Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Barry MacKichan]

It is a major PITA. Certificates on affected servers (which include 
Amazon EC2 Linus servers) may have had their private keys exposed, so 
certificates have to be reissued with different keys. This is, 
apparently, a major bottleneck.


—Barry



On 9 Apr 2014, at 21:23, Owen Densmore wrote:


Worth knowing about:

http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/

Pretty serious crypto flaw.

[image: Inline image 1]
-- Owen

[image.png]

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Owen Densmore]

Hi Barry.  How would the private keys be exposed?  The pub/priv computation
is done locally, right?

BTW: All node servers are secure due to their ssl config turning off the
"heartbeat" option.  NodeWeekly:
Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed
Issue
 -- Popular Node versions aren't exposed to the Heartbleed
vulnerability
as
the heartbeat extension was turned off in a Node commit a year ago. Yay.
*GITHUB*

   -- Owen


On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan <
barry.mackic...@mackichan.com> wrote:

> It is a major PITA. Certificates on affected servers (which include Amazon
> EC2 Linus servers) may have had their private keys exposed, so certificates
> have to be reissued with different keys. This is, apparently, a major
> bottleneck.
>
> --Barry
>
>
>
>
> On 9 Apr 2014, at 21:23, Owen Densmore wrote:
>
>  Worth knowing about:
>>
>> http://www.washingtonpost.com/news/morning-mix/wp/2014/04/
>> 09/major-bug-called-heartbleed-exposes-data-across-the-internet/
>>
>> Pretty serious crypto flaw.
>>
>> [image: Inline image 1]
>> -- Owen
>>
>> [image.png]
>>
>> 
>> FRIAM Applied Complexity Group listserv
>> Meets Fridays 9a-11:30 at cafe at St. John's College
>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>>
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Owen Densmore]

Fairly useful scanner software created to test for vulnerability.
https://github.com/musalbas/heartbleed-masstest/blob/master/top1.txt

   -- Owen


On Thu, Apr 10, 2014 at 10:05 AM, Owen Densmore  wrote:

> Hi Barry.  How would the private keys be exposed?  The pub/priv
> computation is done locally, right?
>
> BTW: All node servers are secure due to their ssl config turning off the
> "heartbeat" option.  NodeWeekly:
>  Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed 
> Issue
>  -- Popular Node versions aren't exposed to the Heartbleed 
> vulnerability
>  as
> the heartbeat extension was turned off in a Node commit a year ago. Yay.
> *GITHUB*
>
>-- Owen
>
>
> On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan <
> barry.mackic...@mackichan.com> wrote:
>
>> It is a major PITA. Certificates on affected servers (which include
>> Amazon EC2 Linus servers) may have had their private keys exposed, so
>> certificates have to be reissued with different keys. This is, apparently,
>> a major bottleneck.
>>
>> --Barry
>>
>>
>>
>>
>> On 9 Apr 2014, at 21:23, Owen Densmore wrote:
>>
>>  Worth knowing about:
>>>
>>> http://www.washingtonpost.com/news/morning-mix/wp/2014/04/
>>> 09/major-bug-called-heartbleed-exposes-data-across-the-internet/
>>>
>>> Pretty serious crypto flaw.
>>>
>>> [image: Inline image 1]
>>> -- Owen
>>>
>>> [image.png]
>>>
>>> 
>>> FRIAM Applied Complexity Group listserv
>>> Meets Fridays 9a-11:30 at cafe at St. John's College
>>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>>>
>>
>> 
>> FRIAM Applied Complexity Group listserv
>> Meets Fridays 9a-11:30 at cafe at St. John's College
>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>>
>
>

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Steve Smith]

And some fundamental "truths" about information entropy are even being 
questioned:


   http://newsoffice.mit.edu/2013/encryption-is-less-secure-than-we-thought-0814

And a "new" method offered for generating keys which is reputed to not 
be vulnerable to brute-force attacks, based on coupled systems:


   http://journals.aps.org/prx/abstract/10.1103/PhysRevX.4.011026
   http://www.gizmag.com/human-biology-unbreakable-encryption/31504/
   https://www.schneier.com/blog/archives/2014/04/unbreakable_enc.html

It is a major PITA. Certificates on affected servers (which include 
Amazon EC2 Linus servers) may have had their private keys exposed, so 
certificates have to be reissued with different keys. This is, 
apparently, a major bottleneck.


—Barry



On 9 Apr 2014, at 21:23, Owen Densmore wrote:


Worth knowing about:

http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/ 



Pretty serious crypto flaw.

