 So good afternoon, welcome to devconf as a big slide behind me says My name is Alon Mureinik and I work at Synopsys Where I manage the development of the Node.js and .NET agents for Seeker If you've never heard of Seeker or haven't heard about Seeker yet Seeker is the best IAS product out there, but as fascinating as IAS is in particular and Application security is in general. It's just not my topic today. So this is the last time I'm going to mention it Instead I want to talk about security So That was a Freudian slope of course, sorry Jitters, I want to talk about inclusion But before I go into inclusion, I kind of have to address the elephant in the room For those of you who know me and know my background as a DBA I'm not going to talk about postgres database. Don't worry But the elephant in the room here is me, of course So why is a privileged straight white dude up here talking about inclusion? well Think that the key here first of all is to recognize your privilege and I'm Fully aware of how privileged I am to to be speaking here How privileged I've been to being to have been speaking here for the last seven years, I believe How privileged I am to work for a great company like synopsis who was willing to fund my tropia and All the privilege I had throughout the career my career to to get to this point But The key for those of us who are privileged and Recognize that their privilege is to use this privilege and share it to put it to good use to help promote people who do not Enjoy the same privilege First of all because that's the right thing to do and if you do not use your own privilege like this You're wasting it and if for no other reason Privilege is a matter of context and Having privilege one day can just go away the next day if you didn't believe me just ask my ancestors Okay, much less not than I expected so this is either not controversial or you're still recovering from lunch Okay, now everyone's awake right So why are we talking about inclusion in open source? As open source by definition is open, right? Anyone can send a patch anyone can participate Well, it's inclusive by nature. Why are we even talking about it? I Don't think this is always true Think I went to go as far saying all open source, but in a lot of communities There's a big difference between Being able to send a patch which anyone can do because it's open and actually Excuse me actually being able to affect the community actually being able to make decisions Actually being a part of it And I'm just to clarify. I don't mean the difference between Maintainers and or committers or whatever you call them and people that aren't It is okay to have Different privileges for different roles. It is okay to say these people have proven track record We trust them to commit stuff and other people's don't The problem begins when you have different people with the same track record Who enjoy different privileges? If that's the case then you have an inclusion problem The good news at least from my experience is is sorry that more often than not this isn't done intentionally Don't think Any of us set out to be exclusionary But but it does happen and I think the reason it happens more often than not is That we just can't help ourselves being human humans suffer from cognitive biases Bias is all these small and Unconscious mental shortcuts our brains make to help us cope and process the world around us Now I'm sure some of you are like sitting there. I'm thinking wow That sounds awful. I Already feel sorry for people who have these how lucky am I not to have these right? So welcome to the world of unconscious bias There's a well-documented Well-researched bias called the bias blind spot Which is a false belief that everyone around you has cognitive biases Except of you except from you because you of course are logical and impartial Well, you aren't I think these biases are the unintentional Reason underline reason for most inclusion problems in open source and In my talk today, I want to Discuss a few of these and see how we can handle them and become more inclusive So before we even start before we go into biases Step number zero in being inclusive is to have a code of conduct Now this for some reason is a suggestion that gets a lot of pushback in many places a lot of A lot of times when I suggest this I hear well, we don't need a code of conduct We don't need a code of conduct because everyone gets along here, right? well, yes, but and This perception is of course biased as hell First of all, it suffers from the survivor bias So everyone still involved in this community gets along and doesn't need a code of conduct But what about all the people who are no longer involved in the community who left because they couldn't stand it Having a code of conduct may have prevented them from leaving Second one of the worst biases we all have is a bias called false consensus false consensus is a bias which Makes you believe that traits attributes core beliefs that you have are universally common So if everyone is like me, we don't need a code of conduct because I get along with myself just quite right But everyone is not like me People are different different people have different understandings of what is acceptable and unacceptable behavior So more often than not we need a code of conduct to spell these out to say, okay I get this is what you believe but here is what we all agree about and this is the acceptable way to act in our community So now that we've passed like phase number zero established a Sensible way for all of us to interact and agreed upon way