Am I hacked again?

I’m 99% sure that my domain hosting and Twitter account are under attack right now. I can’t access either account and this is almost exactly what happened in 2013 when someone hacked half a dozen of my online accounts so he could get into @ruby thinking he could sell it on a hacker forum. This didn’t go well for him, but it was also an enormous pain in the ass for me.

You can see the whole story starting here: https://lotusmedia.org/tag/hacked/page/5

Five things that Drupal site builders need developers to know

This weekend I was pleased to present a brand new talk at DrupalCamp Asheville. I’ve been wanting to attend this camp for years since it’s the only one in North Carolina. This year my calendar was finally open and I was planning to attend in person, but of course that was not meant to be.

Many Drupal developers consider site builders to be one of the most important types of users they are building for. The project lead regularly talks about how to “Improve the site builder experience” in his state-of-Drupal keynotes. But how well do developers really understand site builders and what we do? I put together this presentation to help people understand the realities and constraints of being a site builder.

Below is a video of the talk. It’s only about 35 minutes long. This was my first time presenting it. If I do this talk again in the future I’ll include more examples to illustrate each point.

https://www.drupalasheville.com/2020/session/five-things-site-builders-need-developers-know

Mapping police brutality

I’m sure this only scratches the surface because it only tracks incidents of police violence that are reported on Twitter but I really appreciate folks (including Durham lawyer Greg Doucette) for putting this together.

See also The Guardian‘s site The Counted, which they created to track police killings in 2015 because no-one else was even doing it.

Tara and Ruby, mis-presentation

“But I’m Not Privileged”

Last week I had the opportunity to co-present with Tara King a talk about diversity and inclusion in the Drupal community. After each time we do this presentation we’ve learned from the audience and made improvements to make the session more helpful. This was my fourth time giving this talk (although other Drupal Diversity and Inclusion leaders have also done it) and I feel like it is getting much more effective at helping people better understand and advocate around issues of equity and justice in tech (and in the world).

For your enjoyment and edification, here is But I’m Not Privileged” – Why diversity, equity, & inclusion are everyone’s problem:


Photo credit: Dan Flicker

presentation title slide

Diverse communities are strong communities

Last week I was proud to represent Drupal Diversity and Inclusion at DrupalGovCon. Along with Dori Kelner, I co-presented a session to help people understand the challenges we face as a community and what DDI is doing about it.

You can see our slides overlayed with the audio of our talk here:

Two men in fatigues, one standing in the garbage bin

Stand up against the jerks, no-one else will do it for us

I was disgusted to learn today that progressive tech leader Clay Johnson has been harassing women he worked with with almost no repercussions for years. I’m appalled that I never knew about any of this in spite of being in his professional orbit the entire time. I even know some of the people quoted in the story, although not very well. We have to learn to tell the truth, shout it if we have to, and stop covering for people.

The fact that this stuff started so long ago and that even Clay seems to agree he should have been fired from the Dean campaign, but instead he was able to build an entire successful career on it while continuing to abuse people is such a great illustration of how tolerance of chauvinism systematically holds women back and keeps us out of leadership positions while simultaneously reinforcing itself by promoting these men ever higher.

Reading about his behavior at the Sunlight Foundation you can see that it wasn’t a secret. In fact the staff had to band together to alienate him since the organization wasn’t protecting them from him.

Every man that gets ahead while abusing people is keeping at least one other person from succeeding, and is taking up space that should go to people with better judgement than his. Then people look around and wonder why they don’t see as many women “qualified” for top leadership positions! Women are missing the opportunity to build our careers because we are trying to protect our dignity and bodily integrity from creeps who some other men think are geniuses.

I’m not mad at people for not exposing this sooner, because I know how hard it is (was?) to go public. I’m disgusted at Clay himself, but even more sick of the systems that just continue this culture and people who refuse to think beyond their own tiny bubbles. (ie: Well he’s not harassing me or anyone I care about, so I’m OK.) Of course I’m disappointed with Joe Trippi, but I wouldn’t expect any better from him. People like him are the reason I avoid certain lines of work.

Of course we should be able to expect our leaders to do better, but given that most of them are men that got there by succeeding in the current culture (if not actual harassers themselves) or women who got there by not rocking the boat too much, I’m not counting on them. The rest of us need to take care of each other by speaking out as publicly as we can when we find out about this stuff.

