Seth Woolley's Website

Seth(8)

Name

Seth Alan Woolley

Synopsis

Seth is a software engineer and consultant in security and spatial databases working out of Portland, Oregon with three decades of experience.

Description

Seth is working as a Senior Software Developer for StormQuant, Inc., which is a doppler radar services provider. StormQuant is building a proprietary X-Band dual-polarimetric doppler radar mesh network. The technology is ultralight, efficient, high power, solid-state, field-swappable, remotely monitored/managed/upgraded, globally-synchronized-and-oscillated, and software-defined and -analyzed using a combination of an FPGA, GPUs, and CPUs. Output is compatible with standardized radar formats and accessible via scalable Internet APIs.

Seth worked as a Senior Software Engineer II for Uber, which acquired his previous employer, deCarta, Inc., a vendor of platform solutions for mapping technology and location-based services. Seth's software speciality was natural turn-by-turn navigation systems for humans. Typically such projects are written in Java and C/C++, though he is not shy with other languages. Seth was a full-stack engineer working on spatial ETL processes; data analysis, compilation, indexing, and querying; server and client APIs; and mobile interfaces (especially Android).

In his spare time, Seth is a Green Party activist focused on progressive election reform. His focus areas are campaign finance reform, democratic election systems, ethics reform, transportation policy, and environmental pollution. His organizational specialty is the coordination of direct outreach campaigns and public education efforts through the collation and analysis of public records and public databases, specifically environmental quality or permit data and campaign finance data.

Seth has testified in court as an expert witness on and served on a legislative task force analyzing campaign finance issues. Seth publishes public record data on polluters for Portland Clean Air and hosts the site and publication archive for Redwood Nation Earth First!. He currently serves on the board of the Portland Green Party and is State Secretary of the Pacific Green Party of Oregon, a position he has volunteered for, on and off, for many years. In 2008 and 2012, he served as the Pacific Green nominee for Oregon Secretary of State supporting universal voter registration (successfully), opposing linear rights for LNG export terminals on the State Land Board, supporting turning the State Forests into protected forests with a carbon tax, supporting pro-initiative direct democracy, supporting holistic performance auditing, and supporting better public records access and public auditability. In 2012, Seth spearheaded a successful ballot access law suit and a successful ballot access registration drive for the Pacific Green Party to keep the party qualified for the Oregon ballot. In 2008 and 2014, Seth helped lead two campaigns against top two ballot measures (65 and 90) in Oregon, leading to 2 to 1 landslides against them. In 2013, 2014, and 2016, Seth did campaign finance opposition research and/or Internet ads for the successful landslide victories for a GMO cultivation ban in Jackson County, Oregon, a referendum overturning Portland's council vote to fluoridate the purest water supply in the country, and an anti-Nestle ballot measure in Hood River County, Oregon.

Seth is a strong supporter of universal health care, vaccination programs, the efficient, democratic allocation of the electromagnetic spectrum, and scientific research in general, especially evidence-based, precautionary approaches to health and environmental protection. Seth opposes nuclear power commercialization, though he supports continued nuclear research programs, including fusion and fundamental research in physics, chemistry, and biology. Seth opposes water fluoridation and prefers fluoride toothpaste programs (topical, not systemic fluoridation). Seth supports government regulation, generally, as control on negative externalities in a mixed economic system with a strong social safety net. Seth supports decentralization and decriminalization with safety regulation and taxation in public health policy efforts. Seth supports democratic controls on harmful cultivation practices, such as terminator genes and roundup-ready herbicidal programs and favors organic agricultural practices. Seth supports sustainable harvesting practices, the management of wildlife and protection for endangered species, and restrictions and controls against invasive species.

Seth also volunteers time for Source Mage GNU/Linux, where he's contributed thousands of patches over many years and is an elected Elder. He held elected positions such as Security Team Leader and QA Team Leader in his years volunteering for Source Mage.