Let's explore this false consensus bias further Let's see how this false consensus bias puts up barriers that prevents our communities from being more inclusive Excuse me Jack cold The first barrier a lot of communities have is a knowledge barrier Okay, and I don't mean technical knowledge, right? Think if you have a project written in Fogman's sake JavaScript It's fair enough to say that if you do not know JavaScript You'll have a hard time contributing code But that makes sense, right? Okay, you're welcome to contribute in other ways, but you'll have a hard time contributing code if you can't program in this language Fair enough, but there's a world of other knowledge around us mainly Procedural knowledge of how do I even interact with this community? Okay, some communities you just asked to submit a pull request Sometimes you need to open a jury ticket and have it approved and have it assigned to a specific sprint to tell you When to open this pull request? Or having opened the pull request. What do I need to include there? What what what is the code style? Do I need to sign a contributor agreement? Do I need to support x86 and arm? I don't know and a lot more often than not or all of this peripheral knowledge is Undocumented and you can't find it anywhere because everyone knows us, right? We do this all the time. We don't need to Describe how you send the pull request. Well, you do you really do Because if someone is not a member of the community He will he or she will not know how to do this and they cannot become a member of the community without knowing how to do this So document everything that is no such thing as being too explicit does not exist So in the worst case you spent 10 minutes of documenting something no one will read No big deal. It's a good a good sacrifice to prevent the case of Of someone wanting to become a part of your community and not being able to or not being able to effectively Second problem That arises from false consensus second barrier is a language barrier and again, I don't mean JavaScript I mean English and here, too, it's fair enough to say that our Project documentation our mailing list whatever is in English you have to have a Working proficiency in English in order to interact with the community. That's fair enough or even better We have translated our documentation and if you wish to contribute in Spanish English Jack Hebrew, whatever your mailing list, but given a Subset of the community that has a grade on a language usually English It's okay to assume that you need to speak this language. It's kind of by definition But but but what a lot of communities kind of move the bar much higher than it should be For so who here speaks English who here speaks English not as the first language Most of us So for people communicating in the second third fourth language, there's a huge difference between Having a conversation in an asynchronous matter in Mailing lists that you can take your time to reread everything look upwards. You don't understand If you want to write something complicated you ask your mom to reread it because her English is better than yours Thanks mom Your English is definitely better than mine That's doable but but then communities start taking advantage of technology, which is usually great but these conversations start shifting from mailing lists to online communication Immediate communication like IRC or discord or slack or I know what are cool kids using today. I Don't know if you noticed about me. I'm profoundly uncool. So I have no idea but For a non-native speaker It's considerably harder to have a conversation in an online chat than offline mailing list Even worse we have this cool new technology called telephones Which have become much much cheaper and all these voice solutions and a lot of projects are starting to have these daily weekly monthly calls which is Much much harder for not native speaker because now I need to start worrying about can people understand my horrible accent Can I understand everyone else's horrible accent? Do I get all the small jokes and idioms that people use when they talk instead of writing? these These are all barriers to inclusion because yeah, we have an open call and everyone can join it But if my English is only good enough for emails, I'll have a really hard time participating in this call Which has absolutely nothing to do with my technical understanding with my ability to flesh out a feature to suggest something and Be a really useful contributor to this community kind of bouncing of that Third barrier I want to talk about is a time barrier So this may come as a shock not everyone lives in the same time zone We have several of these in the world Not everyone uses the same work schedule in my small team back at synopsis I have people who started at seven and Leave the office at about three o'clock to pick up the kids I have different people who wake up at about 12 show up to the office at about one and Stay there till I have no idea. I'm not there anymore And this is a really small team in the same office when you take this globally to an open source project People have different time zones People have different work schedules How many of you have ever been on a? Weekly call on a Friday So, thank you everyone. I'm from Israel Friday is not a working day for us a Lot of Israeli companies like to schedule these talks on Sunday Just to Just to stick it to the man Horrible idea But and even if you take away these time zone and work schedule problems different people have different abilities to Divide their time definitely