Category: Technology

2FA/MFA Revisited

Posted on by Scott

Seven(!) years ago, I wrote a bit about security breaches and how two-factor authentication mitigates that risk. Today is as good a day as any to revisit the subject because of this:

The results of Elon Musk and friends turning off one of the microservices responsible for two-factor authentication for accessing your Twitter account.

In the years since I wrote that post, the availability of multi-factor authentication as an option for securing access to websites and other online systems has only grown. Face ID came out with the iPhone X and expanded to other parts of Apple’s hardware lineup, and YubiKeys have become far more prevalent in usage. The previous iteration of this blog didn’t have MFA protecting admin access, but the current one does. The websites that give me access to my brokerage account and various retirement accounts are now all protected by some form of MFA. The issue highlighted in the tweet above is specific to using SMS as the second factor for gaining access to your Twitter account. The service responsible for sending the code you type in to verify that you’re the legitimate accountholder was turned off. So for those users who only had Text message as their Two-factor authentication option, they might not have been able to get back into their account as a result.

In my case, I wasn’t impacted because I’d actually turned Text message off as a second factor in favor of two other options: Authentication app, and Security key. Authentication app options include Google Authenticator, Microsoft Authenticator, Authy, Symantec VIP, and many others. Once installed on your mobile phone, they all work in a similar way: they generate a random sequence of 6-8 numbers every 30 seconds. If you’ve set up an online account to require such a number for access, you must provide it (along with your username and password) before the 30 seconds expires to gain access. Security key eliminates the stand-alone app requirement in favor of plugging a physical key (like the Yubikey 5Ci which I use) into whatever laptop or mobile phone where you’re trying to access an account and touching it to generate a code that give you access.

MFA options in descending order of difficulty for hackers to breach:

  1. Security key
  2. Authentication app
  3. SMS

To be clear–SMS as a second factor is much better than nothing. But if you don’t also secure the account you have with your cellphone provider with MFA and/or a PIN, a determined attacker could take over your account and redirect the SMS message to a device they control. An authentication app is much more secure, but as I discovered to my chagrin when researching this post, not impenetrable. The security key option is the only one of the three that requires physical access to you (and/or your stuff) in order to steal the thing necessary to get access to your accounts. For that reason, I’ve been switching my online accounts to use the security key option wherever it’s available.

The advice from seven years ago to use a password manager still holds. 1Password remains my preferred option for this. They’ve added support for MFA to their product, which is an option worth considering for less-technical users who don’t want to use a stand-alone authentication app or a security key.

The most detailed piece on the potential consequences of not using MFA remains this Wired piece from a decade or so ago. This is the sort of thing that what I’ve shared in the previous paragraphs is intended to help more people avoid.

Your Mastodon Experience May Vary–And Not Always in a Good Way

Posted on by Scott

While my own experience on Mastodon has been a positive one so far, my experience is by no means universal.  As more prominent accounts from Twitter have joined, particularly those of black folks (and especially black women) I’ve followed there for awhile, they’ve begun to share details of consistently negative experiences on Mastodon.

Her experience has been difficult enough that the Mastodon post sharing that she was taking a break from that platform linked to the tweet above.  It’s hard to imagine a more damning indictment of how a platform treats people from marginalized communities than posting that criticism on Twitter, a site that has done far less policing of slurs against black people in the wake of Elon Musk’s purchase.  Trying to summarize her thread wouldn’t do it justice, but if there is any common thread between her negative experience and that of other black people on Mastodon it is around the content warning feature (abbreviated CW as shown below).

Mastodon posting window with CW button circled in red

Dr. Prescod-Weinstein’s objection to the name of the feature is a function of being a rape survivor.  The other pushback I’ve seen most often is around the use of the feature for posts regarding racism.  Elon James White, who I first started following during his coverage of Ferguson in the wake of the protests of Michael Brown’s shooting death by police officer Darren Wilson, refuses to use it for discussions of racism.  Mekka Okereke, director of engineering for the Google Play online store, has a more nuanced viewpoint, which separates whether or not white people want to hear about racism from what is effectively a mislabeling of the feature.  He summarized his feelings on this as follows:

Feels very very much like “Ban teaching civil rights, so white kids don’t feel bad.”

