LWN Weekly Edition
Front pageSecurity
Kernel development
Distributions
Development
Announcements
->One big page
This page
Previous weekFollowing week
Recent Features
| |||||||||||||
Leading itemsThe dark side of open source conferencesIn the past two decades, the open source community has evolved from an obscure grass-roots movement of wild-eyed crusaders, indigent grad students, and spare-time hobbyists to an unprecedented worldwide collaboration of full-time professionals and extraordinarily committed volunteers. We pride ourselves on our openness to new contributors, from any country or social background, and most often describe the power structure of open source projects as a meritocracy. Many of us believe that open source is inherently progressive - a way to level the playing field that operates across all social categories and class boundaries.And yet, here it is, the year 2010, and my female friends and I are still being insulted, harassed, and groped at at open source conferences. Some people argue that if women really want to be involved in open source (or computing, or corporate management, etc.), they will put up with being stalked, leered at, and physically assaulted at conferences. But many of us argue instead that putting up extra barriers to the participation of women will only harm the open source community. We want more people in open source, not fewer. In this article, we will first explore the current state of harassment in open source through interviews with ten women (including myself) about their experiences at open source conferences. Then we will describe some concrete, simple actions anyone can take to help reduce harassment for everyone, not just women (who have no monopoly on being the target of harassment). In particular, we'll discuss the recently released generic anti-harassment policy for open source conferences - basically, HOWTO Not Be A Jerk At A Conference.
InterviewsI interviewed by email nine women about their experiences at open source conferences. Harassment can and does happen to anyone of any gender identity or persuasion (just ask anyone who has been to middle school), but I know enough to write about only two kinds of harassment: the kind you get for being female, and the kind you get for using Emacs. I strongly encourage other people to write about their experiences being harassed at conferences, as harassment is an important problem no matter who it happens to.The women I interviewed are: Cat Allman, FOSS community organizer at Google and event professional, Donna Benjamin, executive director of Creative Contingencies, Beth Lynn Eicher, an organizer of Ohio LinuxFest, Selena Deckelmann, major contributor to PostgreSQL and founder of Open Source Bridge, Mackenzie Morgan, Ubuntu developer, Deb Nicholson, an organizer of LibrePlanet and the FSF Women's Caucus, Noirin Shirley, Executive VP at Apache Software Foundation, Sarah "Sez" Smith, and one anonymous respondent. I interviewed myself for a tenth woman. Nine of us have been harassed at one or more conferences. Of the nine of us who have served as conference organizers, eight of us have dealt with at least one incident of harassment at a conference we were running. First, I asked each person about their first open source conference: Which one was it, what year, and what do you remember the most? Cat Allman recalls the atmosphere at the 1998 forerunner of OSCON: It was "Joyous pandemonium: it was a gathering of the tribes, a religious festival, the morning of the first day of a Children's Crusade; so much passion and belief in one room." Donna Benjamin went to LCA 2006 "Intending to stay just for the miniconfs, but having such an awesome time, meeting awesome people and changing my flights to stay for the whole week." Sarah Smith loved the "grass roots feel" of LCA 2002. Selena Deckelmann says of LISA 1997: "I felt energized and enjoyed meeting new people - students and professionals - and talking about all the free software we all used to do our work." My first open source conference was Ottawa Linux Symposium 2002. I was surprised by how nice the other kernel developers were in person. People I knew as unholy terrors on the mailing lists smiled and shook my hand and said, "How nice to finally meet you in person!" I ended up inviting ten or so people back to my hotel room to play the TCP/IP Drinking Game, including (to my delighted newbie surprise) Alan Cox and Rusty Russell. Next, I asked about a time each person felt uncomfortable at a conference. Unfortunately, this was an easy question to answer for most. Anonymous says:
One event a group of men put print-outs of
Hans Reiser on sticks and carried them around. They approached women
(and possibly men) to tell us that every time we use ext3, Reiser will
kill another woman. Later someone was caught taking up-skirt photos of
my friend's partner.
