Seth Woolley's Website

Seth Woolley: Software Engineer, Election Activist

A Picture of Seth

Seth(8)

Name

Seth Alan Woolley

Synopsis

Seth is a senior software engineer and security/website consultant working out of Portland, Oregon. In his spare time, he works on progressive election reform, specifically campaign finance reform and democratic election systems.

Description

Seth works as a Senior Software Engineer for deCarta, a vendor of platform solutions for mapping technology and location-based services. He worked on the data team for data process automation, web development, and works on the core team for data compilation, read optimization technology, and embedded software for geocoding.

Seth is the Treasurer of the Portland Metro Chapter of the Pacific Green Party of Oregon where he concentrates on local election reform efforts in the Portland area and state-wide.

Seth ran for the Secretary of State of Oregon in the 2008 election. He was nominated by the Pacific Green Party of Oregon for the 2008 November General Election ballot, running against Kate Brown (D) and Rick Dancer (R). He received over fifty thousand votes. which is about three percent of the vote, the second highest (Jesse Johnson, for Governor of West Virginia was first) state-wide total of any United States Green Party candidate for State-wide office in an election with the two major parties for the 2008 election. To read about the 2008 campaign issues, go to his Seth4SOS Campaign Site.

Seth is also running for Secretary of State of Oregon in the 2012 election, seeking the nomination of the Pacific Green Party of Oregon to run against Kate Brown (presumptive D nominee) and Knute Bueller (presumptive R nominee). His new website and platform are in the works so watch for updates here for a new website. This time, Seth is taking contributions up to the low Measure 47 limits rather than refusing all donations to fund a much more active campaign.

Seth also volunteers time for Source Mage GNU/Linux, where he's contributed thousands of patches over five years and is an elected Elder. He held elected positions such as Security Team Leader and QA Team Leader in his years volunteering for Source Mage.

Seth's interests include Electoral Reform, Systems Theory, Evolutionary Theory, Artificial Intelligence, Automation, Decentralized Socialism, Sustainability, Green Politics, and Ethology.

References

Website Sections

Contact Seth

By E-mail
seth ta swoolley tod org (reverse and type each even word as a single character, removing spaces)
By Cell Phone / SMS
+1-503-953-3943
By Internet Relay Chat
server/channel: irc://irc.freenode.net/sourcemage; nick: swoolley

See Also

Free Software(8), Security Consulting(8), Website Consulting(8), Occupation(8), House(8), Politics(8), Mental Gymnastics(8), Physical Gymnastics(8), Colophon(8)

 Seth Woolley's Website        About Seth Woolley
Source Mage GNU/Linux logo

Free Software(8)

Source Mage GNU/Linux

Source Mage GNU/Linux is a source-based GNU/Linux distribution intended to maintain flexibility by offering users choice.

I've held various positions in Source Mage at one point or another from Quality Assurance and Security Teams Leader to Video and Graphics Guru. Currently, I am a General Lead with the title of "Wizard" in the Source Mage Council of Elders.

See the History of Submits (numbering in the thousands) to the Source Mage SCM since 2002-09-20. Perforce will probably be replaced with git as the SCM soon, but we're still hoping to retain all that history. When it comes up, I'll link to that.

Notable Contributions:

  • I ran and maintained the quality assurance and release engineering processes, utilizing automated testing and advanced features of bugzilla and source code managers. You can see a history of bug reports from my prometheus runs.
  • I did some 64-bit porting, for example, I ported gnu bc for 64-bit support and certainkey hashsum for 64-bit support (both written in C).
  • I was the lead designer and did the initial implementation of the cryptography code in Source Mage Sorcery's new source validation system with hashsum hash support, openssl hash support, and gpg hash support plus signature support for vendor-based as well as maintainer-based signatures.
  • I contributed heavily to the implementation of the current init system (in particular its parallel init support) based off of simpleinit.
  • I managed hundreds of security updates to the grimoire (package build scripts).
  • I host a Source Mage source mirror and was the DNS master for Source Mage, until we grew to afford our own servers (thanks to Jeremy Blosser).
  • I have been with Source Mage since the very early days as it matured from an experiment to a robust platform suitable for every day use.
  • Linux Weekly News published an article I wrote about Source Mage.

This Server runs Source Mage and a web server my brother wrote called woolweb. Sometimes I use thttpd instead, but I run his when he wants testing.