When I did a bit of searching to try and learn more about content warnings and trigger warnings in their original context, it seems that the original scope of such terminology was limited to things that could cause someone to recall a traumatic experience they had.  My primary takeaways from one piece in particular was that broader, more casual use of the term “triggered” ended up both being conflated with people being “too sensitive” and conflating trauma with mere discomfort.  “Conflating trauma with mere discomfort” ends up being a great summation of the way far too many white people still respond to black people merely describing the racism they’ve survived.

Mastodon (and the Fediverse)’s turn in the spotlight, and the negative experiences of at least a few black people on it I follow make it a microcosm of both the best and the worst aspects of tech more broadly.  A few of the best aspects: software a young man named Eugen Rochko first started writing in 2016, has held up rather well all things considered against a significant increase in usage and attention.  It’s open source, so not only can you see how it works, you can suggest changes, or even make a copy of it and make changes yourself if you have the time and expertise.  It uses a decentralized social networking protocol that doesn’t just interoperate with other Mastodon servers, but with other social networking applications that use the same protocol.  Despite the good–which is significant–Mastodon is just as susceptible to some of the negative aspects of the for-profit tech industry it intends to be an alternative to.  The most obvious negative aspect is the gatekeeping.  Despite beginning my professional career just a few years after the founder of Mastodon was born, it would take over 15 years of that career before I would find an employer where there was more than one other person who looked like me writing software for a living.  Software engineers who are Hispanic or Latino aren’t that much less rare than black software engineers.  Today, the percentage of women in technical roles is projected to be around 25% by the end of this year.  But the history of computing predates the machines that do it today, and a much higher percentage of those literal human computers were women.  Those women who do persevere through the gatekeeping that would prevent them from entering the industry ultimately end up leaving at unfortunately high rates because of the hostility to women that still persists in too many work environments.

Tim Bray (co-author of the XML spec and contributor to numerous web standards), shared this piece as one of his first posts on Mastodon.  I have no doubt that he meant well, and that the author of the piece meant well, but when you title a piece “Home invasion” when talking about new users of a platform you’re used to, that comes across as incredibly hostile.  The same author that talks about trans and queer feminists building the tools, protocols, and culture of the fediverse makes not a single mention of people of color in his piece–not unlike the commercial tech companies in general, and Twitter in particular that are among the targets of his critique.  The entire piece is worth reading in full to understand the author’s perspective, but I will pull quote and highlight one paragraph that seems most emblematic of the blind spot that some veteran Mastodon users appear to have:

This attitude has moved with the new influx. Loudly proclaiming that content warnings are censorship, that functionality that has been deliberately unimplemented due to community safety concerns are “missing” or “broken”, and that volunteer-run servers maintaining control over who they allow and under what conditions are “exclusionary”. No consideration is given to why the norms and affordances of Mastodon and the broader fediverse exist, and whether the actor they are designed to protect against might be you. The Twitter people believe in the same fantasy of a “public square” as the person they are allegedly fleeing. Like fourteenth century Europeans, they bring the contagion with them as they flee.

To see yourself (as a new user of Mastodon and a long-time user of Twitter) be described as someone bringing contagion hits a lot differently when you’ve endured racism in real life as well as online, and when you’ve had to overcome–and are still overcoming–so many barriers in both places merely to be included, much less respected.  And were the author to be called on this huge blindspot publicly, I have no doubt that he would respond with the same sort of defensiveness that Dr. Prescod-Weinstein described, and that Timnit Gebru, another recent joiner of Mastodon has also described.