Mackenzie Morgan says,
A presenter had
a title
slide followed by a slide of bikini-clad women holding laptops, which
he said was just to get people to pay attention. I'm not sure if we
were supposed to pay attention to the women or to what he was saying
though.
Selena Deckelmann says:
I give talks, organize and spend a lot of
time in conference booths, I frequently have to deal with conference
attendees ignoring me and asking questions of male colleagues standing
next to me because they think that I am non-technical.
For Selena, as for many women, it's a double-bind: "I have to be very aggressive when initiating conversation to get people to talk with me about technical subjects," but then her behavior is "incorrectly interpreted as flirting." Beth Lynn had the same experience: "I was at a conference where a man mistook my friendliness and technical interest as sexual attraction to him." Mackenzie says, "At one conference, it was implied that another engineer was only agreeing with me on a technical matter because I would pay him back with a sexual favor later." Cat Allman says that computer conferences have come a long way in the last 25 years - but that they still have a long way to go. She says of a conference in the mid-1980s: "Male attendees would walk up to you - even if you were in a group - and ask 'How much for a (sex act)?' You tried hard not get in an elevator in the convention center alone." Now, women hired to wear company polo shirts and g-strings (true story) are rare outside of Las Vegas, but the problem of a sexualized environment remains:
I go to technical conferences for business,
technical content and fellowship, not to hook up or engage in
voyeurism. If I go to CES in Vegas I go with the understanding that
porn is part of the business of that conference, but I find overt
sexual behaviors unexpected and off-topic at FOSS conferences.
Deb Nicholson says the days of "eye candy" are far from over. She says of an event held within the last two years, "When strippers were hired to mix with people at the Saturday night event everyone attended, that made everyone uncomfortable." Three of the ten women reported being physically assaulted at a conference. Mackenzie says, "I was grabbed from behind and kissed by a stranger without permission." Later she found out that this person assaulted another woman at the conference. Noirin Shirley says after a man grabbed and kissed her at a conference after-party, she told him she wasn't interested, and "He responded by jamming his hand into my underwear and fumbling." At the Linux Storage and Filesystems Workshop 2007, I organized a group outing to a pub, only to have one of the invited workshop attendees grab my ass while I was having a completely normal conversation. (I told him to never touch me again, warned my friends about him, and refused to speak to him again.) Next, I asked about how people decide which conferences to attend. Besides the obvious factors - time, location, travel funding, speaker status, who is attending - reputation of conference organizers and attendee behavior came out as a major factor. Beth Lynn says, "If the conference has a reputation for encouraging unprofessional behaviour such as a sexual environment, I will not go. For this reason I am not attending Penguicon any more." Cat says, "If I think an event organizer turns a blind eye to questionable behavior I'll pass on the event." Noirin Shirley says, "It's word-of-mouth and knowing some of the organizers, knowing that they're not going to put on an event where bad behaviour is tolerated." I base my decision on three major elements: the reputation of the conference organizers, the word-of-mouth from my friends, and my past experience at that conference (if any). For example, anything run by the Linux Foundation will be extremely professional, respectful of women, and rank high on the getting-stuff-done factor. I only stopped attending one open source conference altogether because of consistently bad behavior of both attendees and the organizers: the Ottawa Linux Symposium. This was a difficult decision for me because, at the time, attending OLS was almost a requirement for any serious Linux kernel developer, since that's where a lot of the face-to-face design work and discussion got done. But every year I attended, I was insulted, lewdly propositioned, or groped by several people, by everyone from newbies to top Linux kernel developers. This happened even though I was a speaker, BOF organizer, or program committee member for five years. The organizers appeared to condone the behavior by doing things like giving a wink-wink nudge-nudge review of conference shenanigans before the keynote, and "playfully" nagging attendees not to bring girlfriends or women they picked up on the street to the conference parties. (Message: OLS is for men, women go home.) I complained to the conference organizers but got no response. After OLS 2006, I decided that I cared about being treated respectfully more than I cared about advancing my career, and stopped attending OLS. Luckily for me, the Linux Plumbers Conference started soon after, and I volunteered to help get Plumbers off the ground, in large part because the organizers were clearly committed to creating a professional, welcoming, get-things-done atmosphere. To be fair, it's been a few years since these incidents, and the OLS organizers have gone their separate ways, so I wouldn't be surprised if they have had a change of heart about what makes a good conference.
