The snow is gone at this point (now it's all "risk of flooding" and "high winds" out here), but I thought I'd share a photo from last weekend:



This mailbox has a little spotlight above it (presumably so people don't drive into it or so that the mail carrier can find it), which always amuses me. I personally refer to it as "photogenic mailbox" because of the spotlight. Photogenic mailbox is apparently also photogenic in the snow, not just the dark.

I imagine I'll use photogenic mailbox in a presentation about GNU Mailman, someday!

Note: you can actually see the spotlight, or evidence of it, if you look at the photo carefully. I should have photoshopped that out, but it turns out photoshop was installed on the hard drive that died, so I haven't sorted that out and gotten it re-installed yet.

With all the noise about google switching away from XMPP, I was pretty concerned when Pidgin stopped connecting to Google Hangouts (aka gtalk or xmpp) with the following error:

"Server does not use any supported authentication method"

I wasted some time updating things hoping that would solve it before I finally figured out my problem: It wsn't google changing things at all; it was me. I'd changed the hostname of my (relatively new) laptop. But what I hadn't done was put the new hostname into /etc/hosts under 127.0.0.1. A quick edit later, and the newly christened laptop is back on the air.

I found the solution here, but I had to dig for it a bit so I'm puting up this post that shortcuts to the answer without the debugging, just in case anyone else runs into this one and needs help.

I'm mildly discombobulated since my flight got in quite delayed last night and I swear, there wasn't enough time between travel even though I had more than a week, but here's updates:

(1) GSoC Mentor Summit was amazing, filled with open source folk who were also passionate about mentoring. It was cool having lots in common with every person I talked to all weekend.

(2) I have pictures, largely of playing powerpoint karaoke yesterday. Also of some of the guys playing rugby in the hot tub. ;) (Well, okay, just tossing a ball around, but still!) They need some serious culling so expect most of them later in the week. Arc pulled the best ones off my camera and they're here: https://plus.google.com/u/0/109741359399131092509/posts/VHbodBCsBPJ (Thanks to Denis of Gentoo for being our photographer!)

(3) Oh yeah, the big announcement is that I'm going to be the Org admin for the Python Software Foundation next year. Doomed! So yeah, I go from managing my 3 students, 7 mentors for Mailman (and backup managing another 3 students from Systers), to around 30 students spread across a pile of sub-organizations. Should be fun. Or terrifying. :) I'll probably write more about this later once it's had more time to sink in.

(4) I need to also make time to encourage folk to come to Pycon. There is financial aid available and the application is up. I'm going to be sending more personal notes out to my new contributors from GHC12 and my GSoC students from Systers and Mailman. The Mailman sprint last year was probably the most satisfying hacking event I've ever attended, and I want others to have that experience. :)

(5) I did get all my GHC12 pictures up before I left: https://secure.flickr.com/photos/terrio/sets/72157631687919350/

(6) My last official GHC12 blog post (about the open source day hackathon) is pending now that I have photos to go with it. I've got notes for a few more, but not sure I'll have time to write them.

In theory, I'll be home in New Mexico and not traveling again 'till December. Which is good, because I need to put together academic applications, write a paper with my remaining thesis research (the tech report got cited twice already, which is a sign that I should have something more peer-reviewed out there), and get the research done for my next paper. Plus, you know, squash all the open bugs/add all the missing features in Postorius, make sure the port of dynamic sublists to Mailman 3 is finished, and purchase flights for my trip home in December.

I feel like I should be a lot more stressed about all that I've got on my plate, but after a weekend with open source folk, I'm feeling pretty relaxed and pleasant and like it's all going to work out somehow. And to be honest, that feeling may be the most important thing I'm bringing back from Mountain View this week. :)

This was originally posted on But Grace, but I don't want my regular blog to wind up devoid of technical content so I'll be crostposting all my posts from there in their entirety, I suspect.

One of the cool things going on at work is some software we have that automates the creation of small bug fixes. We're looking to try it on some more active projects with real bugs, but we need projects with reasonable test case coverage so that the automated system can also ensure that it isn't causing other things to break in making the fix. Basically, we're potentially offering up a bunch of free bugfixes if your open source project has decent test cases. Pretty good deal, I hope.