[image: Inline image 1]
-- Owen

[image.png]

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Joshua Thorp]

according to 
https://www.schneier.com/blog/archives/2014/04/heartbleed.html
http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat

apparently the bug gives access to 64K chunk of ram on the server.  The private 
key might be in that chunk,  but probably won’t be…  however you will get 
different chunks over time so if you wait long enough you might end up with a 
chunk that has a private key or someone’s password.

—joshua
 
On Apr 10, 2014, at 10:05 AM, Owen Densmore  wrote:

> Hi Barry.  How would the private keys be exposed?  The pub/priv computation 
> is done locally, right?
> 
> BTW: All node servers are secure due to their ssl config turning off the 
> "heartbeat" option.  NodeWeekly:
> Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed Issue — Popular Node 
> versions aren’t exposed to the Heartbleed vulnerability as the heartbeat 
> extension was turned off in a Node commit a year ago. Yay.
> GITHUB
> 
>-- Owen
> 
> 
> On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan 
>  wrote:
> It is a major PITA. Certificates on affected servers (which include Amazon 
> EC2 Linus servers) may have had their private keys exposed, so certificates 
> have to be reissued with different keys. This is, apparently, a major 
> bottleneck.
> 
> —Barry
> 
> 
> 
> 
> On 9 Apr 2014, at 21:23, Owen Densmore wrote:
> 
> Worth knowing about:
> 
> http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/
> 
> Pretty serious crypto flaw.
> 
> [image: Inline image 1]
> -- Owen
> 
> [image.png]
> 
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> 
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> 
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

[FRIAM] FYI. - The LastPass Blog: LastPass Now Checks If Your Sites Are Affected by Heartbleed

[Tom Johnson]

http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html?m=1

===
Tom Johnson - Inst. for Analytic Journalism
Santa Fe, NM
t...@jtjohnson.com.505-473-9646
===

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Barry MacKichan]

Yes. That is my understanding.
We could put our web store back on line with the old certificate, but it 
is theoretically possible* that someone has been able to find the 
private key. Right now, we are playing it safe. It it takes several days 
for our re-issued certificate to get signed, well...


—Barry

*But unlikely considering that any hackers have several million other 
honeypots to hack.



On 10 Apr 2014, at 10:20, Joshua Thorp wrote:


according to 
[https://www.schneier.com/blog/archives/2014/04/heartbleed.html](https://www.schneier.com/blog/archives/2014/04/heartbleed.html)
[http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat](http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat)


apparently the bug gives access to 64K chunk of ram on the server. 
 The private key might be in that chunk,  but probably won’t be… 
 however you will get different chunks over time so if you wait long 
enough you might end up with a chunk that has a private key or 
someone’s password.



—joshua
 

On Apr 10, 2014, at 10:05 AM, Owen Densmore 
<[o...@backspaces.net](mailto:o...@backspaces.net)> wrote:


Hi Barry.  How would the private keys be exposed?  The pub/priv 
computation is done locally, right?



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Barry MacKichan]

http://filippo.io/Heartbleed/ has been invaluable.

—Barry

Our vulnerable servers are all Linux Drupal machines on Amazon's EC2.

On 10 Apr 2014, at 10:12, Owen Densmore wrote:


Fairly useful scanner software created to test for vulnerability.
[https://github.com/musalbas/heartbleed-masstest/blob/master/top1.txt](https://github.com/musalbas/heartbleed-masstest/blob/master/top1.txt)



   -- Owen



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Barry MacKichan]

Of course, after our certificate is renewed, we will need to revoke our 
current certificate. See this link for some of the consequences of 
having millions of certificates revoked at the same time:


http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/?comments=1&post=26612193#comment-26612193

—Barry





FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Owen Densmore]

The follow-on links are pretty good too.

   -- Owen


On Thu, Apr 10, 2014 at 10:20 AM, Joshua Thorp wrote:

> according to
> https://www.schneier.com/blog/archives/2014/04/heartbleed.html
>
> http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat
>
> apparently the bug gives access to 64K chunk of ram on the server.  The
> private key might be in that chunk,  but probably won't be...  however you
> will get different chunks over time so if you wait long enough you might
> end up with a chunk that has a private key or someone's password.
>
> --joshua
>
> On Apr 10, 2014, at 10:05 AM, Owen Densmore  wrote:
>
> Hi Barry.  How would the private keys be exposed?  The pub/priv
> computation is done locally, right?
>
> BTW: All node servers are secure due to their ssl config turning off the
> "heartbeat" option.  NodeWeekly:
>  Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed 
> Issue
>  -- Popular Node versions aren't exposed to the Heartbleed 
> vulnerability
>  as
> the heartbeat extension was turned off in a Node commit a year ago. Yay.
> *GITHUB*
>
>-- Owen
>
>
> On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan <
> barry.mackic...@mackichan.com> wrote:
>
>> It is a major PITA. Certificates on affected servers (which include
>> Amazon EC2 Linus servers) may have had their private keys exposed, so
>> certificates have to be reissued with different keys. This is, apparently,
>> a major bottleneck.
>>
>> --Barry
>>
>>
>>
>>
>> On 9 Apr 2014, at 21:23, Owen Densmore wrote:
>>
>>  Worth knowing about:
>>>
>>> http://www.washingtonpost.com/news/morning-mix/wp/2014/04/
>>> 09/major-bug-called-heartbleed-exposes-data-across-the-internet/
>>>
>>> Pretty serious crypto flaw.
>>>
>>> [image: Inline image 1]
>>> -- Owen
>>>
>>> [image.png]
>>>
>>> 
>>> FRIAM Applied Complexity Group listserv
>>> Meets Fridays 9a-11:30 at cafe at St. John's College
>>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>>>
>>
>> 
>> FRIAM Applied Complexity Group listserv
>> Meets Fridays 9a-11:30 at cafe at St. John's College
>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>>
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>
>
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Gillian Densmore]

Is now a bad time to sugest this might be a 'internet wargames test'?



On Thu, Apr 10, 2014 at 10:47 AM, Owen Densmore  wrote:

> The follow-on links are pretty good too.
>
>-- Owen
>
>
> On Thu, Apr 10, 2014 at 10:20 AM, Joshua Thorp wrote:
>
>> according to
>> https://www.schneier.com/blog/archives/2014/04/heartbleed.html
>>
>> http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat
>>
>> apparently the bug gives access to 64K chunk of ram on the server.  The
>> private key might be in that chunk,  but probably won't be...  however you
>> will get different chunks over time so if you wait long enough you might
>> end up with a chunk that has a private key or someone's password.
>>
>> --joshua
>>
>> On Apr 10, 2014, at 10:05 AM, Owen Densmore  wrote:
>>
>> Hi Barry.  How would the private keys be exposed?  The pub/priv
>> computation is done locally, right?
>>
>> BTW: All node servers are secure due to their ssl config turning off the
>> "heartbeat" option.  NodeWeekly:
>>  Node 0.8.x and 0.10.2+ Not Vulnerable to Heartbleed 
>> Issue
>>  -- Popular Node versions aren't exposed to the Heartbleed 
>> vulnerability
>>  as
>> the heartbeat extension was turned off in a Node commit a year ago. Yay.
>> *GITHUB*
>>
>>-- Owen
>>
>>
>> On Thu, Apr 10, 2014 at 9:51 AM, Barry MacKichan <
>> barry.mackic...@mackichan.com> wrote:
>>
>>> It is a major PITA. Certificates on affected servers (which include
>>> Amazon EC2 Linus servers) may have had their private keys exposed, so
>>> certificates have to be reissued with different keys. This is, apparently,
>>> a major bottleneck.
>>>
>>> --Barry
>>>
>>>
>>>
>>>
>>> On 9 Apr 2014, at 21:23, Owen Densmore wrote:
>>>
>>>  Worth knowing about:

 http://www.washingtonpost.com/news/morning-mix/wp/2014/04/
 09/major-bug-called-heartbleed-exposes-data-across-the-internet/

 Pretty serious crypto flaw.

 [image: Inline image 1]
 -- Owen

 [image.png]

 
 FRIAM Applied Complexity Group listserv
 Meets Fridays 9a-11:30 at cafe at St. John's College
 to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

>>>
>>> 
>>> FRIAM Applied Complexity Group listserv
>>> Meets Fridays 9a-11:30 at cafe at St. John's College
>>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>>>
>>
>> 
>> FRIAM Applied Complexity Group listserv
>> Meets Fridays 9a-11:30 at cafe at St. John's College
>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>>
>>
>>
>> 
>> FRIAM Applied Complexity Group listserv
>> Meets Fridays 9a-11:30 at cafe at St. John's College
>> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>>
>
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Major bug called 'Heartbleed' exposes Internet data

[Marcus G. Daniels]

On Thu, 2014-04-10 at 10:20 -0600, Joshua Thorp wrote:
> according to 
> https://www.schneier.com/blog/archives/2014/04/heartbleed.html
> http://security.stackexchange.com/questions/55382/heartbleed-read-only-the-next-64k-and-hyping-the-threat
> 
> 
> apparently the bug gives access to 64K chunk of ram on the server.
>  The private key might be in that chunk,  but probably won’t be…
>  however you will get different chunks over time so if you wait long
> enough you might end up with a chunk that has a private key or
> someone’s password.
> 

Not just fraud or identity theft are risks, but lives could be at risk
too...

https://blog.torproject.org/




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

[FRIAM] Openness amplifies Inequality?