Changing the atmosphereSo how we do we go about changing the culture of open source conferences so that we don't chase off the very people we want to attract, both women and men? Judging from the past ten years of my experience, harassment at open source conferences is not going to stop all by itself. We have to take action.A good first step is for conferences and communities to adopt and enforce explicit policies or codes of conduct that spell out what kind of behavior won't be tolerated and what response it will get. Much in the way that people don't stop speeding unless they get speeding tickets, or that murder is totally unacceptable to most people but laws against it still exist, harassment at conferences may seem obviously wrong, but stopping it will require written rules and enforceable penalties. To get things started, I helped write a customizable, general-purpose anti-harassment policy for open source conferences. For online communities, the Ubuntu code of conduct is a good place to start. If you want to do something personally to help stop harassment, you have a few options. You can email the organizers of conferences you like to attend asking if they have a policy for dealing with harassment, and suggesting this one as an example. (You can find a list of conferences and their contact email addresses in this blog post about the policy.) If you are a conference organizer, you can skip the middleman and adopt the policy yourself. If you have the Internet, you can write a blog entry and post on your favorite short-message site about the policy. And, finally, if you see harassment happening or hear people bragging about it, you can speak up and stop it yourself. Donna Benjamin says, "We want harassment not to happen in the first place, because dealing with it is so deeply unpleasant for all concerned. But with silence and inaction, women just stop coming to events, and harassers keep harassing." What Donna is suggesting is something we can all work towards: a time when polices like this are no longer needed. I'm going to work for that time. Will you join me?
Lessons from a forged commitThe recent uproar in the X.org community—due to a forged commit to the radeonhd tree—seems to have largely played itself out. The perpetrators stepped forward, admitted to what they had done, and voluntarily removed their root privileges on the freedesktop.org machines. But some other things came out of the "discussion", including the need for better, or at least different, mechanisms for handling problems like the repository vandalism. There is also a perception that it is difficult for "outsiders" to get their code upstream into X.org. The flash point was a commit made to a branch of the radeonhd tree on November 2, which was noticed by Luc Verhaegen on November 23. The commit itself was pretty obviously bogus, but it caused some consternation about the integrity of the X.org repositories—at least until Adam Jackson took responsibility and disabled his root access on the freedesktop.org machines that house the repositories. Daniel Stone also noted his involvement and disabled his root access as well. While there are different interpretations, the commit seems to pretty clearly be a poorly thought-out prank. Both Jackson and Stone have called it "indefensible", and it is. They also stated that it was an isolated incident—one that can't be repeated now that their root access is gone—so the belief is that the repository as a whole is not suspect. That would seem to close the matter, but there are some other aspects to consider. There was some unhappiness about how Verhaegen notified the developers about the commit, with Dave Airlie complaining that the email was sent to "2 mailing lists consisting of 2-300 people who could do nothing about it". There were suggestions that perhaps alerting the freedesktop.org administrators privately might have been better. In this case, though, two of those administrators were the folks who made the bogus commit, so that may not have been the right course of action as Verhaegen points out. Eirik Byrkjeflot Anonsen looks at the bigger picture, noting that he is "not particularly worried about this incident, as anyone with true 'evil intent' would not have advertised their actions like this". But he is concerned about "evil commits" and how well the project can detect them and defend against them. In addition, he would like to see some kind of policy come about to make it clear what should be done when the project has been breached in some way:
When incidents are detected (break-ins, abuse of admin rights, evil
commits, what have you...), what processes are in place to deal with
this? What information is published, and in which fora, and when?