Open source projects with good test suites

But how do we find software with good test cases? Here's a few I know of off the top of my head:

Open source projects with good test suites

Name/URL	Test suite?	Notes
Firefox	A brief search turns up some automated tests	My fuzzy memory suggests there was more than these...
Gnumeric	Extensive regression tests for each function	The function tests are in .xls spreadsheets, so we could potentially apply them to other spreadsheet software.
SQLite	They claim extensive test coverage	Very promising!
Webkit (Chrome, Safari)	a brief web search turns up regression tests for javascript	I believe the Chromium project has even more tests

Can anyone suggest other software or more details (and better links) on the things I have mentioned already?

Open source routing software

For various reasons, I've been encouraged to try experiments on open source routing software. There's some existing academic literature on the types of bugs found in open source routers, and it seems like our automated patch creation system would be a good fit especially since router bugs often cause huge outages or security problems and having a temporary patch to solve the problem right away could be a huge boon.

My query on twitter generated a nice list of open source router software, but no one seems to know anything about test suites. Here's a table summarizing what I've found thus far:

Open source router software test suite information

Name/URL	Test suite?	Notes
Click	Unknown	Nothing obvious, and given that it's on a university website, I'll be shocked if it has testing. ;)
dd-WRT	Unknown	Nothing obvious in the wiki, but there were lots of hits I haven't investigated.
OpenWRT	Unknown	Clearly there was interest in automated test suites in Jan 2011 but it's unclear to me if these are now around somewhere. Need to look more.
pfSense	No evidence of a test suite	Searching the dev wiki for "test" yields nothing likely, so I'm guessing there isn't one.
Quagga	There is a tests/ directory, but it looks unsuitable	"make test" doesn't work and "make check" pokes a bunch of directories but doesn't seem to do what I need. There's a directory called tests/ in the repository, but I'm not sure what it does. I can run the tests manually, but the output is currently meaningless to me. No one answered my question on #quagga, although another open source friend on #kernel.org suggested that the test suite may have been abandoned.
Tomato	No evidence of a test suite	The web site contains nothing useful, so if there is a test suite, it's likely being provided by someone else.
XORP	There is a tests/ directory, unsure if suitable but look promising	These look promising, but I'm having some build errors and haven't been able to run them yet

You'd think, perhaps, that reasonable test suites for routers would already exist. A generic test suite would be totally sufficient for my needs at the moment. And in fact, I've found a set of routing tests from the University of New Hampshire InterOperability Laboratory, but while their tests are well-described, it doesn't look like something we can run locally and repeatedly as we'd need to in order to test the auto-generated patches. I haven't yet found others.

Let's be clear: I don't really care what the router supports in great detail. The important thing for these tests are that there be a good test suite, and preferably a good bug queue so we can grab candidate bugs and bug test cases to try to solve them. Generally speaking, the bugs have been easier to find than the regression tests.

In summary...

I am looking for:

1. More information about router test suites.
2. Updates to my current tables of information. This represents a morning's work, so I'd be shocked if they're perfectly correct.
3. Any open source/free software projects with good test suites (and preferably good bug queues).

Again, the key here is that I need good test suites. I'm most interested in routing software at the moment, but I'm building up a list of alternative ideas if that doesn't pan out, so anything with good automated tests I'll be able to run repeatedly is of potential interest. We've got access to a reasonable amount of computing power, so heavier weight tests are fine as long as they aren't going to take all month to run.

We would love to contribute any fixes we find back to the community, so if you think your project might qualify please get in touch! I think the end result is going to be awesome for all involved: free bug fixes for the project, more impressive real-world validation of our automated patch creation system, and maybe even an academic paper out of it for some of the folk around here.

People often comment on the number of ribbons on my badge, and I always tell them that I get a lot of them because I like volunteering at GHC. Volunteering every year keeps me with a nice balance of meeting new people and having an excuse to sit and chat with friends who I met volunteering in previous years. Plus, badge ribbons are just fun:




My day started with an orientation for Hoppers, and I was not nearly awake enough to take pictures of that.

From there, I headed to the Free and Open Source Software booth, which is kinda unusual among the booths at GHC11 in that we're a collection of people working on completely unrelated projects, and you'll get to hear about completely different things if you come back a few hours later. Plus, some of the coolest and most inspirational women I know are working at the booth. One of the things about open source is that it attracts a lot of people who are willing to just Get Things Done and who are able to not only get the technical details right, but also able to organize their own time and other people's to make sure things happen. If you went to Jo's session in the afternoon and realized you want to be known as the sort of person who really gets stuff done, you should be looking to these people for tips!




