It’s been a while since my last post, because the last few weeks have been just a little crazy.

I’ve left JHU, and accepted the role of Chief Technology Officer at An Estuary, an amazing EdTech startup spun out from Baltimore’s Digital Harbor Foundation.

It’s kinda crazy going from a massive institution with about 40k employees, to a startup. But we’re building amazing things, iterating like crazy, and having an unbelievable amountof fun doing it.

So stay on the lookout for An Estuary… the sky’s the limit, folks. I’d forgotten what it was like to wake up in the morning and being excited to get to work. Now I remember. It’s an amazing feel, and this is an amazing time. And I work with the best people I could hope to work with.

Life is good.

Is it possible that software is not like anything else, that it is meant to be discarded: that the whole point is to always see it as a soap bubble?

One of the most nerve-wracking things you can tell a manager is that it’s time to rewrite a major software component, system, or application. In fact, it’s considered (in some circles) such a mortal sin that Joel Spolsky addresses “The Big Rewrite” in a post entitled Things You Should Never Do, Part I.

In many cases, he’s absolutely right. If you have a working-ish production codebase, throwing it out the window can seem a bit like throwing out the baby with the bathwater. But from an engineering standpoint, software is weird. On the one hand, you have the engineering side: If a bridge is just working-ish, the assessment of a structural engineer might be that it must be torn down and a new bridge built in its place. Software is much more ethereal and abstract; of course, we can continue to patch the old application, and extend it, and patch it, and sacrifice virgins to Great Cthulhu, and keep it chugging along. For a while.

Eventually, however, with a typical enormous, legacy codebase, you just end up mortgaging massive technical debt.

So in a delightful twist, Michael O. Church has brought in the concept of D&D ethical alignments to the corporate hierarchy/career discussion.

He quite correctly places the “Technocrat”, i.e., the “postive sociopath”, or the person who wants to accomplish something beneficial without regard to corporate politics or any other tangential concerns, in the “chaotic good” (or at least, “neutral good”) category.

I’ve seen myself as “chaotic good” long before this series of posts, or before I ever thought of applying the D&D alignment categories to roles at work. It fits with my politics (anarchist-communist), with my gneral M.O. of getting things done (open source is always bettter, and it’s always easier to ask for forgiveness than to get permission). It also fits with my general attitude toward work: if you want something brilliant, tell me what you want and get the fuck out of my way. If you want a mess, keep letting middle managers stick their fingers in the pie of my creative process.

Church makes an excellent point, though, that the “technocrat” disposition, and the alignments it tends to entail (chaotic good to chaotic neutral) tend to be notoriously difficlut to manage. The only thing I think is missing from the series he’s been doing on this issue is that if you’re a programmer, you weren’t meant to have a boss.

I’ve taken my time in writing about this. I had some debates (for better or worse) on Twitter, and some rather thoughtful meatspace conversations with friends and coworkers. I have strong feelings about what happened at PyCon (re: the donglegate scenario), and many of them are conflicting. So I’ve waited to write about it until now.

Donglegate

Okay, for one thing, I really think the #donglegate hashtag/label is stupid, but that’s not up to me, so whatever. I would like to address the way in which things were handled at PyCon, so here goes.

First off, I have no personal investment in what happens at PyCon. I don’t really code in Python, I don’t particularly like Python, whatever. But when people are publicly humiliated, fired, whatever, over things that are basically stupid, it chafes.

So, if you’re unfamiliar (fat chance), you can get the original interpretation of events from the horse’s mouth, at Adria Richards’ blog Hopefully that link works for you, I got yet another error trying to load it… maybe someone should tell her about static pages for blogs. Anyhow, here’s the short version: a ‘developer relations rep’ from SendGrid was offended by some off-color comments made by some guys sitting behind her that apparently referenced “big dongles.” She also alleged some sexual references to “forking,” which has since been called into question. Instead of saying to the individuals in question, “Stop being jerks and shutup so I can listen to the speech,” she tweeted pics of the guys who were making dongle jokes, and got the PyCon organizers involved.

I’m not judging at this point.

Anyhow, once the PyCon organizers got involved, the folks she accused were removed from the session. Apparently, at least one lost his job.

