Book review — A Lawyer’s Journey: The Morris Dees story

It’s easy to see the modern Ku Klux Klan (KKK) not as the domestic terrorism organization that murdered and oppressed black and Jewish people for decades, but as a small group of impotent ragers making noise on the fringes of society. And it’s equally tempting to see this diminished stature as the direct result of society coming to realize that the KKK’s views are abhorrent. But for as much as we might like to think that American society marginalized the KKK on its own, credit also goes to the Southern Poverty Law Center (SPLC). The SPLC’s novel suits against KKK organizations helped bring legal constraints and financial ruin to prominent KKK organizations in a time when they were feeding off the resentment festering in the wake of the civil rights movement.

At the center of the suits was SPLC co-founder Morris Dees. In his book, co-authored with Steve Fiffer, Dees tells his story. He talks about how his upbringing as the son of a poor Alabama farmer shaped his life and his resulting career as a private attorney and the leader of a prominent anti-hate-group non-profit.

I received a copy of A Lawyer’s Journey after making a donation to the SPLC. If I knew I was going to receive a copy when I made the donation, I had certainly forgotten by the time it showed up. The title hardly suggested an exciting read and I didn’t know who Dees is. Nonetheless, I picked it up. Within a few chapters, I had a hard time putting it down.

As a white person who grew up in the (nominally) not-South during the time many of the cases in question were tried, I had very little knowledge of the efforts the SPLC and others made to stop the KKK in the 1980s. I assumed that the KKK went away because polite society realized it couldn’t tolerate white supremacy. Instead I learned how a few very motivated lawyers (and their brave clients) went toe-to-toe with the KKK using legal strategies that had never been tried.

As interesting as the content is, this book is not great from a literary point of view. The timeline jumps around without a clear reason. As with any autobiography, readers are obliged to read with a critical eye. Even if Dees is entirely truthful in what he tells, he presents only what he wants the reader to see. He mentions his divorces in passing, but his personal life beyond his teens years is largely absent. Apart from describing the time he and his daughter fled to a panic room (and her subsequent attendance at a major trial), we don’t know what effect the lawyer’s journey had on his family’s journey.

Given the recent resurgence of nationalism and white supremacism, this book deserves a read. People can fight hatred in many ways, and Morris proved that civil suits can be effective.

International House of Brand mistakes

Last week, restaurant chain IHOP (fully known as “International House of Pancakes”) teased a name change. They’re going to flip the “P” and become IHOb. But what does the “b” stand for? Breakfast? Biscuits? Blockchain? Belly aches?

On Monday we learned it stands for “burgers”. It’s a temporary name change to promote their new Ultimate Steakburgers. And I think it’s pretty dumb.

IHOP has a well-known brand. They’ve sold non-breakfast-food for as long as I’ve been aware of them, but — as the name suggests — breakfast food is their bread and butter. They got a lot of free publicity out of this stunt, but that doesn’t necessarily mean it was beneficial. The reaction I’ve seen has mostly been negative, including this scathing take:

You can get a burger in just about any restaurant in America. Even a temporary abuse of the brand to go after a crowded space seems cruel to a brand that has served so well. As The 22 Immutable Laws of Branding points out, products aren’t sold anymore, they’re bought. And they’re bought because of branding. A brand can be a company’s most valued asset.

Maybe this works out for them, but I expect that it doesn’t give IHO* any long-term benefit. What would be more interesting to me is dropping the non-breakfast menu entirely. There’s something to be said for simple food menus. The more items on the menu, the less often they get made. This means less skill in that recipe for the cooks and more ingredients that need to be stocked (and potentially sit for a while). With a simple menu, you can do a few things really well.

McDonald’s has learned this lesson over and over again over the years. Every time they expand their menu, quality and customer satisfaction seem to go down. So they simplify the menu a bit for a little while, until it’s time to chase a new customer segment. In comparison, Chick-Fil-A has a relatively small menu that they execute well. Restaurants don’t need to be everything to everyone, and I think there’s space for a “we only serve breakfast, you’ll just have to like it” chain. Let’s face it: few things are as popular as breakfast foods at not-breakfast times.

But if IHO* is really serious about competing in a crowded burger space, there are better ways to go about it. “Burgers are like pancakes made of meat!” is a slogan that just came to mind. It’s not great, but it could be worked on. Sure, it might get less attention than changing the name to “IHOb”, but attention doesn’t necessarily mean increased sales. Sometimes it’s not how many people you reach, but which people you reach and what message you reach them with.

But at least other brands are having fun:

Microsoft bought GitHub. Now what?