Then I moved on to the PhD Forum. Here's pictures of the lovely presenters, but I'm too tired to dig out my session notes so I'll just suggest you mosey on over to Valerie's blog about the session.




There's a blur of meeting people and chatting and getting caught up between every session. It's awesome!

I also got a chance to meet with the other community volunteers, yet another illustrious crew of smart awesome women who are passionate about using social media and all our other tech tools to share the experience of being at GHC11 online. Anyone who comes to GHC11 and takes a picture, writes a blog post, tweets, and participates in our online communities can be part of our team! If you want to know how to contribute your stuff to the online communities, just ask!




A few people were willing to humour me today by playing "real life angry birds" with me at the open source booth. I crocheted a bunch of birds to play with, and used it as an excuse to take pictures as a community volunteer. Lots of people have asked if they can have one, and I wish I had time to crochet them for everyone, but alas, I'd get a hand cramp long before I finished! However, please stop by the booth and play with them and take pictures over the next few days, just remember to leave them for the next visitors.




Next up, I went to Jo Miller's session on building your personal brand. Once again, I suggest you visit Valerie's blog to learn more about Jo's talk. I'm going to echo what someone I talked to today said and point out that the neat thing about Jo is how she really motivates this stuff. Brand-building sounds like marketing or startup culture speak to me, but she had a great story about a women she met who felt she was "the best-kept secret of the company" -- but you don't want to be a secret! I may write a post about this later, but for now, read Valerie's. :)

Towards the end of the session they did a speed-networking thing, and I totally made the rookie mistake of leaving my business cards in my purse when we got up to stand on this weird grid thing to facilitate moving and networking. The most amusing moment for me was when we got over and everyone was too busy networking to listen to the instructions on how we should network!





Then it was back to the open source booth for me, where I got to talk to more super cool people and play more angry birds:




I talked about how open source is awesome when you're in grad school. I talked about to get internships at open source companies or through google summer of code (we loooove students!) I talked about what drew me to GNU Mailman (short answer: technology that helps build communities and fun developers to work with!) And I got to hear about people's backgrounds and worries and projects and how their companies use open source software.

Then my final job of the evening was as a Hopper working the registration desk. I figured after the bustle of the open source booth, working a quiet registration desk would be boring... But I sat down next to Kate and had a blast talking about Margaret Atwood, working in technology while wearing a skirt or even a suit, our (relatively) new jobs, and everything else we could think of for a few hours. It was great!




And then back to the free and open source booth where I got to sit and chat with Mel who I admit I probably fangirled all over because I love the way she's been blogging about viewing academia from an open source perspective, and she is just totally one of those people who always seems to be doing cool things and thinking about them in insightful ways and I was so very exited to meet her. Hopefully i didn't talk her ear off too much, given how tired we all were by this point!

When the show floor closed up, it was time to head back to the hotel, and now I've stayed up too late processing photos and blogging. Oops! Tomorrow's 7:45am breakfast meeting with my security panel is going to feel very early!

But thankfully, you don't have to get up before 7:45 to talk about the panel; you can all just come see the finished product at 11:30am-12:30pm in B113-115 where I'm on a panel about online security for technical women. Hope to see you there!

As some of you may know, my last paper was on visual security policy (ViSP), a neat idea I had about how to add security policy to a website in a way that was more in line with how sites are designed. I based it on my own knowledge working as a web designer, as well as ideas from a variety of friends who have or do work in the web space professionally and not.

You can read my presentation the larger run-down or read the paper, but the idea behind ViSP is that it's sometimes very useful to subdivide pages so that, say, your advertisement can't read your password, or that funny video you wanted to embed doesn't get access to post blog entries, or whatever. Sadly, right now anything embedded in the page gets access to anything else unless some awfully fancy work has been done to encapsulate parts of the page. (And given how much people tend to care about security in practice, this doesn't get done as often as it should.) We currently just trust that any includes will play well, which is super awkward since malicious code can be inserted into around 70% of websites and you can't very well expect malicious code to play nicely.

Anyhow, I digress.

I'm updating this particular policy tool so that I can generate some policies to test, because I'm tired of building them manually, and my not-terribly-scientific method of clicking randomly on things to make policy has turned up a problem: what happens if you want to set policy for an element that's just one of many paragraph tags or whatever, not assigned an id?

With ViSP, we assigned an index based on how many such tags we'd seen, but I figured while I'm updating this surely I could find something more standard...

