28 December 2017

Interview Gabriel Grill

I have known Gabriel since a long time. We met at an early meetings of the Java User Group Vienna many years ago. I noticed him sharing content concerning diversity. It was just a matter of time until I would make him share his views ;-)

Gabriel, please introduce yourself. Why did you choose to become a software developer?
My name is Gabriel Grill. Currently I am writing my Master's Thesis at the University of Technology, Vienna, and work at the Austrian Centre for Digital Humanities at the Austrian Academy of Sciences. I started programming in high school (HTL). My main reasons for choosing the field at that time were the possibilities for earning money afterwards and the high probability of having a secured job in the future. After I got to know programming more, I liked how seamless one could use this skill to create things, the puzzle solving aspects of it and the creativity one needs to find solutions. I always tried not to focus too much on computing only. Consequently - at university - I took lectures in the social sciences, was politically involved, played the drums, did theatre and so on.

brosI know that you are concerned with sexism. For example I noticed you sharing content about women in technology. Why does that matter to you?
I believe it is important to be socially engaged in groups, organisations, etc. one is a part of and try to improve conditions for marginalised people there. Inclusion helps everybody. I very much recommend to watch this video on gender-inclusive software design by Distinguished Professor Margaret Burnett, which explains this point much better then I could.

My engagement in tech is not limited to barriers women have to face, I think structural discrimination against this group is still a very big issue in the community. Structural means that the discrimination is ingrained into the culture, normalised, and thereby one has to actively learn, reflect and work against exclusionary mechanisms to change the status quo. In male majority communities, such as the developer community, often so called "bro" cultures emerge. They have certain unwritten rules of how one should act and look like, to be a part of them. An example to me is the beer with "the guys" after work. Bonds are often formed there which in turn may help the people participating to advance in their careers. But there are people who are not into that or do not have the time. Similarly smoke breaks allow those who participate to connect more. Another example, which I have noticed several times in conversations or talks at conferences, are various forms of sexualisation or objectification through jokes or comments, which have exclusionary effects. These seemingly small things together make up a culture in which some have it easier to be a part of. Many of these mechanisms are not unique to developer communities but prevalent in society. The "Pop Culture Detective" is a great YouTube-Channel with many videos on reflections of portrayals of culture in media. I recommend its videos on the "Big Bang Theory" and nerdom especially to male developers (Part 1 - The Adorkable Misogyny of The Big Bang Theory, Part 2 - The Complicity of Geek Masculinity on the Big Bang Theory). I think we all would benefit a lot from a more inclusive and reflective community where for instance I, as a man, would not have to act and dress in certain ways to feel "normal". I would love if our community was much more about supporting one another and thinking about how to improve society.

What other topics are you concerned about?
I usually do political work in the contexts I am directly involved in. Consequently I have been doing a lot of student politics working against different types discrimination based on income, gender, race, accessibility at university. I believe in Austria we have a special responsibility to reflect and remember our past and work against right wing tendencies that want to divide society. In this manner, I want to point to Karl Popper's "Paradox of tolerance" which states: "Unlimited tolerance must lead to the disappearance of tolerance. We should therefore claim, in the name of tolerance, the right not to tolerate the intolerant." I try to take part in protests or actions that I am fond of and generally work on awareness through campaigns.

I am also interested in net politics, privacy and ethics of programming or more generally algorithmic systems. I have created a seminar lecture at TU Wien together with professor Tompits and my colleague Matthias Fassl to enable students to read scientific papers on ethical and social aspects of such systems and have interesting discussions. I try to talk at events or conferences sometimes to raise points I find important. I think generally as developers we need to spend more time on reflecting and learning how to build systems for people. This entails taking diversity into account and creating software which is not only tailored for a small subset of people who are well-off anyway but also useful to people with little money or single parents. I educate myself through lectures mostly in the social sciences, blogs and papers. I recommend to look through YouTube and Twitter, and consume content of people who belong to marginalised groups, such as Feminist Frequency, Kat Blaque and Annie Elainey. There is a lot to learn about other experiences.

I think global warming is a big issue and my actions here are more on a personal level like eating only little meat.

Outside your personal topics discussed till now, what do you consider the biggest challenges (for humanity)?
That is a very tough question to answer. I think it would be arrogant of me to answer this question bluntly. Depending on your circumstances the answers would be very different. For instance to me climate change is a big issue, but there are many people out there who see this differently. I think it is very important to explain to them that doing nothing makes things worse, but there may be no universal human challenges on which everybody completely agrees on. As a middle European, white, male, able-bodied, computer science student to me climate change may be a big issue at the moment, but for people who are starving or live in poverty other priorities apply.

