Displaying posts by Karen Sandler
A Note from Our Executive Director: 2023 and my personal quest for software freedom
byon December 19, 2023
Just when I think that I've really grokked the implications of the technology I have woven into my life, I find that life throws completely new challenges my way that make me realize the extent of the work that we have ahead of us for software freedom.
Front of hospital in Brussels CC-BY-SA 4.0 Karen Sandler
Early this year, in February, as I readied myself for the excitement of receiving an honorary doctorate at KU Leuven, I felt my heart beating strangely. An already scheduled visit to the cardiologist revealed that my inherited heart condition had caused an irregular rhythm. I struggled to walk up even shallow inclines.
I have a heart condition I was born with, called Hypertrophic Cardiomyopathy (HCM). It's a condition that generally causes me no discernible symptoms, but I am at much higher risk of what they call "sudden death" than people without this condition (sudden death is what they call it when your heart ceases its function, for HCM patients, it's often because your heart is beating so fast that it's just fluttering instead of efficiently pumping). This is why I've had, for many years, an implanted pacemaker/defibrillator.
Irregular heart rhythms are common for HCM patients over time but need to be either reverted or treated with medication to live a normal life. The longer one is in an irregular rhythm, the more likely that irregular rhythm will stay and be non-revertable. Facing these new symptoms in early in the year, I needed to determine what I needed to do and whether my travel was still safe. To figure out how best to proceed, my electrophysiologist wanted to know about the history of my irregular rhythms. Luckily, I have my implanted pacemaker/defibrillator — designed to record that important information. Ostensibly, this is one of the purposes of having an implanted medical device: to collect such data to inform my treatment.
Years before, I'd decided to have this device implanted with the greatest of trepidation. Many of the key and important features of this device are implemented in software, not hardware. This is my second device (the previous one eventually had battery failure), So, twice, I've had to decide to make an unfair moral choice: do I maximize my chance of surviving with my heart condition, or do I allow installation of proprietary software in my body?
After I decided to have the device installed, I made serious efforts to actually verify the safety and efficacy of the software in the device myself. I filed Freedom of Information Act (FOIA) requests to review the FDA's approval process of this device. What I discovered horrified me: no one — not the FDA, not the patients, not the doctors, not the public — has ever reviewed the source code of the device, or even done direct testing of the software itself. Only the manufacturer does this, and the FDA reviews their reports.
This is a problem that will take a lifetime of many activists working for patient's rights to solve. In the meantime, I had to make the difficult moral choice whether to allow the device in my body, and ultimately I did - it was simply too dangerous to go without (doctors estimated a 25% chance of suddenly dying before I reached the age of 40). I tried to reduced the harm by choosing a device manufacturer that allowed the radio telemetry to be disabled for security reasons. This was a huge benefit, but ultimately it meant I picked a device made by a company that has a large presence in Europe, but a very small one in the United States. Little did I know that this choice would lead me to another difficult decision, which would again only be difficult because the software in the device is proprietary.
In February 2023, while I scrambled to have data in my device extracted before my trip, I discovered that due to the proprietary nature of the device, no one but a company representative could help me. The only one who worked In my city (a major city!) had gone on vacation to visit family overseas. The company had no other representatives available to help me. After much calling to different numbers of the company, I was able to get a list of hospitals and offices across the city that might have had a machine (oddly, they call them “programmers”) that could interface with (or “interrogate”) my device. Upon calling those locations, only a few actually had the programmers and none of those were able to give me an appointment before I left for Europe.
The helplessness that I felt was a powerful echo of how I felt years ago when I realized that my defibrillator was shocking me unnecessarily when I was pregnant. The only way to stop it was to take (otherwise unnecessary) medication to slow my heart rate down. Proprietary software, installed in my body, led me to no choice but to accept medical treatment that I didn't even need.
This time, even though I live in a major city, just one employee's vacation schedule meant my doctors could not diagnosis my urgent health problem. These heart devices are all locked down. Equipment between companies and also among newer models are *not* interoperable. I and my doctors could not access the critical information in my own body when I needed it most.
