![[personal profile]](http://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Vegas Ally Skills 2017
Jun. 16th, 2017 07:54 pm![[syndicated profile]](http://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
hypatia_dot_ca_feedFor the fourth year in a row, I’ll be teaching a free Ally Skills workshop the week of Security Summer Camp. Previous years have been a lot of fun, and I’m looking forward to once again not attending Defcon but still doing my part to make security a better place for underrepresented people.
The Ally Skills workshop teaches concrete skills to fight biases like sexism, racism, and transphobia through a (very) short talk followed by a series of scenarios that are discussed in small groups. There’s no awkward role-playing, and people are always surprised by how much fun it is. This isn’t a tedious legally mandated workshop, it’s a practical set of tools that you’ll use in your every day work and life.
The workshop will be on Saturday from 1-3 in a suite at Caesar’s Palace, graciously provided by the fine folks at Atredis Partners.
If you’re interested, please sign up here. I’ll be in touch a week or so before to confirm your attendance.
Again the workshop is free, but if you like the work I do, I always appreciate folks donating to the ACLU (disclosure: I work there, but this is on my own time and I’m paying my own way to Vegas) or Equal Rights Advocates.
Transparency And Accountability In Government Forensic Science
Jun. 13th, 2017 02:41 pmsumana_feed
In February, I learned that the New York State Assembly was planning a public hearing on government oversight of forensic science laboratories, and then was invited to offer ten minutes of testimony and then answer legislators' questions. This was a hearing held jointly by the Assembly Standing Committees on Codes, on Judiciary, and on Oversight, Analysis and Investigation and it was my first time speaking in this sort of capacity. I spoke on the importance of auditability and transparency in software used in devices the government uses in laboratories and field tests, and open source as an approach to improve these. And I testified to the efficiency, cost savings, security, and quality gains available by using open source software and by reusing and sharing open source software with other state governments. Here's a PDF of my testimony as written, and video and audio recordings are available as is a transcript that includes answers to the legislators' questions. It is a thrilling feeling to see my own words in a government hearing transcript, in that typeface and with those line numbers!
As I was researching my testimony, I got a lot of help from friends who introduced me to people who work in forensics or in this corner of the law. And I found an article by lawyer Rebecca Wexler on the danger of closed-source, unauditable code used in forensic science in the criminal justice system, and got the committee to also invite her to testify. Her testimony's also available in the recordings and transcript I link to above. And today she has a New York Times piece, "How Computers Are Harming Criminal Justice", which includes specific prescriptions:
Defense advocacy is a keystone of due process, not a business competition. And defense attorneys are officers of the court, not would-be thieves. In civil cases, trade secrets are often disclosed to opposing parties subject to a protective order. The same solution should work for those defending life or liberty.The Supreme Court is currently considering hearing a case, Wisconsin v. Loomis, that raises similar issues. If it hears the case, the court will have the opportunity to rule on whether it violates due process to sentence someone based on a risk-assessment instrument whose workings are protected as a trade secret. If the court declines the case or rules that this is constitutional, legislatures should step in and pass laws limiting trade-secret safeguards in criminal proceedings to a protective order and nothing more.
I'll add here something I said during the questions-and-answers with the legislators:
And talking about the need for source code review here, I'm going to speak here as a programmer and a manager. Every piece of software that's ever been written that's longer than just a couple of lines long, that actually does anything substantive, has bugs. It has defects. And if you want to write code that doesn't have defects or if you want to at least have an understanding of what the defects are so that you can manage them, so that you can oversight them (the same way that we have a system of democracy, right, of course there's going to be problems, but we have mechanisms of oversight) -- If in a system that's going to have defects, if we don't have any oversight, if we have no transparency into what those instructions are doing and to what the recipe is, not only are we guaranteed to have bugs; we're guaranteed to have bugs that are harder to track down. And given what we've heard earlier about the fact that it's very likely that in some of these cases there will be discriminatory impacts, I think it's even more important; this isn't just going to be random.I'll give you an example. HP, the computer manufacturer, they made a web camera, a camera built into a computer or a laptop that was supposed to automatically detect when there was a face. It didn't see black people's faces because they hadn't been tested on people with darker skin tones. Now at least that was somewhat easy to detect once it actually got out into the marketplace and HP had to absorb some laughter. But nobody's life was at stake, right?
When you're doing forensic work, of course in a state the size of New York State, edge cases, things that'll only happen under this combination of combination of conditions are going to happen every Tuesday, aren't they? And the way that the new generation of probabilistic DNA genotyping and other more complex bits of software work, it's not just: Okay, now much of fluid X is in sample Y? It's running a zillion different simulations based on different ideas of how the world could be. Maybe you've heard like the butterfly effect? If one little thing is off, you know, we might get a hurricane.
