Friday, October 17th, 2014 03:53 pm
Neurosexism: Brains, Gender and Tech

Cordelia Fine sees myths dressed up as science propagating a dangerous new conventional wisdom about the limitations of girls and women in math and science.

In her book, “Delusions of Gender,” she calls much of popular gender-difference theories “neurosexism.” She notes that “the idea of hardwired sex differences is very confidently presented as ‘fact’ by many popular writers. Unfortunately, claims about [such] differences may be a particularly effective way of reinforcing the gender stereotypes that influence us in self-fulfilling ways.”
Wednesday, October 15th, 2014 04:24 pm

"Flaredown is a website and mobile app that makes it easy to visualize your health and your treatments. It's also the first community of patients gathering research-backed data to establish how well treatments work in the real world, and uncover the best new ones.

Flaredown is built by patients, for patients. It will be free, forever."
Tuesday, October 14th, 2014 05:38 pm

Hi all,

Today another SSL vulnerability was announced. This one is named POODLE and is, while serious, much less serious than the Heartbleed event from some months ago.

Unfortunately, the only real way to fix the problem is to disable something called "SSLv3" entirely. Basically, this means that we instruct our servers that they are no longer allowed to speak version 3 of the SSL protocol (you can think of it as a language -- we ban this language from our servers). It turns out this is generally OK since most browsers don't actually speak using SSLv3 these days -- you actually use what's called TLS, which is a more modern, better way of protecting the stuff you send across the Internet.

The SSLv3 protocol is actually around 15 years old at this point, and TLS has been out so long that nearly every browser out there supports it. However, shutting off SSLv3 does mean that very old browsers -- IE6, for one -- can no longer talk to Dreamwidth using encryption. In this case, since the encryption wouldn't actually mean anything, we think it's better to not even pretend that it works.

I will be making this change sometime in the next hour or three. This really should impact almost none of you, but there might be one or two and, in that case, I'm sorry. We think it's better to do this so you know you're not actually secure than to let Dreamwidth pretend to be secure.

Edit: This has been deployed. SSLv3 is disabled on Dreamwidth.

Comments and questions welcome, as always!