As I said at the start of this piece, my own experience with Mastodon has been a positive one so far.  Some of it is a function of having participated in online communities for decades (as far back as the Usenet newsgroups days), and even becoming a private beta tester one of the newer ones (StackOverflow.com) before it went public.  But those communities too had their gatekeepers, mansplainers, and jerks.  Certain open source projects are unfortunately no different in that regard either.  There’s something to be said for understanding the pre-existing culture of a place–even if it is virtual.  That said, the idea that culture is static–and should remain so–is a perspective that it seems some Mastodon veterans would do well to change.  Otherwise, they risk perpetuating the same harms as commercial social media–just without the financial rewards.

Exploring Mastodon Continued: Timelines and Federation

Posted on by Scott

While checking out the Mastonaut desktop client for Mastodon, I came across the following diagram explaining the visibility of a toot:

The Visibility of a Toot

Still reading? I appreciate your patience. I don’t blame any of the folks who noped out of this post after seeing that diagram. It’s a consequence of the servers thing I mentioned in my previous post on exploring Mastodon. It’s one of many features that highlight who the target audience for Mastodon really is (people like me who used to write software for a living, or still do).

Even for me, the Home timeline is the only relevant one because it will display toots from people I follow–regardless of what server they’re on–toots those people boost, and your replies. The Local timeline shows toots from people on the same server where you registered whether you follow them or not. The Public or Federated timeline appears to show toots from people across all the Mastodon servers (again, whether you follow them or not). We’ll see if more time on Mastodon confirms or changes my understanding of the timelines.

Exploring Mastodon Continued: Verification

Posted on by Scott

As I mentioned at the end of my first post on Mastodon, I’ve been following Martin Fowler’s notes on his own journey.  His November 1 memo on verification interested me, especially in light of Twitter’s recent update to charge $8 for the blue check mark.

As Fowler explained it, Mastodon being decentralized (unlike Twitter) means verification is up to each server.  Whoever runs it can verify members however they wish–or not at all.  The approach to verification he describes and implements is what he calls cross-association.  By adding a <link> element to the <head> of his personal website with an href attribute for his corporate Mastodon profile, Mastodon “sees” the link and marks it as verified.

I followed Fowler’s example to do the same thing with my Mastodon profile.  I updated the header.php of the WordPress theme I’m using this way:

<head>
<meta charset=”<?php bloginfo( ‘charset’ ); ?>”>
<meta name=”viewport” content=”width=device-width, initial-scale=1″>
<link rel=”profile” href=”//gmpg.org/xfn/11″>
<link rel=”me” href=”https://mastodon.cloud/@genxjamerican”>
<?php wp_head(); ?>
</head>

With that change made, my Mastodon profile now looks like this:
Mastodon profile with verified metadata for a website

This way, people who follow me on Mastodon know that I control this website as well.

Navigating the Latest Social Media Shakeup: Exploring Mastodon

Posted on by Scott

In the wake of Elon Musk closing a deal to buy Twitter (after trying and failing to back out due to buyer’s remorse), the scramble to explore alternatives reminds a little bit of the very early days of social media.  I’m old enough to remember social networking sites like Friendster and Orkut, and there were plenty of others I’ve forgotten who never gained critical mass and flamed out.  I joined Twitter in 2009, and over the past 13 years it has grown to become the social media platform I find the most valuable.  Having heard people mention Mastodon in the past as an open source Twitter alternative (Trump Social even tried to use the codebase without attribution), I created an account—@genxjamerican@mastodon.cloud—to see how Mastodon compared for myself.

TL;DR

I’ve only been on Mastodon a week, but if I were to try and distill my advice of getting started into just a few points they would be:

  1. Follow @joinmastodon on Twitter first to start learning more
  2. Use a mobile app to smooth out (some) of the rough edges of the experience (including account creation)
  3. See if people you already follow on Twitter are cross-posting on Mastodon and follow them first

Signing Up

I don’t recall why I chose mastodon.cloud as the server to sign up with, but creating an account was straightforward enough.  It appears to be one of the largest Mastodon servers, along with mastodon.social, the original one operated by the German non-profit of the same name.  Using the official Mastodon mobile app, or one of the third-party apps makes the process a little slicker.  Stick with one of the largest servers unless you come across a particular server/community that really interests you.