Of course, it blew up on the Intertweets, with 4chan getting involved at some point and anons starting a Change.org petition to have her fired.

Adria Richards tweeted that SendGrid supported her:

Hey @mundanematt, it’s clear from the last 24 hours you’re a bully.@sendgrid supports me.Stop trolling.

— Adria Richards (@adriarichards) March 20, 2013

Apparently, she was mistaken, because she was fired shortly thereafter.

Constructive Intervention

I’m still replaying this in my head. Some dudes were making immature, inappropriate comments at a conference. Ms. Richards responded in a way that was also immature and inappropriate.

I’m not going to go into the distasteful, violent, or threatening responses that occurred on Twitter or 4chan (although, regarding hte latter, it’s 4chan. What do you expact?).

I would like to point out that the women from LadyCoders proposed a system for dealing with this sort of occurence that is constructive. Expanding upon the Red/Yellow Card Project from Defcon, they’ve developed PyCon CoC warning cards for next year’s PyCon. I think it’s a great constructive way to give people a way to address behaviour which they find offensive without resorting to the Twitter equivalent of tar-and-feathering, as Richards took as a first resort.

And So…

If anything, there was more logical reason for Richards to lose her job than the developer from PlayHaven. He was a developer; developers have never been known for tact or maturity. Richards’ title was “developer evangelist”; I’d like to know how she expected to carry out that role after alienating so many developers with her actions.

But whatever. PyCon has amended its CoC to condemn “public shaming” as a mode of dealing with inappropriate conduct. For my part, I see the whole PyCon / #donglegate debacle as an example of public stupidity on multiple parts, not a call to action. Let’s just all try to be smarter in future, mmkay?

I’m going to miss Google Reader. I know a lot of people are going to. Hell, in a crazy inversion of Godwin’s Law, even Hitler is upset. There’s a petition on Change.org, and Bender is pissed:

I’ve been complaining, both online and in person, ever since I learned of this a couple of days ago. And it’s not the first time I’ve complained about changes at Google.

This isn’t even the tragedy fo the commons; this is the tragedy of gratis versus libre, or “free as in beer” versus “free as in speech.”

Sure, Reader is one of Google’s most popular products, at least among my (admittedly strange) peer group. But I’m going to assert something odd for a wacky leftist like me: Google is a for-profit corporation, beholden to its shareholders. It has a responsibility to monetize its products, and Google is (in simple terms) in the advertising business. Reader wasn’t selling ads, as far as I can tell.

We can drill a little deeper, and say that Google is really in the data business. But even at this level, I can guess the prediction of the highly complex and optimized machine learning algorithms Google has developed for all the data it harvests, when applied to Reader:

Nerds like reading one anothers’ blogs.

Yeah, um… I don’t know how they failed to monetize that highly proprietary and unexpected insight.

So in the comments on my last post I mentioned my fandom for what is, in my opinion, the most insightful and important blog currently published, that of Michael O. Church. His recent series of posts have been reviewing and analyzing the MacLeod theory of organizational structure (link is to the latest post in the series, but if you haven’t been following it, therein are links to the previous eight).

I want to focus on the differential between concave (in which the difference between failure and middling is greatest) and convex (in which the difference between middling and superior is greatest) work.

The “IT Department”

I have to start by saying “Information Technology” is a leaky abstraction. It covers everything from internal software development to the help desk call center. I’m not suggesting that either line of business is superior. Both are absolutely necessary, at least until developers start to become psychic or users stop being stupid, or (preferably) both.

The real problem comes when the same management structure is imposed in the guise of an “IT Department” on such divergent areas as the help desk, desktop support, network engineers, developers, and hardware techs. Going beyond theories X, Y, Z, or A of management, having a “Central IT” department is (without a revolutionary management strategy that will probably raise HR issues for most entrenched organizations) an attempt to shoehorn concave and convex work into the same tiny box, and is going to fail at appropriately managing one or the other (or perhaps more likely, both).

One of the most unfunny ironies of the rhetoric surrounding “job creators” in contemporary American politics is that most of the jobs being created (or at least, those with the greatest demand) are in the tech sector. Jobs like mine. Jobs that automate processes that used to be performed by people.