Contact Information

Seth's Address for Emailing
+1 (503) 953-3943 for Telephone/SMS
45.5438, -122.6295 for Mailing/Delivery
KF7IOR Amateur License (plus GMRS licensed) (on APRS 144.39Mhz and 146.52Mhz, 5W)
Iridium Network using deLorme Inreach Explorer
Libera nick swoolley for Internet Relay Chat
By Internet names and addresses:
- [2602:cf:e01f:7e00:2bc1:7eb6:2355:a5072]/64 via IPv6
- 207.224.31.113/28 via IPv4
- swoolley.org for DNS
- s6y.us for short DNS

References

Seth's Resume

Free Software(8)

Source Mage GNU/Linux

Source Mage GNU/Linux is a source-based GNU/Linux distribution intended to maintain flexibility by offering users choice.

I've held various positions in Source Mage at one point or another from Quality Assurance and Security Teams Leader to Video and Graphics Guru. Currently, I am a General Lead with the title of "Wizard" in the Source Mage Council of Elders.

Notable Contributions:

I ran and maintained the quality assurance and release engineering processes, utilizing automated testing and advanced features of bugzilla and source code managers. You can see a history of bug reports from my prometheus runs.
I did some 64-bit porting, for example, I ported gnu bc for 64-bit support and certainkey hashsum for 64-bit support (both written in C).
I was the lead designer and did the initial implementation of the cryptography code in Source Mage Sorcery's new source validation system with hashsum hash support, openssl hash support, and gpg hash support plus signature support for vendor-based as well as maintainer-based signatures.
I contributed heavily to the implementation of the current init system (in particular its parallel init support) based off of simpleinit.
I managed hundreds of security updates to the grimoire (package build scripts).
I host a Source Mage source mirror and was the DNS master for Source Mage, until we grew to afford our own servers (thanks to Jeremy Blosser).
I have been with Source Mage since the very early days as it matured from an experiment to a robust platform suitable for every day use.
Linux Weekly News published an article I wrote about Source Mage.

This Server runs Source Mage and thttpd.

My most recent past work went into Source Mage GNU/Linux, however, I do have some additional projects, below.

fsweblog

See my Web Log. I wrote the web logging software called fsweblog. I originally wrote it in 2003 as a proof of concept for how greymatter could be written securely. Now that SQL-based blogging tools have become the norm despite exploit after exploit, I'm maintaining it as a proof of concept for how a blog should be designed. Bloxsom is pretty close to what I want, but since I had already started writing mine, I think I'll stick to it.

a primitive referrer validator

My referrer validator outputs validated (non search engine) referrers in html and an index form. The script constantly changes so I can update search engines and tweak its validation routines. I run it every now and then and spot spam referrals that may have made it through. By checking the source website for an actual link-back (which is also proxyable if need-be, to hide the source of my request), it works quite well.

My entire site has integrated referral support, instead of the dreaded trackback and pingback schemes -- including my blog and manual page viewer. This also allows you to see relevent sites that discuss the manuals or my blog entries in more detail instead of my having to store information for them (the link aggregation power of referrals, if only done correctly, without doing pingbacks).

man.cgi

See my Man Page Viewer. Dynamic man-page generation. I wrote the perl to index and display man pages and their aliases. My manual page viewer has a few unique features:

It dynamically generates the content directly from the console-based man command, securely, while supporting on-disk caching.
An alias-aware index is automatically generated, suitable for automatic cross-linking of all the manuals.
Cross links pop over (in CSS-compliant browsers) when more than one manual or alias is available. URL linking is automatic, as well, even wrapped.
Title attributes are supported.
Keyword/apropos and section searches are supported.
Generates pure XHTML 1.1 from ANSI terminal escape codes preserving the exact appearance of a standard console.

See some example manuals:

intro 1 2 3 4 5 6 7 8, of course, the introductions to each section of the traditional unix manual.
sorcery Source Mage GNU/Linux Commands, the easiest package manager in the world.
select_tut(2) select() tutorial, a good example of aliases and many-to-one relationships and a complete tutorial.
perl perldoc man pages, an example of how thorough man pages can be.
all manual pages in html and all manual pages in text (be kind and patient as there are more than ten thousand pages).

sel.pl perl server

This is a perl, state-based, multi-protocol, multi-threaded, network-socket server.