Following People

I started by following people I know from Twitter who signed up for Mastodon and still post on Twitter.  The Fedi.Directory is where to look for interesting accounts to follow.  Their account (@FediFollows@mastodon.online) has been a good one to follow for someone like me just starting out.

Unfollowing, muting, blocking, and reporting all appear to work similarly to the way they do on Twitter (though I’ve had no need to do any of those things after so short a period of time).

Enough Lurking, Time To Post

A post (or a reply to a post) in Mastodon is called a toot, and they can be up to 500 characters long.  Sharing the post of someone you follow is called a boost.  You can favourite posts as well, though that only puts the toot in a list of your favourites (instead of sharing that fact with whoever follows you).  You can add content warnings (CWs) to your posts, so someone has to click through to see the content.

Posts can include pictures, but it doesn’t look like you can post videos. I follow @AmiW@mastdon.online and she posts pictures of street art from all over the world.

You can also send direct messages to people–if their accounts allow it.

There does not appear to be any such thing as quote-“tooting”.

What’s Next?

For me, spending more time on Mastodon exploring the features and looking for bigger and better guides to and explorations of Mastodon by others.

Martin Fowler is writing a whole series of posts on his exploration of Mastodon that I’ll be following with great interest.

Two Tales of Tech Recruiting

Posted on by Scott

In an industry that has had (and continues to have) persistent problems when it comes to how it hires and treats black people within its ranks, few things are worse than a black woman announcing on social media that she short-changed a candidate of $45,000 because “I personally don’t have the bandwidth to give lessons on salary negotiation”.

I’ve worked with both contract recruiters and full-time recruiters in 10 years as a manager staffing software engineering positions on multiple teams and none of them low-balled any candidate I chose to extend an offer because I intended to keep those folks for as long as I could. The alternative–losing good people to companies that can poach them simply by offering more money–meant not just losing their skills, and having fewer people to divide the same amount of work between, but my employer incurring costs trying to backfill the open position. Especially in a market where the competition for talented people is more and more challenging, the last way any company should start a relationship with a new employee is by undervaluing them from the moment they join.

A position I only filled a couple of weeks ago had been open for two solid months before that. Rather than risk losing a good candidate over $10,000, I requested an exception to offer a larger signing bonus. With the exception granted, we made a best and final offer that he accepted. The onboarding process is going smoothly, and since we’re paying him what he’s actually worth based on the geography we’re in and what our competitors are offering, he will be harder to poach with just money.

Fortunately, there are good examples of recruiters doing well by the people they recruit.

Unlike the first Johnson, this one probably built a significant amount of goodwill and trust–not just between herself and the candidate, but between the candidate and the company she will be working for. In an industry where software engineers are encouraged to switch jobs every couple of years, this company has a good chance of growing this junior software engineer into a senior software engineer–perhaps even a engineering leader–because a recruiter put their best foot forward.

As is sometimes the case on Twitter in cases like this, someone tagged the company Mercedes S. Johnson is recruiting on behalf of–and someone responded requesting a DM with more information. The tweet that actually led me to this whole story was about doxxing and how Ms. Johnson shouldn’t lose her job over the post. I’ve written about at-will employment and cancel culture before, and people have definitely lost their jobs for less than what this woman bragged on Twitter about doing. As of this writing, she was still defending her action.

If you work in tech recruiting and the opportunity presents itself, choose to be a Briana instead of a Mercedes. Both the companies you hire for and the candidates you recruit for them will thank you.

Thoughts on Diversity in Tech

Posted on by Scott
On April 28, I participated in a panel and Q & A on the intersection of race & technology.  My 2 co-panelists and I each had 15 minutes for a monologue regarding our personal experiences with how race and the tech industry intersect.  This post will excerpt my prepared remarks.

