Scope and Mission of wiki.mozilla.org — feedback wanted

One issue to emerge for last December’s Community Building meet-up was how important the Mozilla Wiki is to the project and also how neglected a resource it is. The Wiki Working Group was formed to address this issue. Since then, the Mozilla Wiki has become an official sub-module of Websites, we’ve fixed a handful of long-standing bugs, and we’re working on short- and long-term roadmaps for the wiki.

During our discussions about the wiki, we discovered the need for a clear statement about the purpose of the wiki, its role and importance to the project, what content belongs on the wiki (vs MDN, vs SUMO, etc.), and its governance structure. As such, we have drafted an About page that attempts to do those things.

We’d like for as many Mozillians as possible to read our draft and comment on it. When reviewing, we ask you to consider the following questions:

  • what about the content does or does not make sense to you?
  • what about the content does or does not resonate with you?
  • to what extent does the content match your vision for wiki.mozilla.org?
  • to what extent can you support the purpose, scope and governance structured described?

The comment period is open until 26 May 2014 at 14:00 UTC. Those comments will be considered and incorporated and this page adopted into the wiki by 15 June 2014.

Please make comments directly on the draft About wiki.mozilla.org.

Thank you to everyone from the Wiki Working Group who contributed to this document, especially: Lyre Calliope, Gordon Hemsley, Justin Crawford, Larissa Shapiro, Jennie Rose Halperin, Mark A. Hershberger, and Jason Crowe.

Creating an “Open Planning Checklist” – your feedback wanted

As part of the community building education efforts I’m leading at Mozilla, I’ve created a draft of an open planning checklist. The inspiration for the current content comes from our book Community Event Planning. I’ve modified it somewhat to be more Mozilla-specific.

This is meant to be a quick reference, one that project leaders can read and understand quickly, and reference as they set up their projects.

Please take a look at the draft on WikiMo and let me know what you think. For best collaboration, leave your comments directly on that wiki page. Otherwise leave a comment here on the blog, or visit my Mozillians profile for the best way to get in touch.

Community Building Education Update – 5 May 2014

This doesn’t fit specifically in either category below, but I still wanted to call attention to it: Last Tuesday we launched Firefox 29 “Australis,” our biggest redesign of Firefox since version 4!

Education & Culture Working Group

  • Further planning with Dino Anderson about diversity & inclusion efforts we’d like to roll out this year. I don’t have notes I can share, but will work on putting together some kind of update soon.
  • Drafted an open planning checklist (comments welcome!). This is geared towards all Mozilla teams (of paid and volunteer contributors) to help them adopt and maintain an open planning process.
  • Represented the E&C Working Group at the Grow Mozilla meeting.
  • Facilitated our regular Education & Culture working group meeting (notes).

Wiki Working Group

  • Triaged all open Websites::wiki.mozilla.org bugs. Closed 43 bugs (search).
  • Setup the wiki as a project in scrumbugs. Still updating bugs with user stories, so you won’t see a lot there, except in the backlog.
  • Worked, with Lyre and Larissa, on final drafts of wiki.mozilla.org and WWG purpose and scope documents. We’ll review as a group tomorrow and then I’ll post publicly.

Other

  • I wrote a tiny, simple WordPress plugin called bz shortcode to help make generating individual bugzilla.mozilla.org links on this blog easier.
  • I’m trying to attend fewer meetings so that I have more time to work. My strategy so far is: If I receive a meeting invite without an agenda item making it clear why I’m a necessary participant, I’ve started declining with a note to the organizer asking if I really need to be there. The flip side of this is that I’m doing my best to have clear agendas a head of time for the meetings that I facilitate.

Priorities for this week

  • Finalize scope documents for both the wiki itself and the wiki working group.
  • Update contribute area page for webdev.
  • Outline requirements for project-wide “Mozilla Quilt” (part of Education roadmap). Working on this with Dino and others.
  • Expand the brainstorm of needed community building skills that we started at last month’s MozCamp planning session to entire organization using Mozilla moderator.
  • Collect feedback on open planning checklist and publish.

Get Involved

As always, you are welcome to join me in any of these projects. Look at my mozillians profile for the best way to get in touch with me.

Upcoming meetings

Calendar file for both meetings: ics or html.

Community Building Education Update – 29 April 2014

Note: This is the first in what I plan to be weekly updates about the work we’re doing as part of the Education and Wiki Working Groups, part of the community building team at Mozilla. I’ll tag these updates with mozilla as well as cbt-education and wwg when appropriate.

