defeat
for SCO in its attack on Linux (LWN article).
PHP 6 development process restarts after several attempts to
complete the release, which was derailed mostly by Unicode issues (LWN coverage).
GNOME 2.30 is released (announcement).
The first MeeGo code release is made (announcement).
Comments (none posted)
Page editor: Jonathan Corbet
Next page: Security>>