So I’ll come out and say it: I’m not a job creator (which is, I suppose, why the Republicans aren’t too interested in cutting my taxes). I’m a job destroyer.

We (programmers) all are, on some level or another; we’re taking mundane repetitive tasks and automating them with code. In a perfect world, we would be hailed as heroes, freeing the toiling masses from their humdrum routines to engage in more ennobling pursuits… but there’s that pesky issue of needing an income. I’ll return to this momentarily, but I first want to confess to a darker truth.

Marc Andreessen famously explained ‘Why Software Is Eating The World’ in the WSJ a couple of years ago. What he failed to mention is that the snake of software is also quietly eating its own tail.

This is a post I’ve wanted to write for a while, but I’ve needed time and distance to do it justice. This is a post about (from my perspective) the greatest failure of my professional career.

The Social University

Sometime in 2011, I was joking with my team lead about connecting Blackboard Transact, the OLTP product used for access control, stored value account transactions, and meal plans at my work, to Twitter, just for fun. The short answer was “that’s silly.” The longer answer was “that’s silly, but it would be pretty neat.”

So on lunch breaks and when I was waiting on other things to move forward with my “official” projects, I played around with creating a system to connect our system to Twitter.

Since I had already worked on a service layer for (really, a generalized SOA for systems connecting to) Transact, it was pretty easy to leverage APIs from not only Twitter, but also Foursquare and Facebook to tie into transactions from our internal system; door access could tweet your location, and check you in on Foursquare; buying a coffee could do the same.

Eventually, the idea gained some traction, and we started building in a system of social gamification, that would award badges and achievements for usage of the system, ranging from customer loyalty rewards for particpating vendors, to seemingly “silly” things like a “Speed Demon” achivement for swiping two doors on opposite sides of campus within ten minutes.

The system also allowed students (well, also faculty and staff) to connect to Facebook to share badges/achivements and compete in a university-wide leaderboard. This is just an overview of the social media integration and gamification elements, but you might very well ask, what’s the point?

The Linux PAM (Pluggable Authentication Modules) architecture is one of the most wonderful (and most overlooked) features of the OS. Typically we only consider PAM as handling our console (or xdm/gdm etc. logins) on Linux, but it’s useful for so much more.

Web Authentication

At work, we needed an authentication solution that allowed users to sign in with their ActiveDirectory credentials. Although the “official” solution was to use SiteMinder for web authentication against AD, we were working on a mobile application, and at the time the SiteMinder auth page was ugly, and had no mobile-optimized login page. The latter problem has since been rectified; now it has both an ugly desktop login and an ugly mobile login. In addition, we were using nginx, and SiteMinder was really only supported under IIS and Apache (and at the time, the latter was via Shibboleth. Ugh.), so without official SiteMinder support, or an nginx Shib plug-in, we were in a bit of a bind.

Around the same time, I was playing with Likewise Open (now known as PowerBroker Identity Services - Open Edition) to bind my Linux workstation into AD. So it occurred to me: if a normal Linux PAM login can be authenticated against ActiveDirectory, why not a PAM login from a web application?

I know, I know, my first though should have been LDAP, right? For some unknown reason, LDAP was verboten at the time. The policy has since (apparently) been reversed, but such is the ebb and flow of corporate politics. And so, in the grand tradition of one of the mothers of modern computer science (and one of my daughter’s namesakes):

If it’s a good idea, go ahead and do it. It is much easier to apologize than it is to get permission.

From the crack team (Micah Gates and myself) that brought you job_interview, I’m proud to announce the availability of close_enough, a gem that will save you from all of those niggling NoMethodErrors that occur when you mis-type a method name.

The concept is very simple, and based on an algorithm used in most spell checkers and autocorrect systems currently in use. Calculating the Damerau-Levenshtein distance between two words can reliably (within a certain margin of error) indicate whether a known word was inteded when an unknown term was encountered in user input.

In Ruby, we have a wonderful metaprogramming facility in method_missing. What we’ve done in close_enough is to monkey-patch method_missing on Object to calculate the Demerau-Levenshtein distance between existing methods and the non-existent called method, and invoke the nearest one if it’s “close enough” (close enough currently being an edit distance of < 3).