Many developers would probably answer this question somehow similar because it is still a very homogeneous group. That is why I believe questions like this should be asked to people with different backgrounds to get a better answer. This would necessarily include most people that are part of the global South. I think as developers we should look more outside our own bubbles to grow our perspectives. I consider dealing with remnants of colonialism as a very important issue and in turn exploitation of the global South as well as weapon trading and war. Most of the other issues I have mentioned in the previous question.

Speak up, make your voice heardWhat do you do to engage in the topics? For example, did you take part in public protests, donate money to NGOs or sign petitions?
I do things like trying to eat less meat and use public transport as much as possible, but ultimately I think most important are policies. The issues mentioned in the previous questions should be tackled collectively through democratic processes by engaging in a political party or other organisation, raising awareness through events or activism and learning on what issues are there and what they really are about. I do many of these things and the ones you mentioned in the question as well, but still time and money is limited and you have to prioritise.

I would like to see more impact of my regular work on these important topics. Do you think that is possible in general?
I do not know if it is possible in general, but I think as developers we are in the position to be able to choose were we want to work. We can ask critical questions, have a positive influence on the projects we work on, raise awareness on issues in the organisation we are a part of and so on. If many developers, consumers and other stakeholders are keen on social and ecological values, businesses will adapt. On the positive side, it seems that social responsibility is becoming a more important topic to many companies at the moment. I believe often more policy is necessary, e.g. to foster fairer working conditions and payment for people in the global south. I think little things like supporting people, talking to colleagues about political issues, learning about ethics or working on improving diversity, are contributions that should be highly valued. Unfortunately a lot of this kind of work, especially care labour, is not paid.

Which guidance do we have to navigate professional decisions? Did you take specific decisions because of your values and social responsibility?
I think it is important as a developer to be aware of your responsibilities and educate yourself on how to deal with them. The social sciences, political science and philosophy or more specific the fields of social informatics and human computer interaction have a lot of knowledge on how to navigate when being faced with political decisions. I strongly suggest to read more literature from these fields.

I want my development to be human-centred. I think about for whom I create something, am I really inclusive, is it ethical or bad for others and how can I best include stakeholders in the decision processes. These question usually do not have a trivial answer and that is why it is important to give them attention.

I have not encountered a situation where I was asked to write a piece of code which I considered to be very unethical, but I am aware that I have made ethical decision myself when coding. In my Master's Thesis I use text mining methods to extract information from news articles. There are many parameters to tune and models to choose and depending on my choices the results will be different. It is my obligation to document this process very well. How I get results and how I present these results is very political. I suggest reading this article which critiques a study that claims to be able to identify sexual orientation through images given to a trained machine learning system.

How do you think about selecting industry, customer and project based on your values and social responsibility?
I think one definitely should take their values and the social responsibility of the company into account. I would not be willing to work for a arms manufacturing company. Thorough research is required here because some companies do not state directly that their work or research may have a secondary use in armed conflicts. I would not like to work at companies in the gambling business or with a focus on surveillance.

DiversityDo you have problems with any industries?
It depends on the context very much. I would not want to work for an animal factory but if there is not another option or the factory is somehow vital I would probably reconsider. I think I am not able to give a general answer here, but animal factory and weapon manufacturing are as close as it gets to a no for me. This includes companies like Thales or Glock.

Did you ever reject a customer based on your values?
I did not need to reject a project offer so far, but I have chosen consciously not to apply to certain companies. During my studies I have chosen my projects in a way I felt they could benefit society.

On the other hand, what would be projects that you would love to work on?
At the moment I consider to go into research and work on ethical and social implications of algorithmic systems. I think research in this area could be useful to society. The current trend is towards putting more decision making algorithms in our lives but when these are mostly developed by a homogeneous group with almost no education on ethical and political issues, this becomes a democratic problem on who gets to decide what the algorithms do or what their optimisation goals are. Big companies are looking into these topics, due to critique from the public. I like developing very much. Working on projects that support marginalised people in some way would be interesting, like working on accessibility, support for campaigns or apps against hate. Projects that are very interesting from a technological point of view would also be options for me.

Thank you Gabriel.

3 December 2017

PMD Check and Report in same build

lane one, lane twoI am working together with senior developer and (coding) architect Elisabeth Bl├╝melhuber to set up a full featured continuous delivery process for the team. The team's projects use Java and are built with Maven.