Ultimately, I made the difficult and potentially dangerous decision to go to KU Leuven anyway to receive the honorary doctorate. It was an incredible honor and I would have missed a once-in-a-lifetime opportunity. Outraged and frustrated again that I was forced to make a life-or-death decision that would have been much easier to evaluate were it not for proprietary software being the only option for heart devices, I nevertheless went.
Thanks to a fellow software freedom activist who helped me navigate the Belgian medical system, I was able to get my device interrogated there. I confirmed there was not immediate danger, and I used that information to come up with a plan for the rest of my trip and for my healthcare in the coming months. While the trip was a wonderful experience, I'm haunted by that helplessness that comes from having no control over technology I rely on so deeply.
When I returned my cardiologist insisted that I get a wearable device to monitor my heart rate. Knowing my feelings about proprietary software (from all of the times I advocated for software freedom in the doctors office!), he told me “you're not going to like the recommendation I have”: the doctor suggested I get an Apple Watch. As soon as I got home I researched all of the alternatives. I found an FDA approved device that has reliable heart rate monitoring but does not require constant contact with a proprietary mobile device or continuous connection to a centralized, proprietary service. The device is unfortunately proprietary itself, but fortunately has no GPS or other similar tracking, and doesn't mandate additional use of third-party proprietary software. This was still a painful compromise for me. I wish every day that I had access to its source code and the ability to modify its software to better suit my unique heart-monitoring needs. But this is my life and my health, and I'm grateful that I found a solution that I can use while I wait for (and advocate for and support) free solutions to catch up so I can use them instead.
Karen finally getting her device "interrogated" in Brussels. Note the various "programmers" in the background for each different manufacturer's devices. CC-BY-SA 4.0 Bert Van de Poel
Happily, since that happened, surgery has returned my heart to a normal heart rhythm, but my cardiologists have said that my need for the tracking device remains. I hate that I've had to incorporate more proprietary software into my life, but I'm so grateful for the treatment I receive and the years of life I am hopefully gaining.
The ways we rely on our software are not theoretical. They pervade every aspect of our lives, and we must make our decisions carefully — knowing that there will be immediate and long term consequences of those choices.
We should stand strongly for our principles but we must also live. At Software Freedom Conservancy we have the philosophy that it's not enough to just talk about our values, it's all about actually doing work that will move the needle towards achieving software freedom for everyone.
There is at least one, and perhaps a few, rather famous FOSS activists who are fond of declaring that they live their life without using any proprietary software. I am in awe of the luck that their privilege affords them. I had to make a really tough choice: put myself at risk of an untimely death, or put proprietary software in my body. I chose to live — and continue my work advocating against proprietary software.
This year, at SFC, we focused on our partnerships with right to repair organizations to ensure that the software right to repair (which could have helped me to get the information off of my proprietary device) is an important part of the previously hardware-focused conversations. We raised the alarm about John Deere's GPL violations after years of work on the matter. We stayed in regular contact with other organizations to support them and we worked on concrete action items, like the amicus brief we recently co-signed.
Waffles for sale in a Belgian hospital CC-BY-SA 4.0 Karen Sandler
We stood up for the consumer and user rights that are baked into the GPLs and continued to push forward our lawsuit against Vizio — to make sure that everyone must be taken seriously when they ask for source code they are entitled to by the GPLs.
We know that users face real difficulty and often feel like they have few choices. We don't blame anyone who uses proprietary software; instead, we empathize with you because we live in the real world too and face difficult choices. We have campaigns such as Exit Zoom and Give Up GitHub to help you find alternatives to the proprietary software that you're using every day that you'd rather liberate yourselves from.
I do hope that (after you donate to SFC, of course!) each of you will do something to help improve the state of software freedom for yourself or someone you know, even if the solutions aren't 100% perfect, because they make a real difference in people's lives and demonstrate that we can do things differently. Help someone flash their phone with a free build, even though it has some proprietary components to remain functional (keeping it out of the landfill). Introduce someone to a free software app. Put Debian (or another free distro) on some old equipment to give it new life, even though it may remain a secondary device. Start collaborating with someone using a pad instead of centralized cloud services. I for one am looking forward to rooting a robot vacuum this holiday season to be able to control it with a free app that removes the need for centralized connectivity in order to operate at all. Maybe you'll do the same with a garage door opener? Sky's the limit when we work on it together. Let's keep it going bit by bit until all of our software is free.