Excerpt of Prepared Remarks

How did I end up writing software for a living anyway?  I blame LEGOs, science fiction, and video games.  While I’ve never actually worked in the gaming industry, I’ve built software solutions for many others—newspapers, radio, e-commerce, government, healthcare, and finance. Tech industry salaries, stocks, and stock options have given me a lifestyle that could accurately be called  upper middle-class, including home ownership and annual domestic and international travel for work and pleasure (at least before the pandemic).
For all the financial rewards the industry has had to offer though, “writing software while black” has meant being comfortable with being the only one (or one of two) for the majority of my career–going all the way to my initial entry to the field.  As an undergraduate computer science (CS) major at the University of Maryland in the early to mid-nineties, I was on a first-name basis with all the other black CS majors in the department because there were never more than 10-12 of us in the entire department during my 4 1/2 years there–on a campus with tens of thousands of students.  In that time, I only ever knew of one black graduate student in CS.  My instructor in discrete structures at the time was Hispanic.  Even at a school as large as the University of Maryland, when I graduated in the winter of 1996, I was the only black graduate from the computer science department.
Unlike law, medicine, engineering, or  architecture, computer science is still a young enough field that the organizations which have grown up around it to support and affirm practitioners of color are much younger.  The National Society of Black Engineers for example, was formed in 1975.  The Information Technology Senior Management Forum (ITSMF), an organization with the goal of increasing black representation at senior levels in tech management, was formed in 1996.  The oldest founding year I could find for any of the existing tech organizations specifically supporting black coders (Black Girls Code) was 2011.  I’d already been a tech industry professional for 15 years at that point, and in every organization I’d worked for up to that point, I was either the only black software engineer on staff, or 1 of 2.  It would be another 2 years before I would join a company where there was more than one other black person on-staff in a software development role.
I’ve had project and/or people leadership responsibilities for 8-9 years of my over 20 years in tech.  As challenging as succeeding as an under-represented minority in tech has been, adding leadership responsibilities increased the scope of the challenge even more.  As rarely as I saw other black coders, black team leads were even scarcer until I joined my current company in 2017.  It basically took my entire career to find, but it is the only place I’ve ever worked where being black in tech is normal.  We regularly recruit from HBCUs.  We hire and promote black professionals in technical, analytical, managerial, and executive roles in tech.  There are multiple black women and women at the VP level here.  The diversity even extends to the board of directors–four of its members are black men, including the CEO of F5 Networks.
Perhaps most importantly–and contrary to the sorts of things we hear too often from people like James Damore and others about diversity requiring lower standards–this diverse workforce has helped build and maintain a high performance culture.  This publicly-traded company is regularly in the top 25 of Fortune Magazine’s annual best places to work rankings.  But this year–even in the midst of the pandemic–it jumped into the top 10 for the first time.
The company uses its size to the benefit of under-represented minorities in tech with business resource groups.  Two of the BRGs I belong to have provided numerous opportunities to network with other black associates, to recruit and be recruited for growth opportunities in other lines of business.  As a result, it’s the only company I’ve worked for in my entire career where I’ve had the ability to recruit black engineers to join my team.  These groups have even provided a safe space to vent and grieve regarding the deaths of unarmed black men and women at the hands of police officers.  When we learned that Ahmaud Arbery had been murdered, I had black coworkers I could talk about it with–all the up to the VP level down to the individual contributor level.  We were able to talk about George Floyd’s murder at the time, and in the aftermath of Derek Chauvin’s trial.  As long as these deaths have been happening, this is the only employer I’ve ever worked for where I know there is a like-minded community where I can talk through such issues with–as well as sympathetic allies.