[Steve Smith]

This recent essay  by Astra 
Taylor, with an introduction written by Rebecca Solnit has a decidedly 
feminist perspective.  Given the huge asymmetry on our own (FRIAM) 
demographic, I thought this article might be interesting to some here.


She asserts that: “open” in no way means “equal.”  "While the Internet 
may create space for many voices, it also reflects and often amplifies 
real-world inequities in striking ways."



Astra makes direct reference to the power-law-distributed nature of web 
*traffic* with hubs and links which alludes to the general consequences 
of preferential attachment networks, and other similar systems known to 
yield power-law distributions (e.g. erosion channels, etc.).


Despite my own allergic response to strong rhetoric where the "white 
male" always plays the ultimate villain, I continue to be interested in 
the topic of gender/racial inequality as a practical matter (I have a 
wife, two daughters and a granddaughter, and my friends are as likely to 
be hispanic or native american as lily white).   In parallel, I am also 
interested in the analysis of social networks as dynamical systems, both 
in the activity registered on the network and in the formation and 
evolution *of* the network.


Astra's point that the internet "reflects and amplifies" real-world 
inequities was very poignant to me, and I think the core of the point.  
The digital communication network adjusts various constants regarding 
time, distance and cost-of-delivery in extreme ways, which in turn can 
make otherwise relatively *stable* systems relatively *unstable*, or at 
least out of the time-scales of the human moderators who might have been 
acting as dynamic balancing elements in the system.


It is not surprising that the WWW was often referred to as the Wild Wild 
Web in the early days because it did offer many of the same "freedoms" 
and "hazards" as the US western "frontier" of post Civil War expansion 
across the continent.


I'm not a fan of regulation for it's own sake, nor of quotas, nor 
censorship, or any of the other obvious "knee jerk" responses to some of 
the consequences of the inequities which I think I agree come with this 
kind of open-ness, but that is not to say that I like the inequities 
even if they are superficially in my favor.


I'm curious if others here have ideas, opinions or other references that 
discuss this progressively both as a social phenomenon and perhaps in 
the abstract as dynamic network form and function?


- Steve

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Marcus G. Daniels]

Astra Taylor writes:

``Those women who do fight their way into the industry often end up
leaving -- their attrition rate is 56%, or double that of men -- and
sexism is a big part of what pushes them out. “I no longer touch code
because I couldn't deal with the constant dismissing and undermining of
even my most basic work by the ‘brogramming’ gulag I worked for,” wrote
one woman in a roundup of answers to the question: Why there are so few
female engineers?''

Women form cliques too.  I'm all for prohibiting all of this (coalition
formation and politics) from the work place, but that's not likely to
happen.  Make it as taboo as sexual harassment.  Some people believe
that this is all part of what gives a team good morale and
communication.  I think that's nonsense.  A good team is made of people
that are engaged in the technical work, and not each other. 

My experience is that, in the world of software engineering, women are
often easier to work with then men.  Often they have better listening
skills and better impulse control -- and so there is less of the Not
Invented Here syndrome which plagues so many projects.  But only so many
`family oriented' people will work 12-16 hour days.

Marcus






FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Steve Smith]

Marcus -

Well observed, as usual.

You state:

"My experience is that, in the world of software engineering, women are
often easier to work with then men.  Often they have better listening
skills and better impulse control -- and so there is less of the Not
Invented Here syndrome which plagues so many projects.  But only so many
`family oriented' people will work 12-16 hour days."

When I entered the professional work world, women were already 
significantly represented at all levels of Systems/Software Engineering 
except maybe management.   During my mid career, many women entered 
middle and upper management.  In general I experienced the same things 
(better listening skills, impulse control, and other ego-barriers) 
compared to men, although, by that time I had mostly arranged to work 
with people (men and women) who had transcended most of that, at least 
in the context of my teams.


I found women as direct supervisors to be much easier to communicate 
with and negotiate the complexities of my own role as 
team/project/small-group leader/manager.  While they *could* make the 
"hard decisions", they did not seem to feel the need to prove it by 
making arbitrary "hard decisions" as some of my male supervisors seemed 
compelled to do.  Mine is a very small sample set in a very unique 
(National Laboratory) environment, so has little if any more than 
anecdotal value.



I'm not so sure about your specific statement:

"I think that's nonsense.  A good team is made of people
that are engaged in the technical work, and not each other."

I do agree that strong cliques may neither be sufficient nor necessary 
but anecdotally they do seem to provide some useful side-effects that 
support intra-team communication and cooperation.  More than anything, I 
find that a "healthy" team can help a new member find resonance with the 
teams values and habits (work ethic, quality work product, open 
communication, etc.) while an "unhealthy" one can undermine an 
individual's natural instincts or choices.