Outreachy's Grant Funding: Ford Foundation, ARDC and most recently CZI!
byon December 30, 2021
As most readers of this blog know, Outreachy, one of Software Freedom Conservancy's flagship projects, is a diversity initiative that provides paid, remote internships. Outreachy interns work with mentors from free software communities. Outreachy creates an inclusive experience for people who are subject to discrimination or systemic bias, and impacted by underrepresentation in the technical industry of the country they are living in. In the years since 2010, we've had 840 successful graduates of the program.
Outreachy is a resource intensive program, which is described as "high touch", in that we seek to have a deep involvement with our interns rather than a quick experience like a short intro or training session. There's a lot of work at every step of the process, from the application process where we make sure that our opportunities are going to the people who really need them, to onboarding communities that we have confidence our interns will have a good experience with, to supporting the actual internships when they happen.
To do all of this, we rely on our small staff supplemented by a serious volunteer effort. In the last comnpleted internship cohort (May 2021), there were 125 volunteer mentors representing 37 free software communities. Mentors worked with over 700 applicants, and ultimately chose 71 interns (the current round has 61 interns from over 700 final applicants). Applicants and mentors are all supported by 4 Outreachy organizers. Two Outreachy organizers are volunteers and two are paid staff. Software Freedom Conservancy's staff is also a lean operation with just a few employees supporting the financial, legal and administrative needs of the program.
Funding for Outreachy's core operations is essential to running our internship program. This "core support" funding allows us to hire staff who write documentation, organize volunteers, support interns, advise mentors, and promote the program to diversity in tech organizations. Outreachy staff are continuously looking for ways to make our internship program more inclusive and welcoming.
We rely on funding from a variety of sources, including corporate sponsorships and generous donations from individuals, but this blogpost highlights the critical core support Outreachy receives through grants. Over the past few years, we have received several grants from the Ford Foundation, Amateur Radio Digital Communications, and (we're now pleased to say) the Chan Zuckerberg Initiative.
These grants are essential to Outreachy operations. We wanted to take a moment to show how the existing grantmaking has helped us, and thank our awesome grantmakers.
The first substantial grant that Outreachy received was from the Ford Foundation in 2018. Noting that we were "punching above [our] weight administratively" due to our long hours and amazing volunteers, Ford stepped up to help us stabilize the program.
Ford provided it first grant to improve our documentation, which allowed us to create our Applicant Guide and Community Guide. These guides help both potential interns, and new mentors. A new community for the December 2021 internship cohort said the reason they decided to mentor was because our documentation was so thorough.
Ford's subsequent grants have helped us shore up our processes and staffing. In November 2020, Outreachy hired its first full-time employee, Sage Sharp and was able to increase the hours of our contractor, Anna e só. Having dedicated staff is essential to providing solid support to Outreachy interns and for ensuring the program runs smoothly.
Ford has continued to support Outreachy in the years since. In addition to the financial support, Ford also invited us to several training sessions with other grantees. In particular, these trainings helped us to more effectively fundraise from others, and also provided us with media training that has been very useful over the years (Outreachy tends to spark strong reactions in how people talk about the program and engage with us).
We're so grateful to Michael Brennan at Ford! Michael has helped us coordinate with Ford and has provided insightful advice throughout the years.
Ford's funding has been transformative to Outreachy. It's hard to imagine the program being as strong is it is and in the position to grow without these grants. Ford's focus on social justice and its goals of addressing inequality matches Outeachy's goals well and has helped us to grow without compromise.
The second grantmaker to step in to support Outreachy was Amateur Radio Digital Communications (ARDC). ARDC's mission is focused on communication science and technology. Their aspirational goals include social over commercial benefit, inclusion of underrepresented groups, and empowerment of individuals. There's a natural alignment with Outreachy, especially since so many of the internships we offer are to work on software that underpins and supports the Internet and communications technologies .