Not only has this company put millions of dollars into organizations like the Equal Justice Initiative, they set up a virtual event for EJI’s founder, Bryan Stevenson,  to speak to us and field our questions.  Ijeoma Oluo and Dr. Henry Louis Gates, Jr have participated in corporate events as well.  They are one of just three Palladium Partners with ITSMF.  I recently completed a program they created for us called the Leaders of Color Workshop for the purpose of helping black managers advance within the organization.
All the good things I’ve shared doesn’t mean it’s a perfect employer (as if such a thing existed).  I found it necessary to transfer to a different department and line of business in order to find a manager interested in helping me advance my career.  Talking to my classmates in the most recent workshop revealed quite a few stories of far more negative experiences than mine from people who have been part of company much longer than I have.   They’ve had at least a couple of instances of viral Medium posts from former employees whose experiences were far more negative than mine.  But at least in my experience, it’s been and continues to be a great place to be black in tech.
Because the majority of our workforce is women, and nearly 1/3rd of the staff comes from minority groups that are under-represented in tech, the company has done a pretty good job of avoiding the sort of missteps that can put you in the news for wrong reasons.  Seemingly just in time for the discussion we’re about to have, the founders of Basecamp (the very opinionated makers of the product of the same name and the HEY email client among other products) are taking their turns as the proverbial fish in a barrel due to their decision to follow the example of Coinbase in disallowing discussions of politics and social causes at work.  So it was very interesting to read the open letter published to them by Jane Yang, one of their employees currently on medical leave.  She writes in some detail about the founders’ decision to exclude hate speech and harassment from the initial use restrictions policy for their products.  Read Jason Fried’s initial post and David Hanson’s follow-up for fuller context.
Basecamp is a small example (just 60 employees), Coinbase a slightly larger one (1200+ employees), but they are good proxies both for many companies I’ve worked for and companies orders of magnitude larger like Facebook, Amazon, and Google who have recently been in the news for discriminatory treatment of underrepresented minorities in their workforce.  Their failures, and those of the tech industry at large to seriously address the lack of diversity in their recruiting and hiring practices has resulted and will continue to result in the creation of products that not only fail to adequately serve under-represented minorities, but actively cause harm.  In the same way monoculture in farming creates genetically uniform crops that are less-resistant to disease and pests, monoculture in corporate environments leads to group think, to more uniform, less-innovative products with a higher risk of automating and perpetuating existing biases.
I recently watched Coded Bias, a documentary available on Netflix (and PBS) that highlighted the failings of existing facial recognition technology and the dangers it poses–to people of color in particular (because it tends to be far more inaccurate with darker-skinned people) but to people in general.  Were it not for the work of Joy Buolamwini, a black woman research assistant in computer science at MIT, we might not have learned about these flaws until much later–if at all.  These dangers extend beyond facial recognition technology to the application of algorithms and machine learning to everything from sentencing and parole determinations, hiring and firing decisions, to mortgage, loan, and other credit decisions.  Particularly as a bank employee, I’m much more conscious of the impact that my work and that of my team could potentially have on the lives of black and brown bank customers.  Even though it’s outside the scope of my current team’s usual work, I’ve begun making efforts to learn more about the ML and artificial intelligence spaces, and to raise concerns with my senior leadership whenever our use of ML and AI is a topic of discussion.  Despite all the challenges we face being in tech as under-represented minorities, or women, or both, it is vital that more of us get in and stay in tech–and continue to raise the concerns that would otherwise be ignored by today’s tech leaders.  Current and future tech products are quite likely to be worse if we don’t.