The teams that formed "by circumstance" were often the most effective 
and "healthy", the ones formed by "fiat" often never had a chance 
(remember the HS habit of making us work in "teams" where there was 
always at least  one slacker/bozo?).


In a larger pool of individuals with solid technical skills, a 
reasonable work ethic, and a modest sense of quality, I believe that, as 
I think you imply, teams can form as needed, independent of any specific 
"identity".   I have seen this in action and in at least one case, 
watched subteams form and morph effectively  and fluidly from that pool.


I'm not sure what that critical mass is, but it *was* one of the "holy 
grails" of SFX, to establish such a pool that could respond to 
opportunities quickly, effectively and fluidly.   Of course the work 
(and the ability to land it) was also required.  The paradox of chickens 
and eggs.


- Steve





Astra Taylor writes:

``Those women who do fight their way into the industry often end up
leaving -- their attrition rate is 56%, or double that of men -- and
sexism is a big part of what pushes them out. “I no longer touch code
because I couldn't deal with the constant dismissing and undermining of
even my most basic work by the ‘brogramming’ gulag I worked for,” wrote
one woman in a roundup of answers to the question: Why there are so few
female engineers?''

Women form cliques too.  I'm all for prohibiting all of this (coalition
formation and politics) from the work place, but that's not likely to
happen.  Make it as taboo as sexual harassment.  Some people believe
that this is all part of what gives a team good morale and
communication.  I think that's nonsense.  A good team is made of people
that are engaged in the technical work, and not each other.

My experience is that, in the world of software engineering, women are
often easier to work with then men.  Often they have better listening
skills and better impulse control -- and so there is less of the Not
Invented Here syndrome which plagues so many projects.  But only so many
`family oriented' people will work 12-16 hour days.

Marcus






FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com





FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Roger Critchlow]

So, what's the question here?

You think maybe that the predominance of straight white men in technology
is innately right?  That other genders and races aren't capable of doing
the job, so all those white male losers and assholes that we have to deal
with are objectively the best people for the jobs they hold?

Or are you thinking that maybe all those white male losers got their skills
and jobs through some sort of structural inequity that tilted the
competition in their favor?  That a kind of in-group altruism is operating
here, where white men give each other a pass while agreeing to allow the
jerks among them to beat up the women, persons of color, and non-normative
gender identities so those uppity not male, not white, not straight
competitors have to wade through piles of shit that straight white men
never meet?

If you grant that the competition has been tilted in the past and is still
tilted the present, by whatever mysterious mechanisms there might be that
help some while hindering others, then it's hard to argue that the same
mysterious mechanisms won't find their way into the future.

-- rec --



On Thu, Apr 10, 2014 at 12:38 PM, Marcus G. Daniels wrote:

> Astra Taylor writes:
>
> ``Those women who do fight their way into the industry often end up
> leaving -- their attrition rate is 56%, or double that of men -- and
> sexism is a big part of what pushes them out. “I no longer touch code
> because I couldn't deal with the constant dismissing and undermining of
> even my most basic work by the ‘brogramming’ gulag I worked for,” wrote
> one woman in a roundup of answers to the question: Why there are so few
> female engineers?''
>
> Women form cliques too.  I'm all for prohibiting all of this (coalition
> formation and politics) from the work place, but that's not likely to
> happen.  Make it as taboo as sexual harassment.  Some people believe
> that this is all part of what gives a team good morale and
> communication.  I think that's nonsense.  A good team is made of people
> that are engaged in the technical work, and not each other.
>
> My experience is that, in the world of software engineering, women are
> often easier to work with then men.  Often they have better listening
> skills and better impulse control -- and so there is less of the Not
> Invented Here syndrome which plagues so many projects.  But only so many
> `family oriented' people will work 12-16 hour days.
>
> Marcus
>
>
>
>
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Marcus G. Daniels]

Steve writes:

> More than anything, I 
> find that a "healthy" team can help a new member find resonance with the 
> teams values and habits (work ethic, quality work product, open 
> communication, etc.) while an "unhealthy" one can undermine an 
> individual's natural instincts or choices.

I argue that "team values" tend to be an unhealthy concept.  The team
has a goal, and that goal needs to be recognized and pursued -- a
contract or a milestone, etc.  Work toward the goal, don't take undue
advantage or put special burden of particular people to get it done.  
Putting aside fairness and responsibility issues, other values or
affinities (race, gender, recreational preferences) are things that just
distinctions that will create in-group and out-groups, and that (in my
opinion) does more harm that good.  

Doing this will increase diversity of the team, whereas playing the
blacker/whiter/americaner than thou card does the opposite.  What you do
is what should matter, not who you are.