What investigations are performed, and what actions are carried out
as a result of such investigations? Where are these processes
documented?
Several people mentioned Git as providing a means to detect repository tampering. Peter Hutterer pointed to "active maintainership" as a safeguard as well. When a maintainer tries to push code to a repository or branch that they maintain, it should be fairly obvious that something has gone awry when that fails because their repository is out of sync. Airlie concurred: "git + humans using the repos should catch most things". It was generally agreed that there are no real policies governing how to handle incidents like this, though, and some effort may be made in that area. Airlie would like to see an "escalation procedures in place that are less public", but Verhaegen disagrees: "more visibility is what is needed, not less!". Most seem to agree with Verhaegen's actions in posting about the bogus commit to the list, though the thread quickly degenerated into what Hutterer called "the usual fights"—it is clear that there is some bad blood between Verhaegen and some other X developers from previous disagreements that spilled over into the thread. Another issue that came up was Verhaegen's contention that hardware makers and others outside of the core X development community find it somewhere between hard and impossible to get their changes upstream:
[...] i was at a hardware vendor two
weeks ago, and i had to listen to their main engineer calling
contributing directly to X a waste of time, and that they rather fix
the versions their customers ship, and hand the patches to their
customers directly, never bothering to submit to X directly. They rather
implement stuff, hand it to their customers, as they know that their
code will not be accepted, and that it will be reinvented a few weeks or
months later. Then they go and use the reimplementation afterwards, and
save a lot of manpower and frustration in the process.
Matt Dew moved that particular statement to a new thread, presumably to disentangle it from the arguments raging in the original, and asked:
Are there more companies that feel it's
too-hard/not-worth-while for companies to contribute stuff to Xorg?
I know the linux kernel has this issue, but is X's contribution
difficulty larger?
Verhaegen didn't think it likely that companies would respond with their reasons for not contributing, but that didn't stop others from considering the issue. Matthew Garrett sees it, at least partially, as a consequence of the modular development model. Hardware vendors can keep their drivers out-of-tree, but those drivers will still work with the X server and the rest of X.org:
The unsurprising outcome is that drivers in X.org only tend to be
regularly updated if they have someone who can work with the X.org
community. If they don't, it's far easier to keep the code in their own
tree. Working out ways to improve this situation would seem worthwhile,
but simply being more enthusiastic about accepting contributions doesn't
seem like a great plan (compare the code quality of nouveau, intel and
radeon to that of some of the out of tree drivers, for instance)
But there is more to it than that, according to Alan Cox. X development has been "rather closed" at times, which has served to reduce the number of developers, but it is also quite complex:
It consists (for much of the relevant stuff) of a very small number of
very large and very complex drivers for insanely complex bits of
hardware. That doesn't have the same scaling for newbies the kernel does
where there are hundreds of random USB widgets you never knew you needed
that make good starting points.
Maintaining the old Voodoo2 driver was a bit like minor kernel hacking. I can't even imagine how KeithP [Packard] fits everything he needs to know for the intel drivers into his head. Garrett also noted a lack of documentation that creates a fairly large hurdle: "I found X development far more intimidating than getting involved in the kernel". Alan Coopersmith agreed, noting that documentation is an area that is currently being addressed through several different efforts, including setting aside "a few days before the 2011 X Developer Conference for a 'book sprint' to produce documentation for developers". While there is a fair amount of information available in the X.org 1.9 tree, it still needs work in bringing it up to date, which is something of a never-ending battle. While projects are loath to air their dirty laundry in public—that was certainly part of the complaint about Verhaegen's email—there are lessons in this incident for other projects. X.org is hardly the only development community with administrators that occasionally show a lack of good judgement. Nor is it the only community with a perceived, or actual, barrier to participation. The embarassment suffered by the project may well be overshadowed by the ability of other projects to learn from it. That is one of the advantages of an open development model.