Almost all my work lately is going into Source Mage GNU/Linux, however, I do have some additional projects, below.

fsweblog

See my Web Log. I wrote the web logging software called fsweblog. I originally wrote it in 2003 as a proof of concept for how greymatter could be written securely. Now that SQL-based blogging tools have become the norm despite exploit after exploit, I'm maintaining it as a proof of concept for how a blog should be designed. Bloxsom is pretty close to what I want, but since I had already started writing mine, I think I'll stick to it.

a primitive referrer validator

My referrer validator outputs validated (non search engine) referrers in html and an index form. The script constantly changes so I can update search engines and tweak its validation routines. I run it every now and then and spot spam referrals that may have made it through. By checking the source website for an actual link-back (which is also proxyable if need-be, to hide the source of my request), it works quite well.

My entire site has integrated referral support, instead of the dreaded trackback and pingback schemes -- including my blog and manual page viewer. This also allows you to see relevent sites that discuss the manuals or my blog entries in more detail instead of my having to store information for them (the link aggregation power of referrals, if only done correctly, without doing pingbacks).

man.cgi

See my Man Page Viewer. Dynamic man-page generation. I wrote the perl to index and display man pages and their aliases. My manual page viewer has a few unique features:

  • It dynamically generates the content directly from the console-based man command, securely, while supporting on-disk caching.
  • An alias-aware index is automatically generated, suitable for automatic cross-linking of all the manuals.
  • Cross links pop over (in CSS-compliant browsers) when more than one manual or alias is available. URL linking is automatic, as well, even wrapped.
  • Title attributes are supported.
  • Keyword/apropos and section searches are supported.
  • Generates pure XHTML 1.1 from ANSI terminal escape codes preserving the exact appearance of a standard console.

See some example manuals:

  • intro 1 2 3 4 5 6 7 8, of course, the introductions to each section of the traditional unix manual.
  • sorcery Source Mage GNU/Linux Commands, the easiest package manager in the world.
  • select_tut(2) select() tutorial, a good example of aliases and many-to-one relationships and a complete tutorial.
  • perl perldoc man pages, an example of how thorough man pages can be.
  • all manual pages in html and all manual pages in text (be kind and patient as there are more than ten thousand pages).

sel.pl perl server

This is a perl, state-based, multi-protocol, multi-threaded, network-socket server.

It was a simple project to learn how to do sockets in perl. You can plug in special-purpose servers into it, it runs in a single process, and it's been useful for small projects I do now and then. I've been considering adding CGI to it to self-host this page, but I'd need to refactor it some amount.

D-Link DCS-900 IP Camera linux driver

I made a perl script to drive these cameras much better than the windows software. This can be used for a very cheap security camera solution, and the driver supports an arbitrary number of cameras. It also rotates space and adds time snapshot subtitles for more precision than a static framerate.

Simple Sudoku Solver

This sudoku solver doesn't do anything "fancy", but it does follow a few simple rules to do the brunt work on a sudoku puzzle. I haven't added trial-and-error solving to it, just basic first-level deductions, however, for all but the hardest puzzles this is sufficient.

Method Of Equal Proportions Perl Script

This is an implementation of the method of equal proportions I did as Elections Administrator of the Pacific Green Party of Oregon to apportion delegates to the national convention.

Miniature Bitmap font for X Windows (and Microsoft Windows)

I got tired of not having a font that was the perfect size for me to eyeball grep large log files and emails, so I made my own. I recently added a Microsoft Windows version to add to the existing X Windows version.

Dynamic Symbol Checker for Linux/ELF Files for Source Mage

This bash script uses Source Mage libraries to speed up library checking, not with plain ldd checks, but by actually attempting to resolve missing symbols (of course there are exceptions for callbacks, like kscreensaver, but if those are noted, a check like this can help spot ugly inconsistencies that only get found out, normally, by running every application.

Source Mage prelinking utility

This utility is now built into Source Mage's sorcery utility. It works with the package manager to handle elf prelinking and stripping to optimize binary link loading with in-situ, context-relevent link address mapping. Source-based distros tend to have a more difficult time with optimizations such as these, but my script is an attempt to work with the package manager instead of making it "outside" of package management.

jigl xhtml hack

I hacked jigl to be XHTML 1.1 compliant. I'm hoping upstream will take it in since I love the program but desire XHTML compliance

Example Free Software Security Bugs

2003-02-13
SixApart's Movable Type XSS (search for "Seth Woolley")
2003-04-09
PKS MIT's Public Key Server Off-by-one Error (changelog, commit)
2003-10-03
Cafelog's b2/WordPress SQL Injection (credit)
2003-11-21
Mozilla Parses Half-tags gullibly leading to XSS
2005-07-04
Kaf Osea Quick and Dirty PHP Source Code Printer Directory Traversal
2005-08-07
Wordpress Hashcash Logic Problems and Scriptability
2006-06-05
man-cgi Directory Traversal
2006-06-16
yolinux-hacked man2html Directory Traversal
2006-09-03
h2desk PMOS XSS in the Login Form Demo
 Seth Woolley's Website        About Seth Woolley

Security Consulting(8)

(non-NDA) Example Proprietary Security Bugs

In some cases, I haven't signed an NDA for security bugs found. In that case, I list some on my website here.