Marcus



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Marcus G. Daniels]

On Thu, 2014-04-10 at 15:25 -0600, Roger Critchlow wrote:
> So, what's the question here?
[..]
> Or are you thinking that maybe all those white male losers got their
> skills and jobs through some sort of structural inequity that tilted
> the competition in their favor?

There's a third possibility, which is that while there is inequity, the
stereotypical silicon valley brogrammer is actually good at their jobs,
in spite of having this defect.  I would say it is (relative) privilege
that gave them the opportunity to develop the skills they have.  Mostly
what makes software engineers valuable is skill, judgment, and literacy,
and that mostly comes from lots of practice -- which is to say, starting
young.  Being especially intelligent helps, but I think does not fully
replace experience.  

> That a kind of in-group altruism is operating here, where white men
> give each other a pass while agreeing to allow the jerks among them to
> beat up the women, persons of color, and non-normative gender
> identities so those uppity not male, not white, not straight
> competitors have to wade through piles of shit that straight white men
> never meet?

So, if you buy the argument above, then a selection criteria for who to
put in your company is to select someone like yourself: Someone you
understand.  Not for altruistic reasons, but for selfish reasons.  While
perhaps egotistical, it would be a crude way to model how they would
work out.  Credentials like open source experience or education add to
that, but there to there is inequity inherent in those experiences too.
In contrast, doing something unfamiliar could seem riskier.  

Marcus




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Nick Thompson]

“But only so many family oriented' people will work 12-16 hour days.”

 

This would seem to be the key.  All the value-problems in our society would 
seem to be summarized in this one assertion.   If one grants that women are 
predisposed by physiology to be more tied to infants that men, and that infants 
become childen, and that a family is made up of infants and children and their 
parents, and perhaps grandparents, and that, therefore, on average, women are 
more likely to be family oriented then men, and that, on average, corporations 
don’t give a shit about the maintenance of families, THEN, on average, women 
will be paid less than men because, on average, women are less likely to put in 
16 hour days (working, or LOOKING like they are working) than men. So if a 
manager stereotypes candidates for a raise, he or she is less likely to EXPECT 
16 hour days from female employees than from male employees.  This is not to 
say that when women do escape the attractors of childbearing and nursing, they 
are probably better at putting in 16 hour days as men.   But if we are to get 
out of this mess, and if we believe families are important to human individual 
and collective well-being, we have to find a way to counter the perverse 
incentives that afflict corporate managers.  I think I might start by making it 
a crime to work more than 8 hours a day or to suborn the working of more than 8 
hours a day.  

 

See you all tomorrow, 

 

Nick

 





 

Nicholas S. Thompson

Emeritus Professor of Psychology and Biology

Clark University

  
http://home.earthlink.net/~nickthompson/naturaldesigns/

 

From: Friam [mailto:friam-boun...@redfish.com] On Behalf Of Roger Critchlow
Sent: Thursday, April 10, 2014 3:26 PM
To: The Friday Morning Applied Complexity Coffee Group
Subject: Re: [FRIAM] Openness amplifies Inequality?

 

So, what's the question here?

 

You think maybe that the predominance of straight white men in technology is 
innately right?  That other genders and races aren't capable of doing the job, 
so all those white male losers and assholes that we have to deal with are 
objectively the best people for the jobs they hold?

 

Or are you thinking that maybe all those white male losers got their skills and 
jobs through some sort of structural inequity that tilted the competition in 
their favor?  That a kind of in-group altruism is operating here, where white 
men give each other a pass while agreeing to allow the jerks among them to beat 
up the women, persons of color, and non-normative gender identities so those 
uppity not male, not white, not straight competitors have to wade through piles 
of shit that straight white men never meet?

 

If you grant that the competition has been tilted in the past and is still 
tilted the present, by whatever mysterious mechanisms there might be that help 
some while hindering others, then it's hard to argue that the same mysterious 
mechanisms won't find their way into the future.

 

-- rec --

 

 

On Thu, Apr 10, 2014 at 12:38 PM, Marcus G. Daniels mailto:mar...@snoutfarm.com> > wrote:

Astra Taylor writes:

``Those women who do fight their way into the industry often end up
leaving -- their attrition rate is 56%, or double that of men -- and
sexism is a big part of what pushes them out. “I no longer touch code
because I couldn't deal with the constant dismissing and undermining of
even my most basic work by the ‘brogramming’ gulag I worked for,” wrote
one woman in a roundup of answers to the question: Why there are so few
female engineers?''

Women form cliques too.  I'm all for prohibiting all of this (coalition
formation and politics) from the work place, but that's not likely to
happen.  Make it as taboo as sexual harassment.  Some people believe
that this is all part of what gives a team good morale and
communication.  I think that's nonsense.  A good team is made of people
that are engaged in the technical work, and not each other.