Wiki Working Group

On Tuesday of last week we help our twice-monthly Wiki Working Group meeting (notes). Key takeaways:

  • We celebrated becoming an official sub-module of websites.
  • We talked about planning an in-person meet-up and sprint at this year’s Wikimania in London.
  • We talked about the need to clarify our vision for the wiki as a prerequisite for creating the long-term roadmap, as well as the need start on a short-term roadmap to address critical needs.

During our next meeting we’ll continue work on both the short- and long-term roadmaps. If you’re interested in contributing, please get involved!

Later in the week, a few of us fixed the following bugs:

  • Bug 858844 – Sortable tables on wiki no longer sortable
  • Bug 1001710 – Recent changes to wiki.mozilla.org break bugzilla plugin
  • Bug 819708 – wiki.mozilla.org editor wont show rich text editor

MozCamp Planing Session

Last week a handful of contributors gathered at the San Francisco office to plan MozCamps 2014, the next phase of what we’re still calling “MozCamps” but which we plan to evolve into a new kind of event.

I’m still synthesizing everything we covered during the planning session, but the most relevant takeaway in terms of the education working group was this list of community building skills that the group generating during a brainstorming session about what content should be included in the new MozCamps. This week I’m working to integrate that list into the existing community building curriculum roadmap.

An Explanation of the Heartbleed bug for Regular People

I’ve put this explanation together for those who want to understand the Heartbleed bug, how it fits into the bigger picture of secure internet browsing, and what you can do to mitigate its affects.

HTTPS vs HTTP (padlock vs no padlock)

When you are browsing a site securely, you use https and you see a padlock icon in the url bar. When you are browsing insecurely you use http and you do not see a padlock icon.

Firefox url bar for HTTPS site (above) and non-HTTPS (below).
Firefox url bar for HTTPS site (above) and non-HTTPS (below).

HTTPS relies on something called SSL/TLS.

Understanding SSL/TLS

SSL stands for Secure Sockets Layer and TLS stands for Transport Layer Security. TLS is the later version of the original, proprietary, SSL protocol developed by Netscape. Today, when people say SSL, they generally mean TLS, the current, standard version of the protocol.

Public and private keys

The TLS protocol relies heavily on public-key or asymmetric cryptography. In this kind of cryptography, two separate but paired keys are required: a public key and a private key. The public key is, as its name suggests, shared with the world and is used to encrypt plain-text data or to verify a digital signature. (A digital signature is a way to authenticate identity.) A matching private key, on the other hand, is used to decrypt data and to generate digital signatures. A private key should be safeguarded and never shared. Many private keys are protected by pass-phrases, but merely having access to the private key means you can likely use it.

Authentication and encryption

The purpose of SSL/TLS is to authenticate and encrypt web traffic.

Authenticate in this case means “verify that I am who I say I am.” This is very important because when you visit your bank’s website in your browser, you want to feel confident that you are visiting the web servers of — and thereby giving your information to — your actual bank and not another server claiming to be your bank. This authentication is achieved using something called certificates that are issued by Certificate Authorities (CA). Wikipedia explains thusly:

The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate.

In order to obtain a valid certificate from a CA, website owners must submit, at minimum, their server’s public key and demonstrate that they have access to the website (domain).

Encrypt in this case means “encode data such that only authorized parties may decode it.” Encrypting internet traffic is important for sensitive or otherwise private data because it is trivially easy eavesdrop on internet traffic. Information transmitted not using SSL is usually done so in plain-text and as such clearly readable by anyone. This might be acceptable for general internet broswing. After all, who cares who knows which NY Times article you are reading? But is not acceptable for a range of private data including user names, passwords and private messages.

Behind the scenes of an SSL/TLS connection

When you visit a website with HTTPs enabled, a multi-step process occurs so that a secure connection can be established. During this process, the sever and client (browser) send messages back and forth in order to a) authenticate the server’s (and sometimes the client’s) identity and, b) to negotiate what encryption scheme, including which cipher and which key, they will use for the session. Identities are authenticated using the digital certificates mentioned previously.

When all of that is complete, the secure connection is established and the server and client send traffic back and forth to each other.

All of this happens without you ever knowing about it. Once you see your bank’s login screen the process is complete, assuming you see the padlock icon in your browser’s url bar.