New MacBook Pro

Posted on by Scott

The untimely death of the mid-2015 MacBook Pro that had been my primary machine the past few years meant I forking over for another laptop. Given the hassles that resulted from buying that machine from somewhere other than Apple or MicroCenter, I didn’t take any chances with its replacement.

A refurbished version of this laptop (where I wrote this post) cost a little over $400 less than retail. I’m still in the process of setting things up the way I like them, but one new thing I learned was that Apple is still shipping their laptops with an ancient version of bash.

Having used bash since my freshman year of college (way back in 1992), I have no interest in learning zsh (the new default shell for macOS). So right after I installed Homebrew, I followed the instructions in this handy article to install the latest version of bash and make it my default shell.

There’s still plenty of other work to do in order to get laptop the way I want it. Data recovery hasn’t been difficult because of using a few different solutions to back up my data:

I’ve partitioned a Seagate 4TB external drive with 1TB for a clone of the internal drive and the rest for Time Machine backups. So far this has meant that recovering documents and re-installing software has pretty much been a drag-and-drop affair (with a bit of hunting around for license information that I’d missed putting into 1Password).

I wasn’t a fan of the Touch Bar initially, even after having access to one since my employer issued me a MacBook Pro with one when I joined them in 2017. But one app that tries to make it useful is Pock. Having access to the Dock from Touch Bar means not having to use screen real estate to display it and means not having to mouse down to launch applications.

Because of Apple’s insistence of USB-C everything, that work includes buying more gear. The next purchase after the laptop itself was a USB-C dock. I could have gone the Thunderbolt dock route instead, but that would be quite a bit more money than I wanted or needed to spend.

Even without the accessories that will make it easier to use on my desk in my home office, it’s a very nice laptop. Marco is right about the keyboard. I’ll get over the USB-C everything eventually.

Résumé Shortening (and other résumé advice)

Posted on by Scott

I saw a tweet from one of the best tech follows on Twitter (@raganwald) earlier today about the difficulty of shortening your résumé to five pages. While my career in tech is quite a bit shorter than his (and doesn’t include being a published author), I’ve been writing software for a living (and building/leading teams that do) long enough to need to shorten my own résumé to less than five pages.

While I’m certainly not the first person to do this, my (brute force) approach was to change the section titled “Professional Experience” to “Recent Professional Experience” and simply cut off any experience before a certain year. The general version of my résumé runs just 2 1/2 pages as a result of that simple change alone.

Other résumé advice I’ve followed over the years includes:

  • If there is a quantitative element to any of your accomplishments, lead with that. Prominently featured in my latest résumé are the annual dollar figures for fraud losses prevented by the team I lead (those figures exceeded $11 million in 2 consecutive years).
  • Don’t waste space on a résumé objective statement
  • Use bullet points instead of paragraphs to keep things short
  • Put your degree(s) at the bottom of the résumé instead of the top
  • Make your résumé discoverable via search engine. This bit of advice comes from my good friend Sandro Fouché, who started the CS program at University of Maryland a few years ahead of me (and has since become a CS professor). I followed the advice by adding a copy of my current résumé to this blog (though I only make it visible/searchable when I’m actively seeking new work). His advice definitely pre-dates the founding of LinkedIn, and may predate the point at which Google Search got really good as well.

Speaking of LinkedIn, that may be among the best reasons to keep your résumé on the shorter side. You can always put the entire thing on LinkedIn. As of this writing, the UI only shows a paragraph or so for your most recent professional experience. Interested parties have to click “…see more” to display more information on a specific experience, and “Show n more experiences” where n is the number of previous employers you’ve had. Stack Overflow Careers is another good place to maintain a profile (particularly if you’re active on Stack Overflow).

Thoughts on the Damore Manifesto

Posted on by Scott

I’ve shared a few articles on Facebook regarding the now infamous “manifesto” (available in full here) written by James Damore.  But I’m (finally) writing my own response to it because being black makes me part of a group even more poorly represented in computer science (to say nothing of other STEM fields) than women (though black women are even less represented in STEM fields).

One of my many disagreements with Damore’s work (beyond its muddled and poorly written argument) is how heavily it leans on citations of very old studies. Even if such old studies were relevant today, more current and relevant data debunks the citations Damore uses. To cite just two examples:

Per these statistics, women are not underrepresented at the undergraduate level in these technical fields and only slightly underrepresented once they enter the workforce.  So how is it that we get to the point where women are so significantly underrepresented in tech?  Multiple recent studies suggest that factors such as isolation, hostile male-dominated work environments, ineffective executive feedback, and a lack of effective sponsors lead women to leave science, engineering and technology fields at double the rate of their male counterparts.  So despite Damore’s protestations, women are earning entry-level STEM degrees at roughly the same rate as men and are pushed out.

Particularly in the case of computing, the idea that women are somehow biologically less-suited for software development as a field is proven laughably false by simply looking at the history of computing as a field.  Before computers were electro-mechanical machines, they were actually human beings–often women. The movie Hidden Figures dramatized the role of black women in the early successes of the manned space program, but many women were key to advances in computing both before and after that time.  Women authored foundational work in computerized algebra, wrote the first compiler, were key to the creation of Smalltalk (the first object-oriented programming language), helped pioneer information retrieval and natural language process, and much more.