Transparency And Accountability In Government Forensic Science
Jun. 13th, 2017 02:41 pmsumana_feedIn February, I learned that the New York State Assembly was planning a public hearing on government oversight of forensic science laboratories, and then was invited to offer ten minutes of testimony and then answer legislators' questions. This was a hearing held jointly by the Assembly Standing Committees on Codes, on Judiciary, and on Oversight, Analysis and Investigation and it was my first time speaking in this sort of capacity. I spoke on the importance of auditability and transparency in software used in devices the government uses in laboratories and field tests, and open source as an approach to improve these. And I testified to the efficiency, cost savings, security, and quality gains available by using open source software and by reusing and sharing open source software with other state governments. Here's a PDF of my testimony as written, and video and audio recordings are available as is a transcript that includes answers to the legislators' questions. It is a thrilling feeling to see my own words in a government hearing transcript, in that typeface and with those line numbers!
As I was researching my testimony, I got a lot of help from friends who introduced me to people who work in forensics or in this corner of the law. And I found an article by lawyer Rebecca Wexler on the danger of closed-source, unauditable code used in forensic science in the criminal justice system, and got the committee to also invite her to testify. Her testimony's also available in the recordings and transcript I link to above. And today she has a New York Times piece, "How Computers Are Harming Criminal Justice", which includes specific prescriptions:
Defense advocacy is a keystone of due process, not a business competition. And defense attorneys are officers of the court, not would-be thieves. In civil cases, trade secrets are often disclosed to opposing parties subject to a protective order. The same solution should work for those defending life or liberty.The Supreme Court is currently considering hearing a case, Wisconsin v. Loomis, that raises similar issues. If it hears the case, the court will have the opportunity to rule on whether it violates due process to sentence someone based on a risk-assessment instrument whose workings are protected as a trade secret. If the court declines the case or rules that this is constitutional, legislatures should step in and pass laws limiting trade-secret safeguards in criminal proceedings to a protective order and nothing more.
I'll add here something I said during the questions-and-answers with the legislators:
And talking about the need for source code review here, I'm going to speak here as a programmer and a manager. Every piece of software that's ever been written that's longer than just a couple of lines long, that actually does anything substantive, has bugs. It has defects. And if you want to write code that doesn't have defects or if you want to at least have an understanding of what the defects are so that you can manage them, so that you can oversight them (the same way that we have a system of democracy, right, of course there's going to be problems, but we have mechanisms of oversight) -- If in a system that's going to have defects, if we don't have any oversight, if we have no transparency into what those instructions are doing and to what the recipe is, not only are we guaranteed to have bugs; we're guaranteed to have bugs that are harder to track down. And given what we've heard earlier about the fact that it's very likely that in some of these cases there will be discriminatory impacts, I think it's even more important; this isn't just going to be random.I'll give you an example. HP, the computer manufacturer, they made a web camera, a camera built into a computer or a laptop that was supposed to automatically detect when there was a face. It didn't see black people's faces because they hadn't been tested on people with darker skin tones. Now at least that was somewhat easy to detect once it actually got out into the marketplace and HP had to absorb some laughter. But nobody's life was at stake, right?
When you're doing forensic work, of course in a state the size of New York State, edge cases, things that'll only happen under this combination of combination of conditions are going to happen every Tuesday, aren't they? And the way that the new generation of probabilistic DNA genotyping and other more complex bits of software work, it's not just: Okay, now much of fluid X is in sample Y? It's running a zillion different simulations based on different ideas of how the world could be. Maybe you've heard like the butterfly effect? If one little thing is off, you know, we might get a hurricane.
To the high school graduates ...
Jun. 12th, 2017 09:27 pmadulting_feedHere is something I wrote a few years ago that is still quite applicable, especially re:Hot Pocket™ safety.
Hello, high school graduates! All of you are likely close to collapsing under the weight of well meaning old-people’s advice, which for the past few months has piled up like so much smug, well-meaning snow. Allow me to add my own dusting.
1. Leave high school behind you, now. Whether you were the most devastatingly cool guy in all of McNary High School or the most excruciatingly awkward girl at Sprague, once you leave high school, no one will know. Or, more importantly, care. Most really cool people who do interesting, creative things with their lives didn’t have super happy high school careers. Many really cool people had great high school experiences. But any reasonably cool person over the age of 19 knows that what you earned, or endured, in high school has zero bearing on who you are the day you graduate. I know. It seems SO IMPORTANT now. But … it’s not. Not even a little.
2. Manners count, and they’re free. You can get away with murder if you do it politely, because whoever expects a polite murderer? Manners make other people feel comfortable and happy and respected, and when people feel comfortable, happy and respected they are 8,000 percent more likely to let you get your way.
Say please, thank you, excuse me, it was so nice to meet you, hope I see you again soon. Whatever you do, send thank-you notes so people are inclined to keep doing nice things for you.
3. Chew with your mouth closed. In fact, sometime when you’re alone, go sit in front of a mirror and watch yourself eat, then make any necessary adjustments now before it becomes a permanent habit.