Keepalives and Heartbeats

Even though establishing an ssl connection happens almost imperceptibly to you, it does have an overhead in terms of computer and network resources. To minimize this overhead, network connections are often kept open and active until a given timeout threshold is exceed. When that happens, the connection is closed. If the client and server wish to communicate again, they need to re-negotiate the connection and re-incur the overhead of that negotiation.

One way to forestall a connection being closed is via keepalives. A keepalive message is used to tell a server “Hey, I know I haven’t used this connection in a little while, but I’m still here and I’m planning to use it again really soon.”

Keepalive functionality was added to the TLS protocol specification via the Heartbeat Extension. Instead of “Keepalives,” they’re called “Heartbeats,” but they do basically the same thing.

Specification vs Implementation

Let’s pause for a moment to talk about specifications vs implementations. A protocol is a defined way of doing something. In this case of TLS, that something is encrypted network communications. When a protocol is standardized, it means that a lot of people have agreed upon the exact way that protocol should work and this way is outlined in a specification. The specification for TLS is collaboratively developed, maintained and promoted by the standards body Internet Engineering Task Force (IETF). A specification in and of itself does not do anything. It is a set of documents, not a program. In order for a specifications to do something, they must be implemented by programmers.

OpenSSL implementation of TLS

OpenSSL is one implementation of the TLS protocol. There are others, including the open source GnuTLS as well as proprietary implementations. OpenSSL is a library, meaning that it is not a standalone software package, but one that is used by other software packages. These include the very popular webserver Apache.

The Heartbleed bug only applies to webservers with SSL/TLS enabled, and only those using specific versions of the open source OpenSSL library because the bug relates to an error in the code of that library, specifically the heartbeat extension code. It is not related to any errors in the TLS specification or and in any of the underlying ciper suites.

Usually this would be good news. However, because OpenSSL is so widely used, particularly the affected version, this simple bug has tremendously reach in terms of the number of servers and therefor the number of users it potentially affects.

What the heartbeat extension is supposed to do

The heartbeat extension is supposed to work as follows:

  • A client sends a heartbeat message to the server.
  • The message contains two pieces of data: a payload and the size of that payload. The payload can by anything up to 64kb.
  • When the server receives the heartbeat message, it is to add a bit of extra data to it (padding) and send it right back to the client.

Pretty simple, right? Heartbeat isn’t supposed to do anything other than let the server and client know they are each still there and accepting connections.

What the heartbeat code actually does

In the code for affected versions (1.0.1-1.0.1f) of the OpenSSL heartbeat extension, the programmer(s) made a simple but horrible mistake: They failed to verify the size of the received payload. Instead, they accepted what the client said was the size of the payload and returned this amount of data from memory, thinking it should be returning the same data it had received. Therefore, a client could send a payload of 1KB, say it was 64KB and receive that amount of data back, all from server memory.

If that’s confusing, try this analogy: Imagine you are my bank. I show up and make a deposit. I say the deposit is $64, but you don’t actually verify this amount. Moments later I request a withdrawal of the $64 I say I deposited. In fact, I really only deposited $1, but since you never checked, you have no choice but to give me $64, $63 of which doesn’t actually belong to me.

And, this is exactly how a someone could exploit this vulnerability. What comes back from memory doesn’t belong to the client that sent the heartbeat message, but it’s given a copy of it anyway. The data returned is random, but would be data that the OpenSSL library had been storing in memory. This should be pre-encryption (plain-text) data, including your user names and passwords. It could also technically be your server’s private key (because that is used in the securing process) and/or your server’s certificate (which is also not something you should share).

The ability to retrieve a server’s private key is very bad because that private key could be used to decrypt all past, present and future traffic to the sever. The ability to retreive a server’s certificate is also bad because it gives the ability to impersonate that server.

This, coupled with the widespread use of OpenSSL, is why this bug is so terribly bad. Oh, and it gets worse…

Taking advantage of this vulnerability leaves no trace

What’s worse is that logging isn’t part of the Heartbeat extension. Why would it be? Keepalives happen all the time and generally do not represent transmission of any significant data. There’s no reason to take up value time accessing the physical disk or taking up storage space to record that kind of information.

Because there is no logging, there is no trace left when someone takes advantage of this vulnerability.

The code that introduced this bug has been part of OpenSSl for 2+ years. This means that any data you’ve communicated to servers with this bug since then has the potential to be compromised, but there’s no way to determine definitively if it was.

This is why most of the internet is collectively freaking out.