Turns out, no, that really is the best way to do it. At least according to the selectors API, which includes a nth-of-type() pseudo-class that seems to do pretty much what I want.

So now, if you're using my tool and wanted to define policy for a given tag, any given tag, we can make that work for you by building up a CSS selector to find it. Of course, it'd probably be cleaner to read if you only set policy on tags with ids or classes, but I don't have to require that as an additional hurdle to policy creation. I figure this is likely a net usability win when it comes to policy generation, and let me tell you, security policy is not a field known for usability wins. (So much so that if I google search for the words security policy and usability... I see a post by me on the front page suggesting usability studies on CSP.)

Anyhow... Thanks to having to learn querySelector earlier, I was already primed to create querySelectors for uniquely defining tags. Thanks Mozilla documentation! You're a terrific coding wingman, introducing me to all these awesome apis. ;)

More notes from getting myself set up to write code:

The fink project has a page about upgrading from 10.5 to 10.6 with fink.

It's very easy to get distracted by the nice step-by-step description that takes up most of the page.

The pertinent bit of information is at the top, though:

you will probably find it easier to do a clean install from source instead.

I probably should have just done that first, since the lovely instructions didn't work at all for me. Oh well.

One last blog post for today, I promise!



I've been completely remiss in mentioning this. (I blame thesis, as usual.) My friends Mary and Valerie have started the Ada Initiative to support women in open technology and culture, and they're looking for a few more donors to round out their initial funding round.

I regret that right now I don't have money to support them financially or time to be a bigger part of what they're building, but what I can do right now is tell you why those of you who can donate should do so.

Some of you may already know one or both of them. If you don't, you should know that Valerie and Mary are both awesome at getting things done.

When Mary was running Linuxchix, not only did she keep things in basic working order, but she also had a great vision for driving things ahead and doing more. While the new coordinators have done a good job of keeping things going, I'm really sad that when she left we lost that extra push to go beyond our original mission. After a women-in-tech BoF Valerie organized (and I attended) at the Linux Symposium, she went on to write the HOWTO Encourage Women in Linux, making sure that the things we'd discussed could be brought to a wider audience. They go beyond the level of keeping afloat as non-stereotypical geek, and towards making things better.

There's a lot of frustrating things that come up as a geeky woman, some big, some small. I'm trying to do my part by writing for geek feminism and bringing attention both to the good and bad. But Valerie and Mary believe they could have an even bigger impact on the problems if they worked on this full time rather than relying on all of us already busy people to work that second shift.

These are women who can recruit teams of top-notch volunteers, build networks, and seriously make a difference in the world, so if you're interested in supporting women in open tech and culture and want to know your dollar's going to have an impact, The Ada Initiative is a great cause.

This post entitled Too Few Women In Tech? Stop Blaming The Men was making the rounds when I got back from camping yesterday. It's a "just do it" rallying cry, which is not unreasonable (more women trying will likely result in more succeeding) but one that's made a bit blindly, unaware of some of the barriers that those who try are facing.

There's already an excellent response out there which says most of what I wanted to say: Too Few Women in Tech? Stop Playing the Blame Game. Basically, quit trying to blame it all on men or women or society or math test scores and try working together to create solutions. All of these things (and more) are to blame, but pointing it out isn't nearly as helpful as finding work-arounds.

But there's still one thing I'd like to pull out of the original article:

We beg women to come and speak. (...) And you know what? A lot of the time they say no. Because they are literally hounded to speak at every single tech event in the world because they are all trying so hard to find qualified women to speak at their conference.

Let me tell you a story. One year, it was announced that one student in my department was going to get a special job. Over the months afterwards, I heard a lot of grumbling. The problem was not that said student couldn't do the job: the person was an excellent candidate. The problem was that the student had been the only candidate. The university had quite a number of other talented students, and they had not been made aware of the upcoming position or given a chance to apply. The person who got the job was the same person regularly nominated for special scholarships, invited to special events, seemingly given first right of refusal in many other projects. The upper academia equivalent of a teacher's pet.

The problem was that the university saw themselves as having a single exceptional candidate, when in fact they had probably 10, 30, or more.

I think this is what's starting to happen when it comes to women in tech. Sure, there might not be enough of us. Sure, it's no where near the 50% of the population. But that doesn't mean you get to ask the 5 women you know or have seen speak before and then sigh and say "it's too bad no women want to participate." Like the university, you're probably missing at least 10 times as many who are qualified, but haven't been quite so heaped with honours so they're harder to find.