It was a simple project to learn how to do sockets in perl. You can plug in special-purpose servers into it, it runs in a single process, and it's been useful for small projects I do now and then. I've been considering adding CGI to it to self-host this page, but I'd need to refactor it some amount.

D-Link DCS-900 IP Camera linux driver

I made a perl script to drive these cameras much better than the windows software. This can be used for a very cheap security camera solution, and the driver supports an arbitrary number of cameras. It also rotates space and adds time snapshot subtitles for more precision than a static framerate.

Simple Sudoku Solver

This sudoku solver doesn't do anything "fancy", but it does follow a few simple rules to do the brunt work on a sudoku puzzle. I haven't added trial-and-error solving to it, just basic first-level deductions, however, for all but the hardest puzzles this is sufficient.

Method Of Equal Proportions Perl Script

This is an implementation of the method of equal proportions I did as Elections Administrator of the Pacific Green Party of Oregon to apportion delegates to the national convention.

Miniature Bitmap font for X Windows (and Microsoft Windows)

I got tired of not having a font that was the perfect size for me to eyeball grep large log files and emails, so I made my own. I recently added a Microsoft Windows version to add to the existing X Windows version.

Dynamic Symbol Checker for Linux/ELF Files for Source Mage

This bash script uses Source Mage libraries to speed up library checking, not with plain ldd checks, but by actually attempting to resolve missing symbols (of course there are exceptions for callbacks, like kscreensaver, but if those are noted, a check like this can help spot ugly inconsistencies that only get found out, normally, by running every application.

Source Mage prelinking utility

This utility is now built into Source Mage's sorcery utility. It works with the package manager to handle elf prelinking and stripping to optimize binary link loading with in-situ, context-relevent link address mapping. Source-based distros tend to have a more difficult time with optimizations such as these, but my script is an attempt to work with the package manager instead of making it "outside" of package management.

jigl xhtml hack

I hacked jigl to be XHTML 1.1 compliant. I'm hoping upstream will take it in since I love the program but desire XHTML compliance

Example Free Software Security Bugs

2003-02-13: SixApart's Movable Type XSS (search for "Seth Woolley")
2003-04-09: PKS MIT's Public Key Server Off-by-one Error (changelog, commit)
2003-10-03: Cafelog's b2/WordPress SQL Injection (credit)
2003-11-21: Mozilla Parses Half-tags gullibly leading to XSS
2005-07-04: Kaf Osea Quick and Dirty PHP Source Code Printer Directory Traversal
2005-08-07: Wordpress Hashcash Logic Problems and Scriptability
2006-06-05: man-cgi Directory Traversal
2006-06-16: yolinux-hacked man2html Directory Traversal
2006-09-03: h2desk PMOS XSS in the Login Form Demo

Seth Woolley's Website Free Software About Seth Woolley

Security Consulting(8)

Oregon Certified Locksmith

I'm a Certified Locksmith in the State of Oregon, but I don't have a contractor license and bond, so I cannot offer paid hardware lock services at this time. My focus is software and network security, which I can be paid for.

(non-NDA) Example Proprietary Security Bugs

In some cases, I haven't signed an NDA for security bugs found. In that case, I list some on my website here.

2003: Reported an SQL Injection vulnerability to the Salem-Kaiser School District regarding their online staff directory.
2004-05-22: Allegro RomPager/2.10 DoS exploit
2004-08-10: Found a major vulnerability leading to a root password to johnkerry.com's email server. The vendor was notified and the problem was fixed.
2005-02-15: Kayako eSupport XSS vuln
2006-05-30: I spent an hour going over SiteSpaces.net and reported some vulns to the author. The link is one of them. (See also bug 89).
2006-07: ScanAlert tried to recruit me and I responded by pointing out the obvious with two XSS vulns on scanalert.com

Disclosure Policy

My disclosure policy is simple: notify the userbase as soon as possible. If I'm under an NDA, I will request the vendor sign a corresponding public disclosure agreement that any issues will be required to be made public on their own. This should not be an issue for any ethical vendor that hires any security auditing firm. Vendors who have no history of public disclosure, such as Kayako above, I am forced to release issues to the community so they can be educated. If I'm paid I don't mind not receiving public credit. If I'm not paid, I typically give myself credit during the public disclosure process.