We were honored to be in one of the initial rounds of grantmaking by ARDC. Along with Ford's grant, ARDC's support gave us the ability to commit to funding 10 humanitarian open source projects in the December 2020 round. Rosy Schechter and Chelsea Parrága at ARDC have been so supportive of our work on Outreachy and we have loved to watch their giving program grow.
We're pleased to announce that the Chan Zuckerberg Initiative is joining as a new grantmaker of Outreachy! We've enjoyed working with Carly Strasser to get this in place.
In conjunction with the grants we've received from Ford and ARDC, we'll use these new funds to
- continue to provide our internships twice a year, and strive to provide even more internships
- Increase our staffing!
- Analyze and publish data from Outreachy historic participation
- Focus on spreading the word about the program
- Evaluate additional activities to better support our interns, mentors and alums
- Work on fundraising from individuals so that we can better diversify Outreachy's funding (you can donate here!)
Grants have been critical to Outreachy's success
The grants we receive have given Outreachy an independence that is essential to continuing to serve our mission well. We've been able to refuse money from problematic sources without having to be anguished about having to shrink the program. It's much easier to take the high road when you know that you won't have to cut the number of internships that are providing much needed opportunities to people who really need them. This funding allowed us to hire contractors to review applicant essays about the discrimination, systemic bias, and underrepresentation they face (we usually have around 3000 initial applicants each with essays to review in every round).
These grants, combined with corporate sponsorship and individual giving give us the breadth and stability of funding that allow us to continue our operations with confidence and plan for the future. We're so excited for all that's in store for Outreachy in the coming years!
How We Hired Our Last Employee: Equitable Hiring Processes for Small (and Large) Organizations
byon October 15, 2021
Like many small organization that are overloaded with work, it's hard to make the time to conduct a proper hiring process, and no one on staff is dedicated to making sure the process goes smoothly. Because it is very important to our organizational values to make sure that our hiring is fair and also that we wind up with the best person for the job, we were very careful in how we designed our search.
We finished our last hiring a few months ago. I'm proud of the way we handled the process, and I think it resulted in the best hire possible for the position. As I describe the process below, you can see how we worked to respect our applicants, interview while minimizing bias, and select for skills that were essential for the actual work to be covered by the open position. (There's a TL;DR summary at the end! Perhaps the most interesting part is that we paid people who made it to the final round to respect their time and to defray their costs of participating,)
A neutral and realistic job posting
We thought hard about our job posting, including a detailed description of the role. We were clear that we were open to hiring from a variety of backgrounds and were willing to train less experienced candidates. We worked to eliminate any gendered language or anything that we thought would create heightened requirements for the job, which can reinforce bias in the process. Finally, we were open to feedback, and when folks suggested that we include a narrow salary range to bring transparency and lower stress for our applicants, we added that too.
You can see the job posting we just put up for an Outreachy related position where we once again are following these principles.
Happily, for the position that we already hired for, we received around 40 really solid applications for the position - a really high number for an organization like ours, especially since we only advertised the position in limited ways.Initial screen by volunteer directors
After a very quick review of resumes to weed out the few applications that were spammers or otherwise not really targeted to our organization, we scheduled 15 minute screening interviews with two of our volunteer directors. We wanted to make sure that we added a layer of independent review that would otherwise be impossible in a small org like ours.
In order to make sure that we were comparing apples to apples, and giving everyone the same chance at success, the directors were given a set list of questions to ask. Because the role was about advocacy and communications, most of the questions were connected to explaining what software freedom is, and how the applicant became interested in it. The directors were also given a rubric to grade the interviews, both question by question and overall. The directors put their grades and thoughts about each candidate (along with any red flags) in spreadsheets so that we'd be able to access the information easily later. Spelling out what questions will be asked and how the responses willl be graded helps to eliminate bias that can come from an an interviewer and interviewee that "click" in ways that might be related to their background or shared experiences.