If all the women you're asking are all busy, it's not necessarily a sign that all possible excellent candidates are busy; it could just be a sign that you're looking in the same place as everyone else.

Because I interact with a lot of other techcnical women, I know there are many good people who just don't hear about speaking opportunities. And others have so many requests they can't handle them all.

So in the spirit of being useful, here's some wider places you should look if you're trying to find some great women speakers. Maybe not all of them have given keynotes and been interviewed a dozen times, but they're still interesting people who could enhance your event:

• The Grace Hopper 2010 schedule includes a many women speakers on a number of topics. (I'm on the open source track!) I found the calibre of speakers at GHC 09 to be especially high, so it's a great place to start when looking for a great speaker. Feeling overwhelmed by the sheer number of candidates? Talk to @ghc and ask for help making the right connections.



• Geekspeakr.com is intended to help events find technical women speakers and vice versa. You can search by keywords or just browse around. These folk have all signed up saying they're willing to speak!



• My university Women in Science and Engineering group ran the Carleton Celebration of Women in Science and Engineering last spring, and I was especially impressed with the the technical speakers during the day (i.e. before 5pm) because they were presenting graduate level research and ideas in ways that were accessible and fascinating. These women are definitely a cut above when it comes to science communicators!
  
  
• There are many women's groups around you can ask. I'm a member of Systers (originally for women in SYStems, now a more general women in technology group) and Linuxchix (a group for women and allies interested in Linux or other open source). But there's lots more such groups.

And that's only scratching the surface of places I'd look if I wanted to find good female speakers. Need some more help? Just ask!

Ada Lovelace Day is an international day of blogging (videologging, podcasting, comic drawing etc.!) to draw attention to the achievements of women in technology and science.

Women’s contributions often go unacknowledged, their innovations seldom mentioned, their faces rarely recognised. We want you to tell the world about these unsung heroines, whatever they do. It doesn’t matter how new or old your blog is, what gender you are, what language you blog in, or what you normally blog about – everyone is invited.

To be honest, I didn't feel much like writing for Ada Lovelace Day. It feels like writing is all I do lately: a paper and a poster proposal due this week, plus the all-consuming nature of my thesis proposal that I finally submitted this month after more than a year of work. I love research/coding and I even like writing, but when they're too far out of balance I start to feel like I'm one of those people who's all talk and no action.

But Jennifer Redman is one of the people who's been pulling me out of talking and into doing, which makes it even more important that I honour her today.




I don't honestly remember when I first met Jen online -- probably through Linuxchix or maybe Mailman -- but I got to meet her for the first time in person at GHC09 after she invited me to help out with the Systers code sprint.

Jen really grabbed my attention because she was using Systers to focus on something that sometimes gets overlooked: getting individual women who already know how to code to the point of making open source contributions. And not just in a general supportive way, but in a specific, defined, "here's a project, let's hack!" sort of way. And it doesn't hurt that geeking out with other women is fun. Not that computers for girls isn't a great idea, but getting more women involved now means we've got the role models we want for those girls. And here's Jen with some grand ideas and bugs to fix and a pile of virtual machines to get women playing around in open source software sooner rather than later.

I often hear talk of such ideas, but often no one has time to follow through. What makes Jen especially incredible is how dedicated she is to the follow through. She helps keep the Systers mailing lists running (and on-topic!) She got that code sprint together, and already has plans for next year. And now she's assembling an all-star team of mentors for the Systers GSoC 2010 projects, getting us all talking and thinking, and making sure we're committed, and ready to go both mentally and technically as the students start to arrive. She's got a great level head and a willingness to say what needs saying when things get rough -- her sane commentary on some really horrendous geek feminism issues made me feel just that much more grounded when we chatted at GHC. And I'm sure she's doing all sort of other awesome stuff that I don't even know about because I'm so wrapped up in my own world.

I've been scaling back my volunteer/open source activities for the past few years as I get more deeply involved in my PhD, which means that I say no to a lot of things. But Jen and Robin Jeffries chatted with me about doing archives at the code sprint, and managed to come up with exactly my perfect project: Mailman development (on archives, no less!) where I get to work one-on-one with students and women in computing. That's three of my favourite things right there! But I'd probably still have said no if some stranger came up and offered that to me. What makes this a project worth rearranging my life for is Jen: I don't know everyone else yet, but I know that if she's involved, things will happen, and I'm going to be proud to have been involved.

So thank you, Jen. Here's to a great summer!