My experience is that, in the world of software engineering, women are
often easier to work with then men.  Often they have better listening
skills and better impulse control -- and so there is less of the Not
Invented Here syndrome which plagues so many projects.  But only so many
`family oriented' people will work 12-16 hour days.

Marcus






FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

 


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Steve Smith]

Roger -

So, what's the question here?


The original (implicit) question was *does* Openness amplify Inequality 
as a matter of course?


My elaborated question in light of both yours and Marcus' response is 
what the balance might be between:


1. A specific "conspiracy" by (straight?) white males to exclude all
   others from this profession (or access to any desirable resources?).
2. A less specific "conspiracy" by *any* dominant group to exclude all
   others from access to desirable resources.
3. A specific structural (in phase space) feature of this profession as
   a dynamic system which selects for homogeneity of membership and
   therefore access to certain desirable resources.
4. A general feature of a more general class of systems of which a
   profession such as this is likely to tend toward homogeneity.

Simply put, I think it may be a truism that "dominance begets dominance" 
rather than white-male-straightness is fundamentally hinky?


On the other hand, I think it *is* arguable that both maleness and 
straightness may select for specific behaviors (forms of 
aggression/competition?) that might actually aggravate/accelerate this 
dynamic at least in comparison to many (some average of) females and/or 
homosexual males.


I'm not as sure about whiteness (melanin content of skin?) though there 
may be a positive correlation between social groups which evolved in 
harsher climates with long periods of low productivity (winter) 
punctuated with shorter periods of high productivity and strategies for 
controlling the resulting resources effectively. This seems to be 
broadly correlated with the evolution of more northern peoples which 
seems also to select for lowered melanin in the skin.


I don't think it is unique to heterosexuals, nor men, nor white people 
to exhibit in-group altruism as you suggest or a familiarity-selfishness 
as Marcus riposted with.  I only question whether this is unique to the 
impugned group.   I make a weak argument above, I think that said group 
may be more capable or even inclined to such, but it doesn't seem to be 
a simple black and white matter.


That said, *as* a member of said group by circumstance, I *am* 
interested in understanding what kind of a system (social?) could be 
implemented/engaged-in which would not reinforce those qualities.   It 
is accepted that as a member of said group (in our culture) that I have 
benefited from all of this, and I think I can find  many ways in which I 
specifically *do*, although I can also find examples where I personally 
got the proverbial "short end" of this and that, so I am not without 
experience with "short ends", for whatever that is worth.


- Steve




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Marcus G. Daniels]

On Thu, 2014-04-10 at 16:22 -0600, Nick Thompson wrote:

> But if we are to get out of this mess, and if we believe families are
> important to human individual and collective well-being, we have to
> find a way to counter the perverse incentives that afflict corporate
> managers. 

IMO, lurking in their minds is:  What is this employee's absolute
priority?   Is it the bottom line of the company or is it taking their
kids to school and helping with their homework and building treehouses?
What will be the employee's top priority on a day to day basis?   If I
am cost constrained, who should I choose?  Who is loyal to me?  Who is
predictable and reliable?

Now it is possible that smarter or more productive employees can change
the rules of their priority list and still get more done than the person
putting in the hours, but I think that is the exception.

Marcus




FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] FYI. - The LastPass Blog: LastPass Now Checks If Your Sites Are Affected by Heartbleed

[Russell Standish]

On Thu, Apr 10, 2014 at 10:27:30AM -0600, Tom Johnson wrote:
> http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html?m=1

If your sites are what?

-- 


Prof Russell Standish  Phone 0425 253119 (mobile)
Principal, High Performance Coders
Visiting Professor of Mathematics  hpco...@hpcoders.com.au
University of New South Wales  http://www.hpcoders.com.au

 Latest project: The Amoeba's Secret 
 (http://www.hpcoders.com.au/AmoebasSecret.html)



FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Gary Schiltz]

On Apr 10, 2014, at 5:51 PM, Marcus G. Daniels  wrote:
> On Thu, 2014-04-10 at 16:22 -0600, Nick Thompson wrote:
> 
> IMO, lurking in their minds is:  What is this employee's absolute
> priority?   Is it the bottom line of the company or is it taking their
> kids to school and helping with their homework and building treehouses?
> What will be the employee's top priority on a day to day basis?   If I
> am cost constrained, who should I choose?  Who is loyal to me?  Who is
> predictable and reliable?

A very North American (and simply human, I suspect) perspective. I don’t have 
personal experience, but I believe the more “advanced” democracies of the world 
have recognized this tendency and legislated to regulate it. I do remember on 
one job where we worked in conjunction with folks in Germany, and I learned 
that employers were much more constrained in how many hours they were allowed 
to require. I’m uncertain as to what is the “best” balance between employers’  
and workers’ rights.