Hopefully people speaking out will eventually put more and more pressure upward on leaders to do the right thing in the first place before their new hire becomes the latest scandalous headline. Unfortunately I don’t expect any of this to change significantly before my son comes of age in about 10 years. I’m thinking of how us non-leaders can develop a strategic defense against the tsunami of bullshit.

Leaders like Zephyr Teachout are calling for better (or any) processes to address harrassment in political campaigns, but this problem is much bigger than the culture of political campaigns and nonprofits that take advantage of people’s dedication to the cause to keep them quiet. I’m not going to assume any of these institutions have my back until they have shown me that.

People need solidarity with each other, we can’t wait around for some brave leaders to save us. They’re not coming to help unless we force them to. I loved the way the Sunlight staff responded. I’d like to see much more of that.

 

Much of this post was initially written in conversation on Facebook with my friend Zephyr Teachout, hence some disjointedness.

Drupal 8

Getting started with Drupal

Last week I attended the Nonprofit Technology Conference for the first time since 2011. I was very impressed with the organization and the the content of the conference, it was great to see how the community has evolved over the years.

Along with Tim Nafziger, I co-facilitated a discussion session for members of the NTEN/Nonprofit Drupal community. We had an excellent group with a wide range of people participating, from newbies to agency owners. Our two main topics were how to get started learning to use Drupal, and what the future of Drupal holds. The latter topic is hard to summarize, but suffice to say there are still a wide range of opinions about Drupal 8. Even more than 2 years after it’s release, there are still 4 times as many sites using Drupal 7 as Drupal 8.

As for learning Drupal, we had many great suggestions. One person shared this cartoon illustrating that rather than the typical “learning curve,” figuring Drupal out is more like climbing a cliff. But when you get to the top you can really kick butt.

The Drupal Learning Cliff

 

So, here are our suggestions for scaling that cliff!

Empty chairs

If you build it, they won’t come

In the Drupal diversity and inclusion working group, we are often asked how people can improve the diversity of their tech events. I wrote up some thoughts about this today and thought it would be useful to share here as well.

The most important thing you can do is have your leaders look how you would like your speakers and attendees to look. No matter how well intended, a group of men is going to be less successful recruiting women, and an all-white group will not be able to recruit as many speakers of color.

Representation in leadership matters both because people can do outreach more effectively within their own communities, but also because even strangers will look at that and get more of a sense that they would be comfortable and welcome at the event.

Ashe Dryden is a former Drupaller who is an expert in both diversity and conferences. Here’s a post she wrote which is chock full of examples and links to other good articles. And here is Ashe’s talk at DrupalCon in 2013, which really helps to explain the whole challenge of this stuff. I was at this talk in person and it was awesome.

Beyond leadership, here are two practical articles for event organizers: Women speakers, How I got 50% women speakers at my tech conference. They focus on recruiting women, but we need to go beyond white women if we want really diverse and representative events. Many of these principles apply for outreach to other marginalized groups like people of color, people from other countries, low-income people, people with disabilities, non-Christian people, etc.

It’s good to broadcast your intentions to be more inclusive, but you really have to work one-on-one to make a change. You often have to tell people that they would be good speakers because when we spend our whole lives being marginalized, we often lack the confidence of the average white guy.

DrupalCon 2016 group photo - I'm in there somewhere

This beautiful mess we’ve made – the Drupal situation

My professional life revolves around a wonderful, crazy, powerful piece of software called Drupal. Drupal is open source and is created and supported by a massive community of great people who contribute code, ideas, and leadership to make Drupal an incredible tool to solve a large and growing range of problems.

After participating in last year’s DrupalCon, I got involved in the newly-forming working group to address diversity and inclusion in the Drupal community. It’s been a great opportunity for me to both learn about how things work in the community and contribute my past experience working on both social justice issues and online communities.

Last month, a wedge was driven into our community when long-time contributor Larry Garfield was asked to step down from his leadership position, and it is shining a harsh spotlight into existing problems that need fixing. Our official structure and leadership is not adequate for the size and scope of the Drupal community, and hasn’t been for a while.

Also, there is a fraternity/culture within the developer community at large (not just Drupal) of White, straight, cisgender, American and European males. As we have seen of late, many groups are so accustomed to their privilege that any attempt at sharing fairly with others feels like oppression to them. Many people are simply unaware of this dynamic.