Rates

Security Research and/or Penetration Testing

$400/hr or $1500 for disclosure of vulnerability info found.

Seth Woolley's Website Security Consulting About Seth Woolley

Consulting(8)

Services

I'm a GNU/linux, HPC/clustering, GIS/geospatial data expert. Follow the link to Seth Woolley's Resume to see if I'd fit what you need. At the moment, I'm mostly busy, so I only have time to do consulting on the side. Please understand that my current employer, StormQuant, Inc. gets almost all of my time.

Rates

Initial consultation and estimates are not billed. Rates are the same for on-site, remote, e-mail, and phone service and are billed in ten minute intervals. Rates are subject to change without notice before work is begun. Net is due after 30 days of invoice. Materials will be charged at-cost. Please keep good backups. No warranty for services is granted unless I determine something I did was a direct cause of the problem, and repair extends to no-charge for time fixing (better than most in the industry). No additional warranty on parts is granted because they are charged at-cost.

Consultation Rate

/

$400.00/hr

Seth Woolley's Website Website Consulting About Seth Woolley

Occupation(8)

Resume

See Seth Woolley's Resume for details.

StormQuant

I am part of the Software team at doppler radar company StormQuant.

Uber

Uber acquired deCarta, and I do basically the same stuff there, mostly focused on turn-by-turn navigation.

deCarta

I was a Senior Software Engineer at deCarta (formerly Telcontar), on the Core team's Portland Development Center with a primary emphasis on deCarta's Rich Map Format (topology and spatial database), Rich Map Engine (geometric and spatial algorithms), Uniform Data Model (spatial topology attribution modeling), and RMF for Embedded and Server Systems. At deCarta, I work, eat, and sleep Cartography. Three-time medalist (twice gold) in Washington State's Science Olympiad for Cartography when I was in Middle School, I've always been into Mapping. At deCarta I can merge my two loves: Maps and Software. It really is the perfect job for me.

Panasas

I was a Software Engineer at Panasas. I helped write the test harness, tools infrastructure, and libraries for automated testing their parallel filesystem product "panfs".

Seth Woolley's Website Occupation About Seth Woolley

House(8)

3403 NE Stanton St

My house is located at 45° 32' 37.5" N, 122° 37' 46" W.

I'm a bit of a public records nut, so if you really want to see the details, try 3403 NE Stanton St at PortlandMaps.com.

For current valuation, see 3403 NE Stanton St at Zillow.

Improvements

added a natural rock retaining wall (thanks Wes Sixeas!)
trimmed and removed some overgrown bushes
added a garbage disposal (did that myself)
replaced the gutters
resealed the firebox
(almost) fixed an annoying water leak in the siding
repaired damage from above water leak in master bedroom
recrowned the furnace chimney
rebuilt the deck roofing
installed ground drainage
removed wallpaper and skim coated the master bedroom
replanted grass on all ground surfaces
replaced and re-sealed the garage roofing
installed a gas insert fireplace
replaced the foundation
added two bathrooms, in the attic room and in the basement
insulated the entire house with spray-foam insulation
finished the basement and laundry room
upgraded the furnace to a split-zone air-soruce heat pump
upgraded the water heater to a tankless condensing gas water heater
upgraded all electrical to code and grounded, 20-amp circuits
installed a 19 inch rack in the basement with battery backups
ran 600 feet of 3/4 inch conduit for cat-6a ethernet pulls
installed gigabit fiber
insulated and rewired garage for electronics shop
hardened all locks

Seth Woolley's Website House About Seth Woolley

Indoors(8)

Science

Computer science, cartography, biology, artificial intelligence, sociobiology, ethology, political science, cognitive science, physics, acoustics

I've filed patent claims regarding turn-by-turn navigation.

Epistemology

I'm a logical empiricist that places empiricism as the only dogma, a slight improvement upon logical positivism that avoids the two dogmas criticism. Logic is founded in empiricism and can only be supported by direct empirical observations supporting the correctness of each meta-assertion about logic.

