DSISD Mentorship

Our high school is reaching out for mentors. Cool. Any DSISD student is welcome to contact me for help with open source contribution and distributed work mentorship. At WordPress and Automattic, we’ve mentored many high school and college students, helping them ship features to a global audience of millions. Launching is a great feeling that every student should experience.

I’m @rboren on Twitter. DM is open to anyone. Other contact methods are here:


Or they can hit me up @ryan on the WordPress Slack instance, which is open to everyone, everywhere.


Automattic is a distributed company. We work all over the world and make many things. Our two biggest joints are WordPress and Calypso, both open source projects, both welcoming to student contributors.



We have a project-based hiring process.


We hire by audition, not resumes.


We communicate and collaborate exclusively online, with occasional meatspace meetups and Grand Meetups.



This is the future of work for many. Prepare students.


For more on how we do distributed work, project-based hiring, and inclusion.


Stop by a local WordCamp or Meetup for a taste of the culture.



Privacy and Passwords

K12 classrooms – and most families – have bad password practices. Passwords for Google Classroom accounts are often derived from usernames. That password is then reused when signing up for other online accounts. This violates three of the most important rules of protecting online privacy and identity. From Krebs on Security:

  • Do not use your network username as your password.
  • Avoid using the same password at multiple Web sites.
  • Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.

xkcd explains the dangers of password reuse.

“Password reuse is what really kills you,” says Diana Smetters, a software engineer at Google who works on authentication systems. “There is a very efficient economy for exchanging that information.”

Source: Kill the Password: A String of Characters Won’t Protect You | WIRED

According to security experts, today the industry is dealing with a password reuse crisis. In the past few weeks, account breaches have been reported by LinkedIn, Tumblr, VK.com, Fling and MySpace – bringing the total number of compromised accounts to more than 642 million.

“We know that attackers will go for the weakest link and that is any user who reuses their passwords. It’s a major problem,”

Source: No Simple Fix for Password Reuse

At most schools, student identities are protected by weak passwords trivially derived from usernames and reused everywhere. Once someone gets ahold of your email password, they can reset your passwords elsewhere and pwn your life. When you reuse passwords, a data leak on a forgotten site can be escalated into takeover of your email and your identity.

What to do? The Smart Girl’s Guide to Online Privacy by @violetblue is a great primer on privacy and passwords. Chapter 10, “I Hate Passwords”, is eleven pages of good advice on creating and managing passwords, from which I crib below.

TLDR: Use a password manager and never reuse passwords.

Good passwords

If you decide to use a password manager, these great little apps can generate really strong passwords for you whenever you need one. You can also use password generators on trusted websites, such as LastPass or Norton.

Follow these rules and you’ll get better passwords:

  • Make strong passwords that are at least 12 to 16 characters long.
  • Don’t use pet or family names.
  • Don’t use your address, Social Security number, birth date, or other personal information.
  • Never recycle or reuse a password— not even once.
  • Don’t let Chrome, Firefox, Safari, or any other browser save passwords for you.
  • Use password phrases (usually six or more words long) for the best security.
  • Include capital letters, numbers, and symbols if the app or site allows it.

Source: Smart Girl’s Guide to Online Privacy

But the best passwords are those generated by password managers.

Even better is to use random unmemorable alphanumeric passwords (with symbols, if the site will allow them), and a password manager like Password Safe to create and store them.

Source: Choosing Secure Passwords – Schneier on Security

Password managers

Password managers like LastPass and 1Password save all of your passwords safely in a vault and encrypt everything. That way, you have them all in one place, no one can accidentally discover them, and you can make really complicated passwords, because the manager will keep track of them (and remember them) for you. You use one master password to unlock the password manager, and it saves and encrypts your passwords either locally or on its site. Most of these applications also have crazy-awesome password creators that you can and should use to generate super-strong new passwords with one click— and the password app automatically saves them for you.

Source: Smart Girl’s Guide to Online Privacy

I use 1Password to generate passwords. You can adjust the password recipe to accommodate any site’s password rules. Here’s the recipe I usually use.

That’s 50 characters of random, which makes for a good password. Most sites will accept 50 characters, but there are still plenty out there that balk at passwords over 8, 10, 15, or 20 characters in length. Banks, unfortunately, are known for their short password limitations (and crufty password advice). I start at 50 and work my way down. “Complexity is nice, but length is key.” Go for long passwords.

When choosing a password manager, get one that runs on all of the devices you use. I’ve used 1Password for years. It offers iOS, Android, Windows, and Mac clients. It can sync your passwords between devices via iCloud or Dropbox. If you need to share passwords among family or team members, check out 1Password for Families or 1Password for Teams. My family uses 1Password for Families. In addition to personal vaults for everyone, we have a vault shared amongst the whole family for streaming video and audio accounts. My wife and I have a shared vault for bank, medical, insurance, and other household accounts. Having log in information for all joint accounts in a shared vault improves our family’s bus factor.

How passwords are stolen

Massive data breaches are not the only threat. Be wary of shoulder surfing and social engineering.

There are simpler ways to get your password though. One is shoulder surfing, where someone watches over your shoulder as you enter your password on your computer or phone while you’re logging in on the bus or plane or at a café. Social engineering is another way that you can have your passwords stolen. Basically, social engineering involves attempts to con you into telling someone your passwords. The person conning you might call you and pretend that they’re tech support for Gmail, telling you that you have email stuck somewhere and they need your password to log in and free it up. They might know the names of your friends or colleagues, as well as their phone numbers and email addresses— all of which they can find online via social media sites like LinkedIn, Facebook, Twitter, and people-search sites. Malicious people can also use information they find about you on Facebook and other sites to correctly guess the answers to password-reset questions.

