A new triple constraint

The idea of a triple constraint is well-known, even if people don’t think of it by that name. “Fast, easy, and cheap: choose two. In project management, the relationship between scope, cost, and schedule is sometimes called the “iron triangle”. But recently Seth Godin published a blog post that got me thinking about a new triple constraint.

Profitable, difficult, or important?” Godin asks.

Profitable, difficult, or important—each is an option. A choice we get to make every day. ‘None of the above’ is also available, but I’m confident we can seek to do better than that.

Godin never says this, but success generally means sacrificing one of those three for the other two. Of course, you can be successful with one or none, but not more than three.

Where’s your evidence, Ben? I have none; this is a hunch. In an ideal world, your work would be all three. But the reality is that doing all three of them is exceedingly difficult. Sometimes the best way to win is knowing what you can lose.

The role of privatized weather warnings

Last week, the Washington Post‘s Capital Weather Gang blog ran an article titled “U-Md. used a private company for a tornado warning. That can be problematic.” They’re right, but the point gets lost in the article. By presenting a laundry list of the times AccuWeather got a forecast wrong and ignoring missed warnings from the National Weather Service, the post ends up reading like a hit piece.

I am unabashedly a National Weather Service fanboy, but I see an important role for the private sector in the weather ecosystem. Despite my general dislike for AccuWeather, I have no problem with universities working with them. They can provide a degree of hands-on service that the NWS is not equipped to provide. This includes warning-like products to augment the NWS products.

My only objection is to the use of “watch” and “warning”. It’s hard enough to get the public to understand these terms. Adding similarly-named products from other sources will not help. A Weather-Ready Nation requires a cooperative effort between public and private sector meteorologists. Private companies are free to give their customer severe weather warnings, I just wish they’d use a different name.

You are responsible for (thinking about) how people use your software

Earlier this week, Marketplace ran a story about Michael Osinski. You probably haven’t heard of Osinski, but he plays a role in the financial crisis of 2008. Osinksi wrote software that made it easier for banks to package loans into a trade-able security. These “mortgage-backed securities” played a major role in the collapse of the financial sector ten years ago.

It’s not fair to say that Osinski is responsible for the Great Recession. But it is fair to say he did not give sufficient consideration to how his software might be (mis)used. He told Marketplace’s Eliza Mills:

Most people realized that we wrote a good piece of software that we sold in the marketplace. How people use that software is … you know, you really can’t control that.

Osinski is right that he couldn’t control how people used the software he wrote. Whenever we release software to the world, it will get used how the user wants to use it — even if the license prohibits certain fields of endeavor. This could be innocuous misuse, the way graduate students design conference posters in PowerPoint or businesspeople use Excel for all conceivable tasks. But it could also be malicious misuse, the way Russian troll farms use social media to spread false news or sew discord.

So when we design software, we must consider how actual users — both benevolent and malign — will use it. To the degree we can, we should mitigate against abuse or at least provide users a way to defend themselves from it. We are long past the point where we can pretend technology is amoral.

In a vacuum, technological tools are amoral. But we don’t use technology in a vacuum. The moment we put it to use, it becomes a multiplier for both good and evil. If we want to make the world a better place, we cannot pretend it will happen on its own.

Linus’s awakening

It may be the biggest story in open source in 2018, a year that saw Microsoft purchase GitHub. Linus Torvalds replaced the Code of Conflict for the Linux kernel with a Code of Conduct. In a message on the Linux Kernel Mailing List (LKML), Torvalds explained that he was taking time off to examine the way he led the kernel development community.

Torvalds has taken a lot of flak for his style over the years, including on this blog. While he has done an excellent job shepherding the technical development of the Linux kernel, his community management has often — to put it mildly — left something to be desired. Abusive and insulting behavior is corrosive to a community, and Torvalds has spent the better part of the last three decades enabling and partaking in it.

But he has seen the light, it would seem. To an outside observer, this change is rather abrupt, but it is welcome. Reaction to his message has been mixed. Some, like my friend Jono Bacon, have advocated supporting Linus in his awakening. Others take a more cynical approach:

I understand Kelly’s position. It’s frustrating to push for a more welcoming and inclusive community only to be met with insults and then when someone finally comes around to have everyone celebrate. Kelly and others who feel like her are absolutely justified in their position.