After the screening interviews, the bulk of the applicants were asked to participate in an anonymous exercise. The goal of having an anonymous exercise is to overcome any biases we might have for or against particular candidates. Each applicant was assigned a random string, and they were instructed not to put any personal identifying information in their answers.
We designed the exercise to reflect actual tasks we'd expect the new employee to take on, while providing some opportunities to brainstorm some big picture topics that could come up in the position. Writing emails to our organization's Supporters and member projects are key components of the job, so we created short hypothetical situations (that encompassed typical problems we need to address) and asked the applicants to write mock email responses. Because the role also has a public press and event organizing component, we asked applicants to write the beginning of a website news item and tell us a few things they thought were essential to run a successful in person event.
To respect our applicants time, we kept the exercise bounded. We expected it to take an hour or less, and asked the applicants send us their responses after an hour and a half, explicitly adding a little bit of extra time in case they were interrupted during the process. We also scheduled the exercises at the convenience of the applicant at any time during normal east coast business hours, since being able to coordinate with staff in the US was an important part of the role. We offered flexibility for applicants who could not make time during the workday during their existing role or had other obligations they needed to schedule around.
Conservancy staffers graded the responses on an anonymous basis, scoring each exercise. When this was completed, the graders met to compare their results. At this point, there were five applicants whose exercises stood out from the group. We de-anonymized them and cross referenced them to make sure that their screening interview scores were also strong and all of them moved to the next round.
At this point, I should note that I was surprised by the results. Long-time software freedom activists, whose work we know and respect, wound up not making it to our final group, whereas our final applicants included people who were new to software freedom, had never been in a communications role or who we simply hadn't met before. This final group consisted of people who showed the skill sets most likely to succeed in the position, not people who were already part of our network.
Because the exercise was anonymous, it was also easier to explain to the other applicants why we weren't advancing them to the next round, and I think (hope!) that it made it easier to preserve our relationships with the applicants who are truly excellent advocates for software freedom in a variety of other contexts.
Paying the finalists
Because we are a small organization, adding another employee is a big deal. We knew that to do this job right we were going to need to take some time talking to them to figure out if they were the right fit for the role. We also know that not everybody does their best when put on the spot in an interview, and wanted to make sure that we allowed people the chance to know what we'd be asking and to prepare if they wanted to. We didn't want to take our applicants' time for granted, even though we are a small publicly supported organization.
Because of this, we decided to pay each our five finalists $500 to proceed with the rest of the interview. While $500 is not a huge amount, we thought it was a nice amount for a charitable organization to give to an applicant who would dedicate some time and thought to our hiring process, which would cover strategic thinking about our organization's mission and operations in our communications and other related areas.
Again, we used the same questions with all candidates, and we provided them in advance of the interview, offering the applicants the option of providing written answers or just discussing them on the spot, whichever they were most comfortable with. We were trying to avoid a gamification of the interview process, while still getting insight into the thought process of the applicants. These questions included difficult ones about the software freedom community and also about Software Freedom Conservancy. Now that we knew these candidates were very strong in their ability to write quick emails and website copy, the idea was to bring some of the most strategic problems that we'd be looking to include the new employee in tackling.
Conducting final interviews
This step looked like a more traditional interview. Bradley and I scheduled video chats with the remaining candidates. We first had the applicants tell us their answers to the questions we had sent in advance and used those as a jumping off point for relevant conversation.
While all five candidates were strong in these interviews, three candidates had a mix of skill sets that seemed like the best fit for the role. For these three candidates, we scheduled an interview with Conservancy's staff in its entirety. Again, with a small organization, the addition of another person is a huge chance in organizational dynamics. Feedback from all employees was essential to making this decision.
Choosing the final candidate
In the end, going through the interview process and learning more about the job convinced one of the final three candidates that they were not really interested the role we were hiring for, which they understood much better through our hiring process. It was a tough choice between the two remaining candidates, but we were able to have confidence in Pono as our choice due to feedback from staff, the comparisons made possible by asking the candidates the same questions and the grading from the previous two rounds. If we'd had the budget, we would have hired all three of these final candidates.