Sharing passwords

Here’s one thing to know: if a teacher, boss, TSA agent, police officer, or anyone else tells you that you have to give them your password, you shouldn’t do it unless you know it’s against the law not to.

If you share an account with friends or family, do it the smart way. Don’t use a password that you use anywhere else. Treat the shared account like any account that can get attacked, but know that its security is weaker than that of an account that you have total control over because it has a shared password. Don’t connect that shared account to any other accounts; otherwise an attacker could use that connection to get into those accounts.

Ideally, when sharing passwords with family, use a password manager that accommodates shared vaults.

More reading

Neurodiversity Library

Steve Silberman discusses several of these in this interview at Five Books. See also his recommended reading list.

Follow the #ActuallyAutistic hashtag for perspective from actually autistic people. Note that identity-first language is generally preferred in this community.

CHAMPS and the Compliance Classroom

My stomach dropped when I saw CHAMPS at our elementary school. "Eyes front, knees front, closed mouth" leapt off the wall and rose from memory. I was in school in the 70s and 80s. Some teachers were really into table readiness and proper student posture, and some principals thought a paddle made them persuasive. Compliance was the soul of their pedagogy. Those are not fond memories. I was an undiagnosed autistic in a culture without the vocabulary to understand me or help me understand myself. But I understood authoritarians well enough. They are a straightforward grok.

I handled the thoughtless compliance better than many of my peers. I could disappear into myself and hide in almost still silence. The tugging of my hair betrayed my perpetual anxiety and my yearning to scratch my scalp. In the head beneath the scalp I wanted to scratch and the hair I wanted to pull, a young mind churned: Scratching is not conforming; I must not break the envelope and compromise table readiness; that will rouse them. Hide in compliance. Don't talk; don't move; align your body on the auditor at the front of the room. The safe places are your head, books, and libraries. The books are waiting on the other side of compliance.

I sometimes close my eyes to better parse the speech coming at me. I swim in sensory overwhelm. I must pick a firehose. Eyes front preserves the illusion of compliance, so I'll stop listening. I'm not interested anyway. The books are so much more. The books are waiting. The written word is where my soul abides. This place in which I layover is just where my body resides – an eyes front, knees front, raise your hand to piss layover that I secretly indict. I tell no one.

Within the constant overwhelm is a pilot flame of anxiety, burning always. Anxiety and overwhelm, the torrid pas de deux that belies the silent, almost still compliance. Their dance is steam and froth, resonance foam on the sensory ocean I swim beneath the almost stillness – still but for the tugging of my hair. Don't disallow me that, but some of them will. Fidgeting is a threat.

The memories subside, and I'm again staring at a wall in my son's school where the words "eyes front, knees front, closed mouth" hover over the teacher's pulpit. Through 30 odd years those words time travelled. The pedagogy is the same. Compliance still reigns. What we seek to depose with the voice, choice, and agency of project-based learning asserts its durable status quo. It enjoys a sinecure in its pickled culture. Oblivious to neurodiversity, oblivious to the software-eaten world coming for it, it endures in the false safety of trying nothing new. Safety for them, for now, but not for the neurodivergent they still don't understand.

Books that influenced my views on education and project-based learning

Rules of Thumb for Human Systems

Champion agency, transparency, and inclusion. Reject compliance & cronyism. Humanize flow in the systems we inhabit. Use these rules of thumb when building systems and culture:


Project-based Learning and School Culture

Change the culture and user experience of schools. Culture doesn’t come from a box. It’s not proprietary and rented from a corporation. Culture doesn’t have someone else’s trademark on it. Culture must be made from within with grassroots involvement.

Create a culture of neurodiverse teams of project-based learners using technology and design thinking to communicate, collaborate, iterate, and launch to authentic audiences of fellow humans. Tech won’t find its place in education until project-based inclusion replaces the lecture and deficit models.

Agile teams, distributed collaboration, and the hacker ethos of flexible improvisation and rapid iteration are powerful artifacts of the disruptive rise of software. They are life and industry changing. When informed with neurodiversity and the social model of disability in an open by default culture, they are a future for education and work where we collaborate and iterate our way through massive software-driven change. We will navigate disruption with compassion, finding opportunity and inspiration in the diversity of our shared humanity. We are humans making things for and with other humans, helping each other cope with sentience and senescence on our pale blue dot. Communicate, collaborate, iterate, launch. With these tools we’ll make it through.

There is thoughtlessness all around us, in all human systems. In this thoughtlessness is opportunity. Engage project-based learners in designing for real life. Start by designing a shared, grassroots culture together with students.

Culture can be the foundation for all future innovation, or it can be the single biggest resistance to innovation. Don’t fuck up culture.

A great fallacy born from the failure to study culture is the assumption that you can take a practice from one culture and simply jam it into another and expect similar results. Much of what bad managers do is assume their job is simply to find new things to jam and new places to jam them into, without ever believing they need to understand how the system—the system of people known as culture—works.

Source: Why Culture Always Wins

Culture always wins over tools and technologies, but most of the business world is tone deaf to understanding culture.

Source: FAQ about The Year Without Pants (with satisfying answers)