What do server administrators need to do?

Server (website) administrators need to, if they haven’t already:

  1. Determine whether or not their systems are affected by the bug. (test)
  2. Patch and/or upgrade affected systems. (This will require a restart)
  3. Revoke and reissue keys and certificates for affected systems.

Furthermore, I strongly recommend you enable Perfect forward secrecy to safeguard data in the event that a private key is compromised:

When an encrypted connection uses perfect forward secrecy, that means that the session keys the server generates are truly ephemeral, and even somebody with access to the secret key can’t later derive the relevant session key that would allow her to decrypt any particular HTTPS session. So intercepted encrypted data is protected from prying eyes long into the future, even if the website’s secret key is later compromised.

What do users (like me) need to do?

The most important thing regular users need to do is change your passwords on critical sites that were vulnerable (but only after they’ve been patched). Do you need to change all of your passwords everywhere? Probably not. Read You don’t need to change all your passwords for some good tips.

Additionally, if you’re not already using a password manager, I highly recommend LastPass, which is cross-platform and works on pretty much every device. Yesterday LastPass announced they are helping users to know which passwords they need to update and when it is safe to do so.

If you do end up trying LastPass, checkout my guide for setting it up with two-factor auth.

Further Reading


If you like visuals, check out this great video showing how the Heartbleed exploit works.

If you’re interested in learning more about networking, I highly recommend Ilya Grigorik‘s High Performance Browser Networking, which you can also read online for free.

If you want some additional technical details about Heartbleed (including actual code!) checkout these posts:

Oh, and you can listen to Kevin and I talk about Heartbleed on In Beta episode 96, “A Series of Mathy Things.”

Conclusion

On Brendan Eich as CEO of Mozilla

Today Mozilla announced a number of leadership changes, including the appointment of Brendan Eich as CEO. Amid the analysis of the change, there is a lengthy post on Hacker News specifically discussing Brendan’s support of anti-LGBT Prop. 8 in 2008 and whether or not it affects his suitability as CEO.

As a single employee of Mozilla, I am not sure I can definitively determine Brendan’s suitability. I can, however, give insight as to what I experience at Mozilla as a queer woman and how I feel about the appointment.

Mozilla is a very unique organization in that it operates in a strange hybrid space between tech company and non-profit. There simply aren’t a lot of models for what we do. Wikimedia Foundation is always the one that comes closest to mind for me, but remains a very different thing. As such, people with experience relevant Mozilla, relevant enough to lead Mozilla well, are in very short supply. An organization can always choose to make an external hire and hope the person comes to understand the culture, but that is a risky bet. Internal candidates who have demonstrated they get the culture, the big picture of where we need to go and have demonstrated they can effectively lead large business units, on the other hand, present as very strong options.

And, from my limited vantage point, that’s what I see in Brendan.

Like a lot of people, I was disappointed when I found out that Brendan had donated to the anti-marriage equality Prop. 8 campaign in California. It’s hard for me to think of a scenario where someone could donate to that campaign without feeling that queer folks are less deserving of basic rights. It frustrates me when people use their economic power to further enshrine and institutionalize discrimination. (If you haven’t seen it, here’s Brendan’s response to the issue.)

However, during the intervening years, I’ve spent a lot of time navigating communities like Mozilla and figuring out how to get things done. I’ve learned that it’s hard working with people but that you have to do it anyway. I’ve learned that it can be even harder to work with someone when you think you don’t share your fundamental beliefs, or when you think they hold opposing or contradictory beliefs, but you have to do that sometimes, too.

The key is to figure out when it’s important to walk away from interacting with a person or community because of a mis-alignment in beliefs and when you need to set aside the disagreement and commit to working together in service of the shared goal. Context is really important here. What is the purpose or mission of the community? Who is its audience? What are its guiding principles?

Mozilla’s mission is “to promote openness, innovation & opportunity on the Web.” Our audience is the global community of people connecting to the internet. Our guiding principles are numerous, but include protecting the internet as a public resource and upholding user privacy, security and choice.

At the same time, many Mozillians are themselves advocates for human rights, animal rights, prison abolition, marriage equality, racial equality, etc. As much as some of those causes might overlap with the cause of a free and open internet, they are separate causes and none of them are the focus of Mozilla the organization. Focus is important because we live in a world of limited resources. Mozilla needs to stay focused on the mission we have all come together to support and move forward.