For myself, I like to think of it as a modern parable of the prodigal son. As tempting as it is to reject those who awaken late, it is better than them not waking at all. If Linus fails to follow through, it would be right to excoriate him. But if he does follow through, it can only improve the community around one of the most important open source projects. And it will set an example for other projects to follow.

I spend a lot of time thinking about community, particularly since I joined Red Hat as the Fedora Program Manager a few months ago. Community members — especially those in a highly-visible role — have an obligation to model the kind of behavior the community needs. This sometimes means a patient explanation when an angry rant would feel better. It can be demanding and time-consuming work. But an open source project is more than just the code; it’s also the community. We make technology to serve the people, so if our communities are not healthy, we’re not doing our jobs.

Other writing — July 2018

Where have I been writing when I haven’t been writing here?


FPgM report: 2018-30

Inspired by bex’s “Slice of cake” updates, I present to the community this report of what has happened in Fedora Program Management this week.


  • REMINDER — Software string freeze is July 31.



Submitted to FESCo

Approved by FESCo

I am on PTO this week, so anything not immediately obviously pertaining to submitted changes will be taken care of early next week.

Amazon should not be the library

Edit (7/24/2018): Quartz reports that Forbes has pulled the article.

If you haven’t seen it yet, Forbes ran an article suggesting Amazon should replace the public library as a way to save taxpayer money. This is a bad take from anyone, but particularly from the Chair of the Economics Department at LIU Post. Apparently the good professor does not realize that Amazon exists to make money, so there’s a good chance that savings would be funded in part by a loss of service and local accountability.

Or maybe he doesn’t realize poor people exist. Or even that the well off sometimes like to have public spaces where they are allowed to exist without having to buy something. When I was a kid our house wasn’t air conditioned. On hot summer days, my mom would take us to the county library. We could sit and read in comfort for a few hours and no one cared.

I’d check out a dozen or more books. A few weeks later, I’d bring them back and get abkther armful. Imagine how much my parents would have had to spend on Amazon. And libraries don’t just provide books. Ours had music and movies and paintings available for checkout. It had genealogy records and newspapers. It had meeting spaces and community programs. If the Internet had been widespread then, it would have had that, too.

My current local library has digital subscriptions in both text and audio format. It has state park passes available for checkout. It has a mobile library to visit the elderly, infirm, and others who can’t make it to one of the three branches in the county. If there was profit to be made in doing all of this on a broad scale, Jeff Bezos would be doing it already.

A library is more than just the books. It’s a part of the community. Removing it from the commons in favor of a private corporation is a terrible idea. My friend Doug explained it well a year ago.

Everyone, just by the act of existing, gets aceess to this valuable resource at the cost of a fraction of a percent of the assessed value of local property. A few years ago, I looked at the detail of my property tax bill and realized I was getting way more value out of my library than I paid for. So I started donating to the library foundation. If Professor Mourdourkoutas can’t get more value from his library than he puts in, that’s on him.

FPgM report: 2018-29

Inspired by bex’s “Slice of cake” updates, I present to the community this report of what has happened in Fedora Program Management this week.


  • REMINDER — Self-Contained Change submission deadline is July 24.
  • REMINDER — Software string freeze is July 31.



Submitted to FESCo

Approved by FESCo

I will be on PTO next week, but I will be checking in daily to shepherd last-minute change submissions.

“You’ve been hacked” corrects behavior

Part of running a community means enforcing community norms. This can be an awkward and uncomfortable task. I recently saw a Tweet that suggests it might be easier than you thought:

It’s nice because it’s subtle and gives people a chance to self-correct. On the other hand, there’s some value in letting community members (and potential community members) see enforcement actions. Not as a punitive measure, but as a signal that you take your code of conduct seriously.

This won’t work for every case, but I do like the idea as a response to the first violation, so long as it’s a minor violation. Repeated or flagrant violation of the community’s code of conduct will have to be dealt with more strongly.