Using PMD for Static Code Analysis
After using Jenkins for some time to run the tests, package and deploy the products, it was time to make it even more useful: Add static code analysis. As a first step Elisabeth added a PMD report of a small set of important rules to the Maven parent of all projects. PMD creates a pmd.xml in the target folder which is picked up by Jenkins' PMD Plugin. Jenkins displays the found violations and tracks changes over time, showing a basic trend graph. (While SonarQube would be more powerful, we decided to stay with Jenkins because the team was already "listening" to it.)

Breaking the Build on Critical Violations
I like breaking the build on critical violations to ensure the developers' attention. It is vital, though, to achieve the acceptance of the team members when changing their development process. We thus started with a custom, minimal set of rules (in src/config/pmd_mandatory.xml) that would break the build. The smaller the initial rule set is the better. In the beginning of adding static code analysis to the build process, it is not about the code but getting the team aboard - we can always add more rules later. The first rule set might even contain a single rule, e.g. EmptyCatchBlock. Empty Catch blocks are a well known problem when analysing defects and usually developers agree with the severity of having them in the code and accept breaking the build for that. On the other hand, breaking the build on minor or formatting issues is not recommended in the beginning.

Here is the snippet of our pom.xml that breaks the build:
<build>
  ...
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-pmd-plugin</artifactId>
      <configuration>
        <failOnViolation>true</failOnViolation>
        <printFailingErrors>true</printFailingErrors>
        <rulesets>
          <ruleset>.../pmd_mandatory.xml</ruleset>
        </rulesets>
        ... other settings
      </configuration>
      <executions>
        <execution>
          <id>pmd-break</id>
          <phase>prepare-package</phase>
          <goals>
            <goal>check</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
  </plugins>
</build>
This is more or less taken directly from the PMD Plugin documentation. After running the tests, PMD checks the code.

Keeping a Report of Major Violations
We wanted to keep the report Elisabeth had established previously. We tried to add another <execution> element for that. As executions can have their own <configuration> we thought that this would work, but it did not. PMD just ignored the second configuration. (Maybe this is a general Maven issue. For example the Maven Failsafe Plugin is a copy of the Surefire plugin to allow both plugins to have different configurations.)

The PMD plugin offers a report for the Maven site which is configured independently. As a workaround for the above problem, we used the site report to check the rules listed in src/config/pmd_report.xml. The PMD report invocation created the needed target/pmd.xml as well as a readable target/site/pmd.html.
<reporting>
  <plugins>
    ... other plugins
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-pmd-plugin</artifactId>
      <configuration>
        <rulesets>
          <ruleset>.../pmd_report.xml</ruleset>
        </rulesets>
        ... other settings
      </configuration>
    </plugin>
  </plugins>
</reporting>
Skipping Maven Standard Reports
Unfortunately mvn site also created other reports which we did not need and which slowed down the build. Maven standard reports can be selected using the Maven Project Info Reports Plugin. It is possible to set its <reportSet> empty, not creating any reports:
<reporting>
  <plugins>
    ... other plugins
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-project-info-reports-plugin</artifactId>
      <version>2.9</version>
      <reportSets>
        <reportSet>
          <reports>
            <!-- empty - no reports -->
          </reports>
        </reportSet>
      </reportSets>
    </plugin>
  </plugins>
</reporting>
Now it did not create the standard reports. It only generated target/site/project-reports.html with a link to the pmd.html and no other HTML reports. Win.

Skipping CPD Report
By default, the PMD plugin invokes PMD and CPD. CPD is checking for duplicate code - and is very useful - but we did not want to use it right now. As I said before, we wanted to start small. All plugins have goals which are explained in the documentation. Obviously the Maven report invokes PMD plugin's goals pmd:pmd and pmd:cpd. How do we tell a report which goals to invoke? That was the hardest problem to solve because we could not find any documentation on that. It turned out that each reporting plugin can be configured with <reportSets> similar to the Maven Project Info Reports Plugin:
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-pmd-plugin</artifactId>
  <configuration>
    ... same as above
  </configuration>
  <reportSets>
    <reportSet>
      <reports>
        <report>pmd</report>
      </reports>
    </reportSet>
  </reportSets>
</plugin>
Putting Everything Together
We execute the build with
mvn clean verify site
If there is a violation of the mandatory rules, the build breaks and Maven stops. Otherwise site generates the PMD report. If there are no violations at all, Maven does not create a pmd.html. There is always a pmd.xml, so Jenkins is always happy.

(The complete project, ready to clone, is here.)