Last Monday, a weekend of rumors proved to be true. Microsoft announced plans to buy code-hosting site GitHub for $7.5 billion. Microsoft’s past, particularly before Satya Nadella took the corner office a few years ago, was full of hostility to open source. “Embrace, extend, extinguish” was the operative phrase. It should come as no surprise, then, that many projects responded by abandoning the platform.

But beyond the kneejerk reaction, there are two questions to consider. First: can open source projects trust Microsoft? Secondly, should open source (and free software in particular) projects rely on corporate hosting.

Microsoft as a friend

Let’s start with the first question. With such a long history of active assault on open source, can Microsoft be trusted? Understanding that some people will never be convinced, I say “yes”. Both from the outside and from my time as a Microsoft employee, it’s clear that the company has changed under Nadella. Microsoft recognizes that open source projects are not only complementary, but strategically important.

This is driven by a change in the environment that Microsoft operates in. The operating system is less important than ever. Desktop-based office suites are giving way to web-based tools for many users. Licensed revenue may be the past and much of the present, but it’s not the future. Subscription revenue, be it from services like Office 365 or Infrastructure-as-a-Service offerings, is the future. And for many of these, adoption and consumption will be driven by open source projects and the developers (developers! developers! developers! developers!) that use them.

Microsoft’s change of heart is undoubtedly driven by business needs, but that doesn’t make it any less real. Jim Zemlin, Executive Director at the Linux Foundation, expressed his excitement, implying it was a victory for open source. Tidelift ran the numbers to look at Microsoft’s contributions to non-Microsoft projects. Their conclusion?

…today the company is demonstrating some impressive traction when it comes to open source community contributions. If we are to judge the company on its recent actions, the data shows what Satya Nadella said in his announcement about Microsoft being “all in on open source” is more than just words.

And in any acquisition, you should always ask “if not them, then who?” CNBC reported that GitHub was also in talks with Google. While Google may have a better reputation among the developer community, I’m not sure they’d be better for GitHub. After all, Google had Google Code, which it shut down in 2016. Would a second attempt in this space fare any better? Google Code had a two year head start on GitHub, but it languished.

As for other major tech companies, this tweet sums it up pretty well:

Can you trust anyone to host?

My friend Lyz Joseph made an excellent point on Facebook the day the acquisition was announced:

Unpopular opinion: If you’re an open source project using GitHub, you already sold out. You traded freedom for convenience, regardless of what company is in control.

People often forget that GitHub itself is not open source. Some projects have avoided hosting on GitHub for that very reason. Even though the code repo itself is easily mirrored or migrated, that’s not the real value in GitHub. The “social coding” aspects — the issues, fork tracking, wikis, ease of pull requests, etc — are what make GitHub valuable. Chris Siebenmann called it “sticky in a soft way.

GitLab, at least, offers a “community edition” that projects can self-host. In a fantasy world, each project would run their own infrastructure, perhaps with federated authentication for ease of use when you’re a participant in many projects. But that’s not the reality we live in. Hosting servers costs money and time. Small projects in particular lack both of those. Third-party infrastructure will always be attractive for this reason. And as good as competition is, having a dominant social coding site is helpful to users in the same way that a dominant social network is simpler: network effects are powerful.

So now what?

The deal isn’t expected to close for a while, and Microsoft plans to seek regulatory approval, which will not speed the process. Nothing will change immediately. In the medium term, I don’t expect much to change either. Microsoft has made it clear that it plans to run GitHub as a fairly autonomous business (the way it does with LinkedIn). GitHub gets the stability that comes from the support of one of the world’s largest companies. Microsoft gets a chance to improve its reputation and an opportunity to make it easier for developers to use Azure services.

Full disclosure: I am a recent employee of Microsoft and a shareholder. I was not involved in the acquisition and had no inside knowledge pertinent to the acquisition or future plans for GitHub.

It looks like you’re writing a resignation letter, would you like help with that?

I just signed out of my @microsoft.com accounts for the last time. I never thought I’d end up working there, but the company has changed since the “GPL is a cancer” years. I saw it from the outside and after they acquired Cycle Computing, I saw it from the inside, too.

I want to be clear: the problem isn’t Microsoft. In fact, it’s a great company to work for. But the role I was placed into after the acquisition was not a good fit for me and I was not a good fit for it. I tried to find a more mutually-agreeable position within Microsoft, but then an external opportunity came along. I couldn’t turn it down.

So for the next two weeks I’ll be funemployed. I have so many things I want to get done and I expect a full two-thirds will remain on my to-do list when I’m done. And I’m totally okay with that. I’ve never taken time off between jobs before, and I think I’ve earned it. And even if I haven’t earned it, I’m doing it anyway.