4. If people expect you to go to college, but you’re not super-excited about it, skip a year and work before you head off. It’s not the end of the world, and it doesn’t make you a failure. That time is too expensive and too precious to use on something you’re half-assed about. Also, I speak from experience — folding jeans at a store in the mall for minimum wage for a few months made me feel very differently about how tedious and mindless sitting through a lecture class feels.
5. Unkindness, from here on out, becomes less and less attractive. Cruelty is one of the four main currencies of high school, along with attractiveness, athletic ability and actual currency provided by your parents (I see you, West Salem kids!). In high school, a profoundly mediocre person can rule — or at least maintain a position at the periphery of the popular kids’ group — through fear.
But once you get into college, you begin to leave that b.s. behind you. You don’t have to be mean to be funny. You don’t have to be mean to disagree with someone. You don’t have to be mean to someone powerless to prove your power. All meanness showcases is that you have ugly internal architecture. And as the facades that were so important in high school fade, that is what others will see when they look at you.
6. Know which classes you have to go to, and which ones can be skipped in lieu of more important things. Yes, if you want to go to Harvard Law or John Hopkins Med, you need to ace all your impossibly difficult classes. But if you want to do something post-college that doesn’t involve grad school — if you want to work in non-profits, if you want to write for a paper, if you want to do public relations, if you want to run a business — then instead, look for ways that you can get those experiences in college.
Join extracurriculars that mimic the experiences you someday want to get paid for. If you hate doing it for free, then chances are you’ll resent it even when you get paid for it. Also, this way, when you graduate college, you can prove to employers that you did something, not just wrote compelling papers on the metaphysical nature of being.
7. If you’re a person for whom the hooking up thing doesn’t work, then don’t do it. College is a time of lots and lots of casual sex. This, I think, plays pretty well into what many — not all, but many — 18-year-old guys want, and terribly into what most — not all, but most — 18-year-old girls want. Know what you want, and don’t feel bad if that’s not in line with what someone else wants. Also, know that after freshman year, people begin to date again rather than just drunkenly coupling and uncoupling.
8. Freshman year, you can and should be friends with everyone. Sophomore year will tell who is actually worth keeping.
9. After you microwave a Hot Pocket, be sure to gently tug open the end and let the steam out, and wait a couple minutes, because there is nothing more painful than a Hot Pocket steam-and-molten-cheese burn to the top of the mouth.
10. Don’t tell the internet too much about your love life, or deep innermost feelings, or secrets. It’s none of the Internet’s business, but the Internet has a big mouth and a long, long memory. Make good friends, and tell them in person when you hang out in each other’s dorm rooms and watch movies and eat Funfetti frosting straight out of the jar. Do this a lot. It doesn’t seem important, but it is.
April 2017
Jun. 12th, 2017 06:18 amlecta_feedApril was a bit of a mess, from my point of view. V’s vacation care bookings always need to be done many weeks in advance, using the worst app on the entire Internet; among other things, Excursion 1 and Excursion 2 are the same booking each day but mean different things each day, so you need to sit there with a cheat sheet to book it. It also books out within hours. It wasn’t something I had time for during oncall training at work, so we ended up with a very patchy set of vacation care bookings for the Easter holidays and both Andrew and I had to pick out a bunch of days to take off work to supplement V’s vacation care.
Since I’ve switched jobs a couple of times in the last few years, I’ve had weeks off at a time (in fact, months between the Ada Initiative and Stripe). Andrew on the other hand hadn’t taken a holiday in years that didn’t involve a load of packing and driving the kids somewhere, so he took a few weeks off and spent several days alone with a cryptic crossword.
It was a month of birthdays. For Sarah’s birthday we zipped up to the mountains on the 8th for lunch with Mum’s entire family after one of V’s soccer games and drove back down the same night.
My birthday fell on Good Friday, which happens not infrequently (also in 1995 and 2006, in contrast my birthday was last on Easter Sunday in 1974 and won’t be again until 2047, happy 66th birthday to me). It’s always a little strange to celebrate on Good Friday; I’m just Catholic enough to feel the dissonance. I also feel the dissonance of the children needing me to celebrate my birthday, which usually involves me having to make my own cake. We spent our Easter weekend at home, thank goodness. It took me a long time to realise as an adult that visiting family isn’t a mandatory use of long weekends.
Sam’s 30th birthday was that month too, and he had a small family party on ANZAC Day, a nice afternoon but also with a strange edge as a gathering of people who were mostly seeing each other in Tamworth caring for Rob, rather than in Sydney.
Otherwise, on the last Friday of Andrew’s time off, we realised our long-held dream of going to Wet n Wild together without kids. By the time we did it I was dreading it; we went in late March with the kids and I took V a second time on one of my days off with him and I went just wanting to check the box with Andrew. But we had a lot of fun, even though he tipped me forward off the raft at the end of T5, and I refused to go on the Bombora, the last of the high adrenaline rides to go. Always leave something to aspire to.