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Marcus G. Daniels]

On Thu, 2014-04-10 at 16:38 -0600, Steve Smith wrote:


> The original (implicit) question was *does* Openness amplify
> Inequality as a matter of course?

Reading over the essay again, all she seems to notice are abusive
misogynistic trolls.  I guess if they could be compartmentalized and
kept from seeing the evidence of each others fine work that would be
more like equality?  Can't we just promise to make examples out of a few
of them from time to time and call it good?  

I guess it depends whether you really care about norms in the larger
population, or whether you have the assumption that most of life (esp.
now) involves about filtering out the noise to find the signal, and that
it won't always be easy to find.  

The opportunities for working in tech are way, way better now than when
I was a kid.  Today a young person has at their disposal hundreds of
millions of lines of free source code to learn from, improve, and
exploit, and direct ways to engage with the companies that maintain that
code.  Yes, there are still big distinctions between the haves and the
have nots, but there are more ways to move up.  That's way more
interesting than worrying about the cretins that Ms. Taylor has
observed.  

Marcus







FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] FYI. - The LastPass Blog: LastPass Now Checks If Your Sites Are Affected by Heartbleed

[Tom Johnson]

"LastPass Now Checks If Your Sites Are Affected by Heartbleed"

-tj


==
Tom Johnson
Institute for Analytic Journalism -- Santa Fe, NM USA
505.577.6482(c)  505.473.9646(h)
Twitter: jtjohnson
slideshare.net/jtjohnson/presentations
 http://www.jtjohnson.com  t...@jtjohnson.com
==


On Thu, Apr 10, 2014 at 5:14 PM, Russell Standish wrote:

> On Thu, Apr 10, 2014 at 10:27:30AM -0600, Tom Johnson wrote:
> >
> http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html?m=1
>
> If your sites are what?
>
> --
>
>
> 
> Prof Russell Standish  Phone 0425 253119 (mobile)
> Principal, High Performance Coders
> Visiting Professor of Mathematics  hpco...@hpcoders.com.au
> University of New South Wales  http://www.hpcoders.com.au
>
>  Latest project: The Amoeba's Secret
>  (http://www.hpcoders.com.au/AmoebasSecret.html)
>
> 
>
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Merle Lefkoff]

In Iceland woman make more than men (working part-time);  the gap is only
2.5% in Slovenia.  Women are not equally represented in some of the highest
paying professions, which accounts for much of the difference

Women lost their equal work status 10,000 years ago when the plow was
invented.  This is a complicated issue.  It will take time.

I'm sure you guys can figure it out.


On Thu, Apr 10, 2014 at 5:09 PM, Gary Schiltz wrote:

> On Apr 10, 2014, at 5:51 PM, Marcus G. Daniels 
> wrote:
> > On Thu, 2014-04-10 at 16:22 -0600, Nick Thompson wrote:
> >
> > IMO, lurking in their minds is:  What is this employee's absolute
> > priority?   Is it the bottom line of the company or is it taking their
> > kids to school and helping with their homework and building treehouses?
> > What will be the employee's top priority on a day to day basis?   If I
> > am cost constrained, who should I choose?  Who is loyal to me?  Who is
> > predictable and reliable?
>
> A very North American (and simply human, I suspect) perspective. I don’t
> have personal experience, but I believe the more “advanced” democracies of
> the world have recognized this tendency and legislated to regulate it. I do
> remember on one job where we worked in conjunction with folks in Germany,
> and I learned that employers were much more constrained in how many hours
> they were allowed to require. I’m uncertain as to what is the “best”
> balance between employers’  and workers’ rights.
> 
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
>



-- 
Merle Lefkoff, Ph.D.
President, Center for Emergent Diplomacy
Santa Fe, New Mexico, USA
me...@emergentdiplomacy.org
mobile:  (303) 859-5609
skype:  merlelefkoff

FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Re: [FRIAM] Openness amplifies Inequality?

[Steve Smith]

  
  
On 4/10/14 10:47 PM, Merle Lefkoff
  wrote:

  

  Women lost their equal work status 10,000 years ago when the
  plow was invented.  This is a complicated issue.  It will take
  time.

  

I actually own a primitive plow (more appropriately known as an Ard)
which my wife and I used in our garden for a (very) short time.  
Despite my wife being no slouch physically, mentally nor
emotionally, it *always* worked better when I was harnessed up to
pull the ard and she managed the guiding of the path and depth of
the (wooden) share rather than vice-versa.  If we were being paid
for this work according to it's utility it would be a very low rate
and I think her task would be more valuable since in principle I
could (and should) be replaced by a stronger and more tireless
beast.


 
  


FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com