But as excited as I am for the time off and the new role that follows, I’m pretty sad about leaving great coworkers behind. I met some awesome people at Microsoft, and I will miss working with them. And even more than that, I’ll miss the great Cycle Computing team, with whom I’ve worked very closely over the last five years. It wasn’t always easy being a bootstrapped startup, but we did awesome work together and I’ll miss the team. I hope I can stay in touch.

My next role isn’t a national secret, but you’ll understand if I don’t talk about it publicly until I start in a few weeks.

Everyone needs to know how to program, or not

A common refrain I’ve heard over the years is “everyone needs to know how to program”. Computers are pervasive in both work and leisure. Knowing how to make them do what the humans want is valuable both from a practical standpoint and from a financial standpoint. But does everyone really need to know how to program?

This topic has been on my list for a long time, but I got a convenient nudge on Twitter earlier this week. My friend, speaking about science communication, exactly captured my feelings:

The spectrum of computer skills is very broad. At the high end is computer science (which doesn’t necessarily translate to practical computer usage skills). As my friend Dave describes it, CS “is a branch of mathematics built around complexity.” This is clearly beyond the level that everyone needs. At the low end is basic computer literacy like using standard desktop software. That seems to be a safe bar for “everyone”.

So we know the high end is too high. The low end is a bare minimum. Where’s right spot in the space between those two extremes? I’m inclined to lean toward the low end. Programming, and thus automation, has applications in almost every profession. But that doesn’t mean it’s a key skill for every profession. In my current job, I have almost no need for programming skills. Basic use and troubleshooting of the applications I use is all I need. I wouldn’t tell someone looking to get into product marketing to not learn programming, but I wouldn’t say they have to in order to be successful in the role.

I’m generally skeptical of using the education system as vocational training. Especially in fast-moving fields like technology, curricula can’t keep up with the changes in the field. How much of what you teach a 7th grader about programming in a particular language will be relevant by the time they enter the work force? At best, you can teach broad concepts.

If you asked me what’s driving this push for coding in the classroom, I’d say it’s two things. First, policymakers who don’t understand technology themselves see this as a way to drive economic growth and help the fortunes of their constituents. Second, technology companies are seeing a shortage of workers with the skills they want and so are looking to get the public to fund their job training programs. I don’t see similar efforts to teach electrical or plumbing work to everyone, even though they’re both well-paid and also highly practical to those outside the profession.

So let’s put more computer literacy into the curriculum. But let’s not assume that means programming. If anything involving computers and education needs to change, it’s that computer science and programming curricula need to include ethics courses.

Sidebar: one area where programming in education may help

The main area I see a true benefit for adding programming into primary and secondary education is helping under-indexed minorities get involved. Tech has more than just a “pipeline problem”, to be sure. But while the cultural problems are worked on, it can only help to get more under-indexed minorities interested. If nothing else, it will help dilute the bros.

You’re an SEO company

Business owners, regardless of their industry, often view themselves in terms of what their business does. “We’re a bookstore, a coffee shop, a web design company,” or whatever goods or services that customers pay money for. But a recent conversation made me realize that most small businesses in a mature market are really a search engine optimization (SEO) company.

Okay, there are a few caveats here. I’m thinking of mature markets as fields where there are many small or small-ish players that are attempting to serve a large number of users. Think generally of the early and late majority sections of the technology adoption life cycle. Ride sharing, for example, is out of scope. It’s pretty solidly in the middle of the bell curve, but it has three players: Uber, Lyft, and everyone else.

The subject of the conversation was a VPN service. A friend was using VPN software and observed that it would be easy to share his server with others for a fee. All the other challenges of running a business aside, I immediately asked what his differentiation is.

VPN services may not be mainstream exactly, but the market is mainstream enough. And there are a lot of players with no one particularly dominant. So how does a new entry set itself apart? There’s a little bit of room to differentiate on price, location, service, etc, but not much. So the best way to differentiate and get new customers is to be better at search engine optimization than the rest of the field.

In essence, making a business successful requires skills entirely unrelated to the business itself. When you can’t easily differentiate your product, you have to differentiate your marketing.

Other writing – May 2018

What have I been writing when I haven’t been writing here?

Stuff I wrote

Opensource.com

Microsoft

Stuff I curated

Microsoft

Opensource.com

Book review: Habeas Data

What does modern technology say about you? What can the police or other government agencies learn? What checks on their power exist? These questions are the subject of a new book from technology reporter Cyrus Farivar.