My second major issue with the paper is its intellectual dishonesty.  The Business Insider piece I linked earlier covers the logical fallacy at the core of Damore’s argument very well.  This brilliant piece by Dr. Cynthia Lee (computer science lecturer at Stanford) does it even better and finally touches directly on the topic I’m headed to next: race.  Dr. Lee notes quite insightfully that Damore’s citations on biological differences don’t extend to summarizing race and IQ studies as an explanation for the lack of black software engineers (either at Google or industry-wide).  I think this was a conscious omission that enabled at least some in the press who you might expect to know better (David Brooks being one prominent example) to defend this memo to the point of saying the CEO should resign.

It is also notable that though Damore claims to “value diversity and inclusion”, he objects to every means that Google has in place to foster them.  His objections to programs that are race or gender-specific struck a particular nerve with me as a University of Maryland graduate who was attending the school when the federal courts ruled the Benjamin Banneker Scholarship could no longer be exclusively for black students.  The University of Maryland had a long history of discrimination against blacks students (including Thurgood Marshall, most famously).  The courts ruled this way despite the specific history of the school (which kept blacks out of the law school until 1935 and the rest of the university until 1954.  In the light of that history, it should not be a surprise that you wouldn’t need an entire hand to count the number of black graduates from the School of Computer, Mathematical and Physical Sciences in the winter of 1996 when I graduated.  There were only 2 or 3 black students, and I was one of them (and I’m not certain the numbers would have improved much with a spring graduation).

It is rather telling how seldom preferences like legacy admissions at elite universities (or the preferential treatment of the children of large donors) are singled out for the level of scrutiny and attack that affirmative action receives.  Damore and others of his ilk who attack such programs never consider how the K-12 education system of the United States, funded by property taxes, locks in the advantages of those who can afford to live in wealthy neighborhoods (and the disadvantages of those who live in poor neighborhoods) as a possible cause for the disparities in educational outcomes.

My third issue with Damore’s memo is the assertion that Google’s hiring practices can effectively lower the bar for “diversity” candidates.  I can say from my personal experience with at least parts of the interviewing processes at Google (as well as other major names in technology like Facebook and Amazon) that the bar to even get past the first round, much less be hired is extremely high.  They were, without question, the most challenging interviews of my career to date (19 years and counting). A related issue with representation (particularly of blacks and Hispanics) at major companies like these is the recruitment pipeline.  Companies (and people who were computer science undergrads with me who happen to be white) often argue that schools aren’t producing enough black and Hispanic computer science graduates.  But very recent data from the Department of Education seems to indicate that there are more such graduates than companies acknowledge. Furthermore, these companies all recruit from the same small pool of exclusive colleges and universities despite the much larger number of schools that turn out high quality computer science graduates on an annual basis (which may explain the multitude of social media apps coming out of Silicon Valley instead of applications that might meaningfully serve a broader demographic).

Finally, as Yonatan Zunger said quite eloquently, Damore appears to not understand engineering.  Nothing of consequence involving software (or a combination of software and hardware) can be built successfully without collaboration.  The larger the project or product, the more necessary collaboration is.  Even the software engineering course that all University of Maryland computer science students take before they graduate requires you to work with a team to successfully complete the course.  Working effectively with others has been vital for every system I’ve been part of delivering, either as a developer, systems analyst, dev lead or manager.

As long as I have worked in the IT industry, regardless of the size of the company, it is still notable when I’m not the only black person on a technology staff.  It is even rarer to see someone who looks like me in a technical leadership or management role (and I’ve been in those roles myself a mere 6 of my 19 years of working).  Damore and others would have us believe that this is somehow the just and natural order of things when nothing could be further from the truth.  If “at-will employment” means anything at all, it appears that Google was within its rights to terminate Damore’s employment if certain elements of his memo violated the company code of conduct.  Whether or not Damore should have been fired will no doubt continue to be debated.  But from my perspective, the ideas in his memo are fairly easily disproven.