2003
Reported an SQL Injection vulnerability to the Salem-Kaiser School District regarding their online staff directory.
2004-05-22
Allegro RomPager/2.10 DoS exploit
2004-08-10
Found a major vulnerability leading to a root password to johnkerry.com's email server. The vendor was notified and the problem was fixed.
2005-02-15
Kayako eSupport XSS vuln
2006
I'm not allowed to confirm or deny it, but I did QA for Panasas, so draw your own conclusions.
2006-05-30
I spent an hour going over SiteSpaces.net and reported some vulns to the author. The link is one of them. (See also bug 89).
2006-07
ScanAlert tried to recruit me and I responded by pointing out the obvious with two XSS vulns on scanalert.com

Disclosure Policy

My disclosure policy is simple: notify the userbase as soon as possible. If I'm under an NDA, I will request the vendor sign a corresponding public disclosure agreement that any issues will be required to be made public on their own. This should not be an issue for any ethical vendor that hires any security auditing firm. Vendors who have no history of public disclosure, such as Kayako above, I am forced to release issues to the community so they can be educated. If I'm paid I don't mind not receiving public credit. If I'm not paid, I typically give myself credit during the public disclosure process.

Rates

Security Research and/or Penetration Testing

$300/hr or $1000 for disclosure of vulnerability info found.

 Seth Woolley's Website        About Seth Woolley

Website Consulting(8)

Services

I'm a GNU/linux, HPC/clustering, GIS/geospatial data expert. Follow the link to Seth Woolley's Resume to see if I'd fit what you need. At the moment, I'm mostly busy, so I only have time to do consulting on the side. Please understand that my current employer, deCarta, Inc. gets most of my time.

That being said, if I have an existing relationship with you or you have something that really does involve two out of three of what I mention above, there aren't many of me or people like me to go around, so I might make some time available on weekends. If you do have needs that aren't an exact fit for me, I'm well-connected with local consultants who would be happy to have more work. Sometimes, though, even they get backed up, so the seriousness of your needs and the availability of funds will probably be assessed before I suggest some of my associates, who aren't necessarily dirt-cheap. If you want that, find a local university computer science department and see if you can hire one on as an intern for school credit. If you don't mind remote help, I know people all over the world that can do remote work, but might be cheaper, although the way the dollar's being devalued, that probably won't stay for long.

Rates

Initial consultation and estimates are not billed. Rates are the same for on-site, remote, e-mail, and phone service and are billed in ten minute intervals. Rates are subject to change without notice before work is begun. Net is due after 30 days of invoice. Materials will be charged at-cost. Please keep good backups. No warranty for services is granted unless I determine something I did was a direct cause of the problem, and repair extends to no-charge for time fixing (better than most in the industry). No additional warranty on parts is granted because they are charged at-cost.

Regular Consultation Rate

$300.00/hr

If I used to work for you

$150.00/hr

 Seth Woolley's Website        About Seth Woolley

Occupation(8)

deCarta

I am a Senior Software Engineer at deCarta (formerly Telcontar), on the Core team's Portland Development Center with a primary emphasis on deCarta's Rich Map Format (topology and spatial database), Rich Map Engine (geometric and spatial algorithms), Uniform Data Model (spatial topology attribution modeling), and RMF for Embedded and Server Systems. At deCarta, I work, eat, and sleep Cartography. Three-time medalist (twice gold) in Washington State's Science Olympiad for Cartography when I was in Middle School, I've always been into Mapping. At deCarta I can merge my two loves: Maps and Software. It really is the perfect job for me.

Panasas

I was a Software Engineer at Panasas. I helped write the test harness, tools infrastructure, and libraries for automated testing their parallel filesystem product "panfs".

Broadway Medical Clinic

I was the Network Technician at Broadway Medical Clinic, LLP.

 Seth Woolley's Website        About Seth Woolley

House(8)

3403 NE Stanton St

My house is located at 45° 32' 37.5" N, 122° 37' 46" W.

I'm a bit of a public records nut, so if you really want to see the details, try 3403 NE Stanton St at PortlandMaps.com.

Improvements

  • added a natural rock retaining wall (thanks Wes Sixeas!)
  • trimmed and removed some overgrown bushes
  • added a garbage disposal (did that myself)
  • replaced the gutters
  • resealed the firebox
  • (almost) fixed an annoying water leak in the siding
  • repaired damage from above water leak in master bedroom
  • recrowned the furnace chimney
  • rebuilt the deck roofing
  • installed ground drainage
  • removed wallpaper and skim coated the master bedroom
  • replanted grass on all ground surfaces
  • replaced and re-sealed the garage roofing (did that myself with my step father in-law)
 Seth Woolley's Website        About Seth Woolley
Pacific Green Party of Oregon logo

Politics(8)

Description

I'm democratic, anarco-socialist libertarian, anti-fascist, green, pro-affirmative-action, pro-decentralization with allowable balanced-power centralization, pro-union, pro-living wage, anti-war but not pacifist, a local-independent business owner and supporter.