Habeas Data (affiliate link) explores the jurisprudence that has come to define modern privacy law. With interviews with lawyers, police officers, professors, and others who have shaped the precedent. What makes this such an interesting subject is the very nature of American privacy law. Almost nothing is explicitly defined by legislation. Instead, legal notions of privacy come from how courts interpret the Fourth Amendment to the United States Constitution. This gives government officials the incentive to push as far as they can in the hopes that no court cases arise to challenge their methods.

For the first two centuries or so, this served the republic fairly well. Search and seizure were constrained to the physical realm. Technological advances did little to improve the efficiency of law enforcement. This started to change with the advent of the telegraph and then the telephone, but it’s the rapid advances in computing and mobility that have rendered this unworkable.

As slow as legislatures can be to react to technological advances, courts are even slower. And while higher court rulings have generally been more favorable to a privacy-oriented view, not everyone agrees. The broad question that courts must grapple with is which matters more: the practical effects of the technology changes or the philosophical underpinnings?

To his credit, Farivar does not claim to have an answer. Ultimately, it’s a matter of what society determines is the appropriate balance between individual rights and the needs of the society at large. Farivar has his opinions, to be sure, but Habeas Data does not read like an advocacy piece. It is written by a seasoned reporter looking to inform the populace. Only by understanding the issues can the citizenry make an informed decision.

With that in mind, Habeas Data is an excellent book. Someone looking for fiery advocacy will likely be disappointed, but for anyone looking to understand the issue, it’s a great fit. Technology law and ethics courses would be well-advised to use this book as part of the curriculum. It is deep and well-researched while still remaining readable.

It has its faults, too. The flow of chapters seems a little haphazard at times. On the other hand, they can largely be treated as standalone studies on particular issues. And the book needed one more copy editing pass. I saw a few typographic errors, which is bound to happen in any first-run book, but was jarred by a phrase that appeared to have been accidentally copy/pasted in the middle of a word.

None of this should be used as a reason to pass on this book. I strongly recommend Habeas Data to anyone interested in the law and policy of technology, and even more strongly to those who aren’t interested. The shape that privacy law takes in the next few years will have impacts for decades to come.

Google Duplex and the future of phone calls

For the longest time, I would just drop by the barber shop in the hopes they had an opening. Why? Because I didn’t want to make a phone call to schedule an appointment. I hate making phone calls. What if they don’t answer and I have to leave a voicemail? What if they do answer and I have to talk to someone? I’m fine with in-person interactions, but there’s something about phones. Yuck. So I initially greeted the news that Google Duplex would handle phone calls for me with great glee.

Of course it’s not that simple. A voice-enabled AI that can pass for human is ripe for abuse. Imagine the phone scams you could pull.

I recently called a local non-profit that I support to increase my monthly donation. They did not verify my identity in any way. So that’s one very obvious way for causing mischief. I could also see tech support scammers using this as a tool in their arsenal — if not to actually conduct the fraud then to pre-screen victims so that humans only have to talk to likely victims. It’s efficient!

Anil Dash, among many others, pointed out the apparent lack of consent in Google Duplex:

The fact that Google inserted “um” and other verbal placeholders into Duplex makes it seem like they’re trying to hide the fact that it’s an AI. In response to the blowback, Google has said it will disclose when a bot is calling:

That helps, but I wonder how much abuse consideration Google has given this. It will definitely be helpful to people with disabilities that make using the phone difficult. It can be a time-saver for the Very Important Business Person™, too. But will it be used to expand the scale of phone fraud? Could it execute a denial of service attack against a business’s phone lines? Could it be used to harass journalists, advocates, abuse victims, etc?

As I read news coverage of this, I realized that my initial reaction didn’t consider abuse scenarios. That’s one of the many reasons diverse product teams are essential. It’s easy for folks who have a great deal of privilege to be blind to the ways technology can be misused. I think my conclusion is a pretty solid one:

The tech sector still has a lot to learn about ethics.

I was discussing this with some other attendees at the Advanced Scale Forum last week. Too many computer science and related programs do not require any coursework in ethics, philosophy, etc. Most of computing has nothing to do with computers, but instead with the humans and societies that the computers interact with. We see the effects play out in open source communities, too: anything that’s not code is immediately devalued. But the last few years should teach us that code without consideration is dangerous.

Ben Thompson had a great article in Stratechery last week comparing the approaches of Apple and Microsoft versus Google and Facebook. In short: Apple and Microsoft are working on AI that enhances what people can do while Google and Facebook are working on AI to do things so people don’t have to. Both are needed, but the latter would seem to have a much greater level of ethical concerns.

There are no easy answers yet, and it’s likely that in a few years tools like Google Duplex will not even be noticeable because they’ve become so ubiquitous. The ethical issues will be addressed at some point. The only question is if it will be proactive or reactive.