to an open source project definitely unpaid contributors I Will I am literally the last person who will say that fast feedback is not important In fact, I have a whole talk about why fast feedback is important But you need to be smart not only fast if you review pull request Take take a look and say looks good. Thank you merged. This is great. You gave fast feedback, right? But you've excluded from this discussion anyone who isn't awake during these 10 minutes and not excessively refreshing his browser A much better way of doing this is giving this fast feedback But not closing up the discussion Yeah, hey great great patch. Thank you for your contribution. I am purposely not merging this I'm going to wait till next Monday and leave the opportunity for anyone who's interested to look into this So you've both given fast feedback, but you left the discussion open. You didn't close it up and Speaking of time and communication barriers this kind of automatically leads to What I think is my core point There is Definitely when they are sorry got caught up with my own sentence I'll rephrase as projects mature People get to know each other better often they get to know each other Regardless of the context of the project More often than not in large projects where you have commercial interest You have people from the same company working on them people from the same team sitting in the same room How often have you seen a pull request merge request, whatever you call it look like this code Hey, I didn't understand what you did this Bad explanation in broken English because it's a second or third language for all of us Today's delay talked to David face-to-face understood his point. Thank you merging. So this is Just human instinct, right? It's extremely efficient. We all want to move forward with our day job But you are creating a situation here that if your name is not David and if you dance it in the exact same room as Whatever contributor Merged your code you have absolutely no way of getting your code in So this is very efficient and it moves really fast in the short term and in the long term. It's Excuse the language bloody awful This is the best way of creating a so-called open source community, which is closed to Only include people that know me personally Just putting your source your source code up in GitHub does not make it open so Always default to open any communication that did not happen in this open space did not happen and In the conditions that you can't because I'm seeing some faces yoga Yes, but we have a security consideration Yes, but this is the private information for my company This does happen if it does happen and you really can't avoid it first of all check yourself You usually can but if you really can't at least be transparent about it at least be able to say explicitly not discussing this because X Y Z See I'm running out of time so I want to summarize A lot of open source communities are not as inclusive as we'd want them to be usually in my experience this isn't done by By malice it's done by mistake. It's done because of unconscious biases. We just can't avoid the good news is that If we have good intent humans are capable of learning and if you're presented with data was facts Someone saying hey look doing this excludes anyone who doesn't have good English anyone who lives in a different country, whatever We can change if we want to With that, I'll take questions if they're any Yes, so, um, I'm not sure these are like technically correct terms, but Sorry The question was can I explain the difference between open and transparent? So I'm again, I'm not sure these are technically correct terms But what I mean having an open discussion is really discussing everything we are doing this because of Why in order to avoid Z blah blah blah? If you can't do this being transparent about it is about the reasoning We want to shift this project to do X instead of Y This is because of a commercial interest of the company we work out. We can't go into details but in March when we are when we'll have our first release this will be made clear So you aren't going into details, but you're at least being transparent on why you can't discuss the details Yes So I Sorry, so the question if I can shortly rephrase it is Having a kind of conduct and documenting more and more doesn't always work because As the question said some people are offended by everything and Not everyone really abides by the code of conduct So there's a few a few moving parts here first of all Code of conduct rules in general in any society work if there's good will in place if we all join a community in an explicit Explicit intention excuse the language to be assholes It doesn't matter what kind of conduct you have anywhere if you really try to be obnoxious you will succeed So it only works for if generally there is good face The important thing about kind of conduct is first of all being really explicit say hey look This is how we behave here if you are unwilling or unable to behave like this. I'm sorry. You are just unwelcome and This only works where you where you have the majority of the community kind of buying into this Doesn't really matter the letter of the code of conduct Okay, you don't expect anyone to say hey look I read your comment here. You are in violation of Article 12 subsection 3.d Nobody cares, but if if everyone buys into this the community will self moderate and and you will have people saying Sorry, we don't do this here Sorry, I'm out of time if anyone wants to ask anything else. I'll be in the hall Thank you for your time