Green Party

Pacific Green Party of Oregon

Registered since 18 and since 27, Supporting Member; Former Parliamentarian, Elections Administrator, and State Secretary; Former Elected (and Re-elected) (and now Current and Re-elected) State Coordinating Committee Member, Pacific Green Party of Oregon

Green Party of California

Since 25, through 27, registered member of the California Green Party.

 Seth Woolley's Website        About Seth Woolley

Mental Gymnastics(8)

Linguistics

I created the word "vexel" on Fri Jun 27 07:50:26 2003 US/Central, post #532851 on nova-boards.com (then avon-boards.com, since defunct). vexels.net has given me the honor of the credit for it, which started with a couple posts I made which have been saved for posterity. Wikipedia has even picked up on vexels. DeviantArt even has a vexel category for it to separate it from vector art (it's under Digital Art). As of June 2007, there were 6200 DeviantArt Vexel entries and Vexels.net has 18200 entries (where likely most overlap). Langmaker has a vexel entry. There have been many attempts to further define or clarify "Vexel":

fdlinda
What is a Vexel? from Vexels.net (most often reposted)
swoolley
vectorstory.txt (first ever use of the term)
vexel vs vector (etymological clarification)
vexels - style or technique? (gradient clarification)
tautology
tautology.org (gradient clarification)
dangeruss
on deviantart.com (reposted on dangeruss.net)

Wikipedia

I am referenced in two articles: Teresa Keane as a member of her campaign committee and Vexel as coiner of the word.

Philosophy

logical positivism/empiricism

Science

Computer science, cartography, biology, artificial intelligence, sociobiology, ethology, political science, cognitive science, physics, acoustics

Religion

Nonreligious Agnostic Atheist (Secular Humanist)

Jesus is a myth. If you have a problem with that, take it up with Zeus, who's a myth, too.

 Seth Woolley's Website        About Seth Woolley

Physical Gymnastics(8)

Metrics

I'm 31 earth-years old, 1.85m, 95kg.

Bicycling

I have a 2006 Dahon Vitesse folding bicycle from Bay Area Bikes that I used for commuting to San Jose from Oakland, via Amtrak's Capitol Corridor. I put about two hundred miles a month on it. For some time after that I also lived next door to work, and used the bike for recreation. When I moved back to Portland, I used it for my 28 minute ride to and from work.

I leave my Dahon in San Jose now for when I visit HQ. I purchased for home a 2010 Kona Honky Inc and upgraded it to a triple-crank for weekend touring trips around Portland Metro. In 2011 I managed to do tours from Astoria and to Government Camp via US 26 and back (via Oregon Skyline Road (NF-42) and the Clackamas River Highway).

Scooter

I have a 2008 Kymco People 150 for cases where premium gasoline can get me there faster. I have a lot more miles on my bicycles though.

 Seth Woolley's Website        About Seth Woolley

Colophon(8)

Self-hosted Netblock

CIDR 65.102.46.16/29 is registered to my QWEST-SWOOLEY ARIN NetName

swoolley.org hostname allocation is as follows

65.102.46.16
network
65.102.46.17
mail
65.102.46.18
www
65.102.46.19
decartalaptop
65.102.46.20
davelaptop
65.102.46.21
rickielaptop
65.102.46.22
gateway
65.102.46.23
broadcast

Brilliant Buttons

http://swoolley.org runs or was created on the following platform:

  • AMD Opteron 64 242 Dual Processors
  • Tyan Tiger Motherboard
  • Source Mage Distribution
  • GNU Userland
  • Linux Kernel
  • Firefox Graphical Web Brower
  • w3m Text-based Web Brower
  • THTTPD HTTP Server
  • BIND DNS Server
  • openssh SSH Server
  • netkit bsd-finger Finger Server
  • NTP PSP NTP Server
  • Sendmail SMTP Server
  • mutt Mail User Agent
  • procmail Mail Delivery Agent
  • perl Scripting Language
  • VIM Text Editor
  • AFB Ad-Free Blog

Internet World Wide Web Consortium Standards

This website also validates to the following standards:

  • XHTML 1.1 W3C XHTML 1.1
  • CSS Level 3 W3C CSS Level 3
  • RSS 1.0 RSS 1.0 as W3C RDF 1.0
 Seth Woolley's Website                 About Seth Woolley