Religion

Nonreligious Agnostic Atheist with a Secular Humanist arc

Jesus is a myth. If you have a problem with that, take it up with Zeus, who's a myth, too. The academic work of Richard Carrier is so far quite clear on this historical fact. ( For a good summary: https://www.youtube.com/watch?v=WUYRoYl7i6U )

Linguistics

I created the word "vexel" on Fri Jun 27 07:50:26 2003 US/Central, post #532851 on nova-boards.com (then avon-boards.com, since defunct). vexels.net has given me the honor of the credit for it, which started with a couple posts I made which have been saved for posterity. Wikipedia has even picked up on vexels. DeviantArt even has a vexel category for it to separate it from vector art (it's under Digital Art). As of June 2007, there were 6200 DeviantArt Vexel entries and Vexels.net has 18200 entries (where likely most overlap). Langmaker has a vexel entry. There have been many attempts to further define or clarify "Vexel":

fdlinda: What is a Vexel? from Vexels.net (most often reposted)
swoolley: vectorstory.txt (first ever use of the term); vexel vs vector (etymological clarification); vexels - style or technique? (gradient clarification)

Seth Woolley's Website Mental Gymnastics About Seth Woolley

Outdoors(8)

Metrics

age: 38 earth-years
height: 187 cm
mass: 80.0 kg
threshold power: 264 watts
watts/kg FTP: 3.3
heart rates
: resting: 47 bpm; aerobic threshold: 169 bpm; maximum: 191 bpm
vo2max: 42 ml/kg/min
base metabolism
: 2259 Calories/day

Bicycling

In 2015, I had custom-built a Seven Touring Bicycle through River City Bicycles. It's titanium with couplers and custom racks. It has electronic XTR shifters with holes for internal routing, plus bosses for both Rohloff internal hub shifters and mechanical shifters. It has rocker dropouts, a belt drive stay break, and custom, asymmetric handlebars to match a childhood injury that altered the growth of my right arm (1cm difference). It uses disc brakes and a steel fork. I internally wire antenna and usb power cabling to the rear of the bike for rear lights and a titanium 2 meter antenna (144.39mhz for APRS) On this bike I've ridden 400 miles of the Montana Great Divide Mountain Bike Trail, from Eureka to Butte. I currently use 50mm Schwalbe Marathon Supremes inflated to about 2 bar. I also have their 50mm studded Marathon Winter tires and 42mm Marathon Plus Tours. It has a Schmidt dynamo and centerlock discs, 160mm in diameter, on front and rear, with Ice Technology heat dissipation fins for long mountain descents. I recently added 57mm Marathon Plus MTB tires and an extrawheel trailer with the same tire, for very heavy loads, about 100lbs extra on each tire, since 132kg are able to be loaded on each tire now.

In 2010 I picked up a Kona Honky Inc and upgraded it to a triple-crank for weekend touring trips around Portland Metro. In 2011 I managed to do tours from Astoria and to Government Camp via US 26 and back (via Oregon Skyline Road (NF-42) and the Clackamas River Highway). By 2012 I had done a 1500 mile tour of Oregon in one month. I continued to do long tours, including in 2014 a 700 mile tour from Portland to San Francisco in two weeks.

I had a 2006 Dahon Vitesse folding bicycle from Bay Area Bikes that I used for commuting to San Jose from Oakland, via Amtrak's Capitol Corridor. I put about two hundred miles a month on it. For some time after that I also lived next door to work, and used the bike for recreation. Then I moved back to Portland.

I left my Dahon in San Jose for when I visited deCarta HQ. Then one day in California I crashed it and bent the frame, which being aluminum, is unrecoverable, so I recycled it.

Scooter

I have a 2008 Kymco People 150 for cases where premium gasoline can get me there faster. I have a lot more miles on my bicycles though.

Seth Woolley's Website Physical Gymnastics About Seth Woolley

Colophon(8)

Inspiration

The website style is inspired by and based upon the Unix manual page style as output by the 'man' command and 'troff'-like interpreters on unix-like operating systems. See the Manual for Man for an example. The use of the third person mirrors the descriptive style of each utility. In the Unix philosophy it's better to make small utilities be specialized and interoperate together through pipes and inter-process communication rather than to make single, large, monolithic, complex programs. In that spirit, Seth specializes and works well in teams and with other services.