Another factor to consider: What is their behavior within the community, where we have agreed to come together and work towards a specific mission? How much does a person’s behavior outside the scope of community affect the community itself? Does the external behavior conflict directly with the core mission of the organization?

To be clear, I’m personally disappointed about Brendan’s donation. However, aside from how it affected me emotionally, I have nothing to indicate that it’s materially hurt my work within the Mozilla community or as a Mozilla employee. Mozilla offers the best benefits I have ever had and goes out of its way to offer benefits to its employees in same-sex marriages or domestic partnerships on par with those in heterosexual marriages. Last year we finally got trans-inclusive healthcare. We didn’t have an explicit code of conduct when I started, but adopted the guidelines for participation within my first year. Progress might be slow, but it’s being made. And I don’t see Brendan standing in the way of that.

Certainly it would be problematic if Brendan’s behavior within Mozilla was explicitly discriminatory, or implicitly so in the form of repeated microagressions. I haven’t personally seen this (although to be clear, I was not part of Brendan’s reporting structure until today). To the contrary, over the years I have watched Brendan be an ally in many areas and bring clarity and leadership when needed. Furthermore, I trust the oversight Mozilla has in place in the form of our chairperson, Mitchell Baker, and our board of directors.

It’s true there might be a kind of collateral damage from Brendan’s actions in the form of some people withdrawing from participation in Mozilla or never joining in the first place. There’s a lot I could say about people’s responses to things that happen at Mozilla, but I’ll save those for another time.

For now, I’ll just say that if you’re queer and don’t feel comfortable at Mozilla, that saddens me and I’m sorry. I understand where you’re coming from, at least in part, because I had a rocky start at Mozilla and often questioned my fit in the community. That’s why I’m putting considerable effort into changing how we interact with and support contributors from marginal groups. If you want to join me, look at what we’re doing with the Education Working Group and then get in touch.

To conclude, what I offer to my fellow Mozillians, including Brendan, is this:

  • I respect that you have a private life, including interactions in other communities, that may not match my beliefs or may even conflict with them.
  • I recognize that despite possible differences in our personal beliefs, you are just as committed as I am to Mozilla’s mission and have a lot to offer the community.
  • I agree, and ask you to do the same, to set aside those differences to create a shared space in which we can work together on the Mozilla mission.
  • In that space, we’ll treat each other as human beings, following the participation guidelines, even if doing so will stretch our skills and make us slightly uncomfortable.
  • We agree to communicate with honesty and empathy and to find ways to support each other’s work in the project.

Update 28 March 2014 8:30 PDT:

Since Monday, Brendan and Mitchell have both published responses, which I’ve included below. I’ve also included posts from some colleagues.

Update 30 March 2014 15:45 PT:

Some additional posts from colleagues:

Joining the Community Building Team at Mozilla

Grow Mozilla

After almost a year and a half on the Technical Evangelism team, my role at Mozilla is changing. As of March 3rd, I am the Education Lead on the recently formed Community Building Team (CBT) led by David Boswell.

The purpose of the CBT is to empower contributors to join us in furthering Mozilla’s mission. We strive to create meaningful and clear contribution pathways, to collect and make available useful data about the contribution life-cycle, to provide relevant and necessary educational resources and to help build meaningful recognition systems.

As Education Lead, I’ll drive efforts to: 1) identify the education and culture-related needs common across Mozilla, and b) to develop and implement strategies for creating and maintaining these needs. Another part of my role as Education Lead will be to organize the Education and Culture Working Group as well as the Wiki Working Group.

Community Building Team, March 2014 in SF
Community Building Team, March 2014 in SF

I’m super excited to be joining Dino Anderson, David Boswell, Michelle Marovich, Pierros Papadeas, William Quiviger, and Larissa Shapiro and for community building to be a recognized, full-time aspect of my job at Mozilla.

If I had been working with you on Firefox OS App localization and you still have questions, let me know or email appsdev@mozilla.com.

VidyoDesktop 2.2.x on Linux with PulseAudio 4.0 (Ubuntu 13.10)

Recently I upgraded my work laptop from Xubuntu 13.04 to 13.10. The upgrade went well, except for an issue with audio output from VidyoDesktop. Every other application worked fine. Skype, audio from Flash inside both Firefox and Chromium, gmusicbrower, Rhythmbox, and the system sounds all performed as expected.

After spending a day spelunking the depths of PulseAudio, a co-worker pointed me to this bug report which links to this blog post about making Skype compatible with changes in PulseAudio 4.0.