The 2010 Linux and free software timeline - Q1Here is LWN's thirteenth annual timeline of significant events in the Linux and free software world for the year. In what is becoming a fairly standard pattern, 2010 brought various patent lawsuits, company acquisitions, new initiatives, and new projects. It also brought new releases of the software that we use on a daily basis. There were licensing squabbles and development direction disagreements—all things that we have come to expect from the Linux and free software world over a year's time. Also as expected, though, were the improvements in the kernel, applications, distributions, and so on that make up that world. Linux and free software just keep chugging along, and we are very happy to be able to keep on reporting about it. Like last year, we will be breaking this up into quarters, and this is our report on January-March 2010. Over the next month or so, we will be putting out timelines of the other three quarters of the year. This is version 0.8 of the 2010 timeline. There are almost certainly some errors or omissions; if you find any, please send them to timeline@lwn.net. LWN subscribers have paid for the development of this timeline, along with previous timelines and the weekly editions. If you like what you see here, or elsewhere on the site, please consider subscribing to LWN. For those with a nostalgic bent, our timeline index page has links to the previous twelve timelines and some other retrospective articles going all the way back to 1998.
SpamAssassin suffers from a Y2K10 problem. It increased the spam scores of email with 2010 dates, which suddenly became much more prevalent (SA developer blog post, LWN coverage).
Application developers want systems that work the way the man pages
say they work. They do not want additional or conditional restrictions.
How many commercial applications start their installation instructions
with "disable SELinux"? (Hint: lots)
Ted Ts'o leaves the Linux Foundation for Google. His two-year fellowship as LF CTO, on-loan from IBM, was completed in December (news coverage). The Linux laptop orchestra (L2Ork) debuts (news article).
Canonical announces a switch to Yahoo as the default search provider for Ubuntu, starting with Lucid Lynx (10.04). This change is reverted in April and Lucid ships with a Google default (announcement, reversion). SpamAssassin 3.3.0 is released. This is the first major release of the spam filtering solution since 2007 (announcement).
Ubuntu has had a lot of success by building an entire movement around one simple message, as articulated in Ubuntu's Famous Bug #1: "Microsoft has a majority market share in the new desktop PC marketplace.
This is a bug, which Ubuntu is designed to fix." That's a great big
inspirational message, and their tenacity in pursuing the vision implicit
in that message has won them many fans. But it's also led them into
compromises that are, I believe, ultimately bad for free software.
![[OpenStreetMap]](/images/tl2010/osm-logo.png){kind=logo}
OpenStreetMap data is used in Haiti earthquake relief efforts (Michael Tiemann's blog posting). Firefox 3.6 is released (announcement). Red Hat launches opensource.com to explore applying open source principles to other fields (About opensource.com).
The European Commission clears Oracle's purchase of Sun, paving the
way for the acquisition to close (announcement).
Mozilla releases Mobile Firefox (aka "Fennec") for Maemo (announcement).
If there's truth to the allegation, here, then it should be possible to produce
a cert. It should be possible to produce a certificate, signed by CNNIC, which
impersonates a site known to have some other issuer. A live MitM attack, a
paypal cert issued by CNNIC for example.
-- Mozilla's Johnathan Nightingale on the CNNIC uproar Symbian opens up its code, though it is a short-lived open source "project" as its web sites will close in December (announcement, web site shutdown announcement -- these links may not function after December 17). Facebook releases its HipHop PHP translator, which translates PHP to highly optimized C++ (announcement).
If you spend all day with your co-workers, socialize only with your
co-workers, and then come home and eat dinner with — you guessed it — your
co-worker, you might go several years without hearing the words, "Run
Solaris on my desktop? Are you f—ing kidding me?"