Feedback on the process
Each of the finalists were surprised that we were willing to pay them for their time. For some of the applicants, being paid to participate gave them the flexibility to devote more time to their interview preparation. We were happy we were able to show our appreciation for the impressive applicants who were willing to give us so much of their time.
We also got positive feedback on the anonymized exercise. Because the exercise gave insight into how some of the every-day work in the position would look, it made it easier for some of the candidates to decide if they wanted to actually work in that role. In addition to the benefit I mentioned above about the anonymization making it easier to explain who would advance to the next round, some applicants indicated that making it to the final round via an anonymous exercise gave them confidence that they were qualified for the position.
For future hiring, we'll be looking to bring the same concepts to the process. Namely:
- bring in an independent review of the candidates
- ask all of the candidates the same questions
- design an exercise that connects to the actual work the employee will be doing in the role
- judge the exercise responses on an anonymous basis
- keep the time required for applicants to invest in the interviewing process as minimal as possible
- pay applicants who are required to invest more substantial time in the process
Many thanks to all of Conservancy's staff who helped us with this process (Rosanne Dimesio, Bradley Kuhn, Sage Sharp, Brett Smith), and to Deb Nicholson who helped bring some of these concepts to our previous hiring process.
Outreachy is hiring for a community manager position and using some of the strategies listed above. If you or someone you know if interested in applying for the community manager position, check out the post here.
byon August 24, 2021
We often talk about how frustrating it is to obtain source code that is supposed to be available under copyleft licenses. We not only try to get source code for our own devices, but we also are inundated with requests from developers all over the world who seek source code to modify their technology in ways they should have a right to do. By the time someone sends a complaint to us, asking for our help, they've already tried and failed to ask the company to do the right thing. Usually they are simply ignored by the company but sometimes companies introduce all kinds of weird procedures in the hopes that if they make it just difficult enough that the requestors will go away.We've seen these obstacles include all kinds of unreasonable forms, beyond a simple email address to make the request. A common requirement is that the request be sent to a particular paper address, by registered mail, and we've even seen the company specify particular kind of storage device to be included in the mailing. Companies erroneously try to require that requestors include personal information, including detailed information on the device and its purchase. It's hard work, but we're proud that we continue to apply pressure to these companies and never give up our quest to make sure everyone follows the rules so that developers can have access to the software on their devices that the GPL ensures. It also often feels like lonely work. But not today.
DevOps Engineer, ptrcnull (Patrycja), tweeted last week about a frustrating email she received from Umidigi, a Chinese smartphone manufacturer, which told her that if she wanted access to the source code she was rightfully requesting under GPLv2, she needed to come in person to Umidigi's offices in Shenzhen. And that (by the way) the office was only Chinese speaking.
Luckily, one of ptrcnull's followers, looped in Naomi Wu, a well known Chinese maker and hacker, who decided to go down to Umudigi's offices and take them up on the offer.
As a Cyborg Lawyer who spends a good portion of her time trying to compel GPL compliance, I nearly flipped watching Wu (who calls herself Sexy Cyborg) marching into Umidigi trying to find anyone who could help her get the source code. It's the physical manifestation of the kafkaesque experience that companies set up for those exercising their rights under GPL. I couldn't believe it when I clicked on it from a link in a mastodon toot from Harald Welte, who has also done quite a bit of GPL enforcement over the years.Here's the video:
While Wu managed to get to Umidigi's offices in mere days from when the email was sent to push off ptrcnll, she's told that the person who wrote the email, Ben, is no longer with the company.
I look forward to seeing the full video, and have offered our assistance. I'm grateful to ptrcnull and Wu for doing this work and I'm happy to work on GPL enforcement myself, but it makes me wonder: How much could we accomplish if companies did what they were supposed to do? What would it look like if companies were true partners in compliance and encouraged their customers to tinker with their devices? How many people try to make source requests and give up when it's difficult? If we've been able to accomplish so much with copyleft, even in the face of corporate stonewalling, imagine what we could do if we could skip all of these tedious steps and get straight to collaborating.