I confirmed that manually starting Vidyo with the following command re-enabled audio:

PULSE_LATENCY_MSEC=60 VidyoDesktop

And then modified the Exec line in /etc/xdg/autostart/vidyo-vidyodesktop.desktop to this:

Exec=env PULSE_LATENCY_MSEC=60 VidyoDesktop -AutoStart

The non-autostart menu file (/usr/share/applications/vidyo-vidyodesktop.desktop) just needs the following:

Exec=env PULSE_LATENCY_MSEC=60 VidyoDesktop

We’re using version 2.2.x of the VidyoDesktop client, which I believe has been superseded and so you may not need this fix at if you use a later client version.

Alternative Definitions of Conflict

Some months back, Code Hale mentioned the book Mediating Dangerously: The Frontiers of Conflict Resolution by Kenneth Cloke. I’ve ever so glad he did, as the book has given me a life-changing perspective on the nature of conflict and how to address it. One of the most profound things I learned from the book is a a set of alternate definitions of conflict.

In the book, Cloke says

“Most people think of conflicts as disagreements based on difference over what they think, feel, or want. Yet most arguments have little or nothing to do with the issues over which people battled.”

Understanding these alternative sources of conflict and being able to identify which applies to a given situation is of paramount importance because: “each calls for a different set of strategies to prove the inner logic of the dispute and a different set of questions to elicit honest and empathy.” Because each type of conflict requires a different strategy and set of questions, you won’t know which to employ until you’ve identified the true source of the dispute. Once you have identified the source, you can choose a more appropriate and targeted approach to resolving the conflict.

Here’s the list:

  • Conflict represents a lack of awareness of the imminence of death or sudden catastrophe.
  • Conflict arises wherever there is a failure of connection, collaboration, or community; an inability to understand our essential interconnectedness and the universal beauty of the human spirit.
  • Conflict is a lack of acceptance of ourselves that we have projected onto others, a way of blaming others for what we perceive as failures in our own lives. It reveals a need to hide behind roles or masks that do not reflect our authentic feelings so we can divert attention from our mistakes.
  • Conflict represents a boundary violation, a failure to value or recognize our own integrity or the personal space of others.
  • Conflict is a way of getting attention, acknowledgement, sympathy, or support by casting ourselves as the victim of some evil-doer.
  • Conflict represents a lack of skill or experience at being able to handle a certain kind of behavior.
  • Conflict is often simply the continued pursuit of our own false expectations, the desire to hold on to our unrealistic fantasies.
  • Conflict represents a lack of listening, a failure to appreciate the subtlety in what someone else is saying.
  • Conflict is often a result of secrets, concealments, confusions, conflicting messages, cover-ups, and what we have failed to communicate.
  • Conflict represents a lack of skill, effectiveness, or clarity in saying what we feel, think, or want.
  • Conflict is a way of opposing someone who represents a parent with whom we have not yet resolved our relationships.
  • Conflict is the sound made by the cracks in a system, the manifestation of contradictory forces coexisting in a single space.
  • Conflict is the voice of a new paradigm, a demand for change in a system that has outlived its usefulness.
  • Conflict represents an inability to grieve or say goodbye, a refusal to let go of something that is dead or dying.
  • Conflict is a way of being negatively intimate when positive intimacy becomes impossible.
  • Conflict is the expression of one-half of a paradox, enigma, duality, polarity, or contradiction.
  • Conflict is often a fearful interpretation of difference, diversity, and opposition, which ignores the essential role of polarity in creating unity, balance, and symbiosis.
  • Conflict is a result of our inability to learn from our past mistakes, our failure to recognize them as opportunities for growth, learning, and improved understanding.

 

Making Time for New Projects

There are many privileges I have working at Mozilla. One of them is a decent amount of time off, by American standards. This year Mozilla continued the tradition of closing offices and halting business for the last two weeks of the year. Originally I had thought about getting some volunteer work done during the time off, but ended up just spending time with Sherri and our friends, puttering around the house and playing a lot of Skyrim. It’s difficult for me to disengage from my various responsibilities and truly allow myself time to relax and rest. I felt guilty the first two-thirds of this time off. Despite that, I did manage to have some good rest and in taking a break, I was able to think clearly about what I want out of the next year or so.