Matt Asay becomes Canonical Chief Operating Officer (announcement). FOSDEM '10 held in Brussels, Belgium (LWN coverage).
Fedora implements the "No Frozen Rawhide" plan, which will stop blocking progress of rawhide in preparation for releases (proposal, progress). OpenOffice.org 3.2 is released (announcement).
Forks aren't always great, but I honestly don't think of forks as being a bad thing and I've tried to instill in Google the same ethic.
In fact, I'd say that the various forks of Linux, and how the Linux maintainers have roped back in some forks (and let others go on their merry way) is what made the Linux kernel great and not just a BSD rehash. -- Chris DiBona
Southern California Linux Expo (SCALE) 8x is held in Los Angeles,
with several LWN authors (and an editor) in attendance. (Moving the needle, Legal issues, Codeplex foundation and open
source, Relational
vs. non-relational, Color
management, Ubuntu
kernel development, Gnash, and 10,000,001 penguins).
LWN editor Forrest Cook departs (announcement).
Linux 2.6.33 is released (announcement, KernelNewbies summary).
The Apache web server turns 15 (announcement). The Java Model Railroad Interface (JMRI) case (aka Jacobsen vs. Katzer) is settled on terms favorable for free software (Andy Updegrove analysis, previous LWN coverage [1, 2]).
The Ubuntu One Music Store added for Ubuntu 10.04 as a way for Ubuntu users to buy MP3s while supporting Canonical (LWN coverage).
yikes, that macro should be killed with a stick before it becomes
self-aware and starts breeding.
Apple sues HTC for patent infringement targeting Android (LWN article). Elliott Associates makes an unsolicited offer to buy Novell, which starts the process that led to an accepted bid by Attachmate (with Elliott's assistance) in November (press release).
Google is forking existing FOSS code bits for Chromium like a rabbit makes
babies: frequently, and usually, without much thought. Rather than leverage
the existing APIs from upstream projects like icu, libjingle, and sqlite
(just to name a few), they simply fork a point in time of that code and
hack their API to shreds for chromium to use.
-- Tom "spot" Callaway on Chromium's bundled libraries ![[Ubuntu]](/images/tl2010/ubuntu-darktheme-sm.png)
Ubuntu updates its branding, moving from its brown theme to a purple-ish look, with updates to its logos as well (announcement). The branding change also impacts the location of window buttons in the default GNOME interface, which sets off something of a firestorm (LWN article). Mozilla starts the process of updating the Mozilla Public License (LWN blurb). Open Clip Art Library releases version 2.0 of its collection of SVG clip art graphics (announcement). Sony removes "install other OS" support from Playstation 3 firmware "upgrade", so users can no longer run Linux on PS3s. (LWN article).
But having used both Ubuntu Linux and Mac OS X, as well as Windows, I just
don't think using Linux is tantamount to donning some hair-shirt to pay
penance in the name of freedom.
-- Matt Asay Novell wins ownership of the Unix copyrights, in yet another defeat for SCO in its attack on Linux (LWN article).
PHP 6 development process restarts after several attempts to
complete the release, which was derailed mostly by Unicode issues (LWN coverage).
GNOME 2.30 is released (announcement). The first MeeGo code release is made (announcement).
Page editor: Jonathan Corbet |
|||||||||||||
![[LCA 2010 Haka]](/images/conf/lca2010/Haka-sm.jpg)
![[Fennec]](/images/tl2010/fennec-logo.png){kind=logo}
![[MeeGo]](/images/tl2010/MeeGo-logo.png){kind=logo}
Maemo and Moblin merge to become MeeGo. Nokia and Intel merge their
mobile Linux initiatives under Linux Foundation stewardship (LWN ![[Cook Cabin]](/images/tl2010/FC-cabin-sm.jpg)
![[JMRI]](/images/tl2010/jmri-logo.gif){kind=logo}
![[GNOME]](/images/tl2010/Gnome-logo.png){kind=logo}