But some members of this club have been waiting for an opportunity to fight back, and they have taken advantage of the poor communication about what happened to make their own points about how “social justice warriors” are secretly out to steal all their cookies. There is a lot of misinformation out there and reporters have been loving the salacious kink-shaming angle without understanding any of the actual issues at play.

One interesting aspect of the recent events is that there is no single venue where people in the community can come to discuss the community itself and how it is governed. Because of that vacuum (and some other factors) our diversity and inclusion Slack channel became one of the primary places for people to share their concerns and learn more about what was going on. We have also been a target for dudes to troll, mansplain, and pick fights with those of us who think that it’s important to make sure Drupal is a safe and welcoming place for marginalized people to participate, even if that means potentially excluding those who don’t share that goal of inclusion.

There are as many opinions about the controversy as there are Drupallers. Amazingly, a lot of well-intended people have lined up behind those vehemently opposing Garfield’s exclusion, even though a lot of the heat around that is actually coming from outside the Drupal community. Much of this is due to the fact that most people are quite unaware of the privilege in which they are soaking and are not interested in understanding how it impacts the world they live in. Still I am amazed at how many are willing to be used as tools of Gamer Gate types with an axe to grind.

Personally I also came away frustrated with the leaders of the Drupal project (the software) and the Drupal Association (the community*), but for completely different reasons. They are clearly doing their best to handle this challenging situation, but their best has not been not up to the task. A large part of why this was so controversial is because they were wholly unprepared for how the community would react, and responded from a defensive position without helping people understand the situation or the decision-making process. We need much more from our leadership, and there is currently not even a structure in place by which we could make those changes.

Fortunately, I think those same leaders do generally agree at least that there is a need for change, even if they lack the vision for what it should be or how to make it happen. Our community’s evolving needs will be on the agenda at DrupalCon next week. It’s time for Drupal to grow past the start-up phase which is necessarily driven by one leader with a strong vision, and into a fully-fledged organization with our own community infrastructure. I hope that we will be able to have some productive conversations about this without getting sidetracked by arguing about misinformation and political agendas.

A lot of people have written a lot of things about this in the past month. I can’t even begin to catalog all of them, but here are a few key points:

If you are not bored to tears by all this and want to stay up to date, I recommend following @DrupalDiversity on Twitter.

 

* The DA is not actually The Community. It runs our annual conferences and hosts drupal.org, which is where the core software (and contributed themes and modules) lives and is worked on. It’s governed by a board which is mostly self-appointed but has 2 community-elected members.

Because of the lack of any other formal leadership structure for the community, a lot of expectations fall to the Drupal Association, but it doesn’t have the capacity (ie: funding) to do much of that type of leadership.

Photo Credit: DrupalCon 2016 group photo by the Drupal Association. I was there for the photo but am not visible in the picture because I am small and not in front.

open padlock

If you’re not concerned about your privacy, you’re not paying attention

Cross-posted from MomsRising.org.

I don’t know about you, but the past year has been a real wake up call for me about the importance of digital security. I used to think of hackers as bored teenagers showing off for their friends, or scammers sending viruses and spam to people by the millions. But today’s online outlaws are much more sophisticated.

Not content to just blast misleading links at us, elite hackers have started spear phishing. This is a tactic that sends an e-mail to an individual with unique, personalized information making it look very real, and convincing the user to click through to a website where they will enter their login credentials. Some hackers also use social engineering (not technology) to trick people into giving away critical information that can then be leveraged to compromise accounts.

Unfortunately, we need to worry not only about obviously sensitive information like bank accounts and e-mails, even seemingly inconsequential accounts can be exploited to provide an opening. Once a hacker gets into any of your accounts, be it iTunes, Etsy, or Pinterest, they can use that information to access other services.

The threat to our privacy is real, and we have seen that there are people who may target us and access our data not just for commercial purposes but for political use. People and organizations that are working for social change have every reason to be concerned about how our personal information, organizational data, and private communications might be used.

Good security is a pain to implement, but every inconvenience for us is an even bigger hassle for a would-be hacker. Start now from wherever you are, and make incremental changes to improve your personal and organizational security.

 

OK, Ruby, we’re terrified! What do we do?

There is always room for improvement of our security practices, especially as we learn more about the threats that are out there. Here are my recommendations for where to start.

 

More resources

 

Here’s your reward for making it to the end of this challenging post! Freak out and laugh and get down all at the same time with Ashley Black learning about digital security with the help of Talib Kweli and others, on Full Frontal with Samantha Bee (NSFW).