What I realized is that I’m ready for a shift. I haven’t been able to make the kind of progress I’d like on a few projects that are actually very important to me. There are some good reasons for this lack of progress. The past 18-24 months have been extremely chaotic on a personal level. Sherri and I became deeply involved in caring for her ailing mother. We lost a dear friend. We bought a house and moved.

I’m happy to say that a lot of that is behind us now. Sherri’s Mom is settled into assisted living and others are responsible for her care now. We aren’t planning to buy a house, move or have any major construction done. We also seem to have found medication regimine that is keeping my asthma somewhat under control. As a result, I’m sleeping better at night and can engage is more physical activity than I have been able to in quite some time.

With things on the home and personal fronts feeling more settled, there’s one remaining barrier to going deeper into my most important projects: having too many projects.

In a lot of ways we falsely operate on a model of scarcity. Lots of things aren’t actually scarce when we think they are. Time, however, truly is available in limited amounts. If I’m involved in ten projects, each one of them is going to get less time, on average, than if I’m involved in five. It sounds like a simple, obvious, statement. But, like possessions, it’s easy for us to accumulate projects and difficult to let them go.

There are a lot of reasons we hold on to our projects: No clear succession path, not wanting to say goodbye to the project itself or to something it provides for us, not wanting to feel like you’ve failed or that you’re letting someone down, the uncertainly of knowing what will take its place, habit. All of these represent valid needs we have and it’s important to honor those needs and the feelings that arise when thinking about not continuing to be involved in something.

Over the years I’ve cultivated a set of questions I ask myself to help navigate the process of identifying whether or not it’s time to let go of a project. These include:

  • If I stopped doing this project, what are things I could do with that time instead?
  • What other things I’m excited about have I been saying no to because I’m involved in this project?
  • Am I still learning things or otherwise growing as a person as a result of being involved in this project?
  • Is the project still evolving as a result of my involvement, or has it stagnated?
  • Are there ways to deescalate but still maintain some involvement that would be satisfying to me?
  • If I can’t identify a clear succession path for the project, what’s the worst that can happen?
  • If I think the worst case is that no one continues it, does that mean that the project had reached its natural end?
  • What are the ultimate goals of my project? That I want to be around for?
  • What do I envision the end of the project to be? What does it looks like when my project has accomplished its mission, achieved all its goals?

Generally, we spend a lot of energy on starting, building and sustaining projects and very little energy on defining a project’s end. No wonder we have trouble ending projects! Often we rely on external factors to drive decisions about endings. Work life becomes untenable so we quit, or we accept an offer elsewhere. Or we disengage from a project abruptly when some other issue in our lives becomes a higher priority and gives us permission to do so. I wonder if there’s a benefit to bringing additional mindfulness and intention to how we approach ending projects. This doesn’t mean mapping out a complete plan at the beginning of a project and then rigorously and stubbornly abiding by it, regardless of changing circumstances. Rather, I think it’s a useful strategy to periodically inventory what we’re working on, ask the above questions of each.

In asking myself the above questions about all my projects at the end of this year, I was able to arrive at a clear picture about which projects I’m okay letting go of, or decreasing my involvement in, and which new projects I’d like to take on.

The plan for 2014 is something like:

  • Organize fewer events. The main event that I plan to maintain my involvement in this year is Open Source Bridge. All others I either won’t be involved in, or will only be involved in an advisory role. Stepping back my event-planning role means that I’ll be able to devote more attention to my role as President of Stumptown Syndicate.
  • Attend fewer repeat conferences. I’ve decided not to attend PyCon or OSCON this year. Both of these conferences I’ve been to multiple times and crossing them off my calendar means I’ll have more time to attend new conferences. Top on my list are: Allied Media Conference, Wikimania, WikiConference USA, LibrePlanet.
  • Submit no conference proposals. I’m not planning to do any speaking at conference unless specifically invited to do so. This frees up time to work on our Event Planning Handbook and accompanying workshop.
  • Spend less time on social media. I have a bad habit of treating social media like a sweet or a cigarette. Stuck on something? Check Twitter. Stressed about something? Check Twitter. There’s nothing inherently wrong with this. Stress relievers are good — as long as they are serving their purpose. However, social media tends to become a distraction and one that generates more stress than it relieves. Spending less time on Twitter/Facebook means I will have more time to engage in deeper conversation and nurture one-one-one connections. I’ll still use social media, but with intention and in time-constrained amounts.

What about you? What are some ways you figure out how to continue or end projects? What things are you planning to do less and/or more of this year?