Seth Woolley's Website

Seth Woolley: Software Engineer, Green Election Activist

A Picture of Seth



Seth Alan Woolley


Seth is a software engineer and consultant in security and spatial databases working out of Portland, Oregon with almost three decades of experience.


Seth works as a Senior Software Engineer for Uber, which acquired his previous employer, deCarta, Inc., a vendor of platform solutions for mapping technology and location-based services. Seth's software speciality is natural turn-by-turn navigation systems for humans. Typically such projects are written in Java, C/C++, and Perl, though he is not shy with other languages. Seth is a full-stack engineer working on spatial ETL processes; data analysis, compilation, indexing, and querying; server and client APIs; and mobile interfaces (especially Android).

In his spare time, Seth is a Green Party activist focused on progressive election reform. His focus areas are campaign finance reform, democratic election systems, ethics reform, transportation policy, and environmental pollution. His organizational specialty is the coordination of direct outreach campaigns and public education efforts through the collation and analysis of public records and public databases, specifically environmental quality or permit data and campaign finance data.

Seth has testified in court as an expert witness on and serves on a legislative task force analyzing campaign finance issues. Seth publishes public record data on polluters for Portland Clean Air and hosts the site and publication archive for Redwood Nation Earth First!. He currently serves on the boards of the Portland Green Party and the Pacific Green Party of Oregon. In 2008 and 2012, he served as the Pacific Green nominee for Oregon Secretary of State. In 2012, Seth spearheaded a successful ballot access law suit and a successful ballot access registration drive for the Pacific Green Party to keep the party qualified for the Oregon ballot. In 2008 and 2014, Seth helped lead two campaigns against top two ballot measures (65 and 90) in Oregon, leading to 2 to 1 landslides against them. In 2013 and 2014, Seth did campaign finance opposition research and Internet ads for the successful landslide victories for a GMO cultivation ban in Jackson County, Oregon and a referendum overturning Portland's council vote to fluoridate the purest water supply in the country.

Seth also volunteers time for Source Mage GNU/Linux, where he's contributed thousands of patches over many years and is an elected Elder. He held elected positions such as Security Team Leader and QA Team Leader in his years volunteering for Source Mage.

Contact Information


See Also

Free Software(8), Security Consulting(8), Website Consulting(8), Occupation(8), House(8), Indoors(8), Outdoors(8), Colophon(8), Seth(8)

 Seth Woolley's Website        About Seth Woolley
Source Mage GNU/Linux logo

Free Software(8)

Source Mage GNU/Linux

Source Mage GNU/Linux is a source-based GNU/Linux distribution intended to maintain flexibility by offering users choice.

I've held various positions in Source Mage at one point or another from Quality Assurance and Security Teams Leader to Video and Graphics Guru. Currently, I am a General Lead with the title of "Wizard" in the Source Mage Council of Elders.

Notable Contributions:

  • I ran and maintained the quality assurance and release engineering processes, utilizing automated testing and advanced features of bugzilla and source code managers. You can see a history of bug reports from my prometheus runs.
  • I did some 64-bit porting, for example, I ported gnu bc for 64-bit support and certainkey hashsum for 64-bit support (both written in C).
  • I was the lead designer and did the initial implementation of the cryptography code in Source Mage Sorcery's new source validation system with hashsum hash support, openssl hash support, and gpg hash support plus signature support for vendor-based as well as maintainer-based signatures.
  • I contributed heavily to the implementation of the current init system (in particular its parallel init support) based off of simpleinit.
  • I managed hundreds of security updates to the grimoire (package build scripts).
  • I host a Source Mage source mirror and was the DNS master for Source Mage, until we grew to afford our own servers (thanks to Jeremy Blosser).
  • I have been with Source Mage since the very early days as it matured from an experiment to a robust platform suitable for every day use.
  • Linux Weekly News published an article I wrote about Source Mage.

This Server runs Source Mage and thttpd.

My most recent past work went into Source Mage GNU/Linux, however, I do have some additional projects, below.


See my Web Log. I wrote the web logging software called fsweblog. I originally wrote it in 2003 as a proof of concept for how greymatter could be written securely. Now that SQL-based blogging tools have become the norm despite exploit after exploit, I'm maintaining it as a proof of concept for how a blog should be designed. Bloxsom is pretty close to what I want, but since I had already started writing mine, I think I'll stick to it.

a primitive referrer validator

My referrer validator outputs validated (non search engine) referrers in html and an index form. The script constantly changes so I can update search engines and tweak its validation routines. I run it every now and then and spot spam referrals that may have made it through. By checking the source website for an actual link-back (which is also proxyable if need-be, to hide the source of my request), it works quite well.

My entire site has integrated referral support, instead of the dreaded trackback and pingback schemes -- including my blog and manual page viewer. This also allows you to see relevent sites that discuss the manuals or my blog entries in more detail instead of my having to store information for them (the link aggregation power of referrals, if only done correctly, without doing pingbacks).


See my Man Page Viewer. Dynamic man-page generation. I wrote the perl to index and display man pages and their aliases. My manual page viewer has a few unique features:

  • It dynamically generates the content directly from the console-based man command, securely, while supporting on-disk caching.
  • An alias-aware index is automatically generated, suitable for automatic cross-linking of all the manuals.
  • Cross links pop over (in CSS-compliant browsers) when more than one manual or alias is available. URL linking is automatic, as well, even wrapped.
  • Title attributes are supported.
  • Keyword/apropos and section searches are supported.
  • Generates pure XHTML 1.1 from ANSI terminal escape codes preserving the exact appearance of a standard console.

See some example manuals:

  • intro 1 2 3 4 5 6 7 8, of course, the introductions to each section of the traditional unix manual.
  • sorcery Source Mage GNU/Linux Commands, the easiest package manager in the world.
  • select_tut(2) select() tutorial, a good example of aliases and many-to-one relationships and a complete tutorial.
  • perl perldoc man pages, an example of how thorough man pages can be.
  • all manual pages in html and all manual pages in text (be kind and patient as there are more than ten thousand pages). perl server

This is a perl, state-based, multi-protocol, multi-threaded, network-socket server.

It was a simple project to learn how to do sockets in perl. You can plug in special-purpose servers into it, it runs in a single process, and it's been useful for small projects I do now and then. I've been considering adding CGI to it to self-host this page, but I'd need to refactor it some amount.

D-Link DCS-900 IP Camera linux driver

I made a perl script to drive these cameras much better than the windows software. This can be used for a very cheap security camera solution, and the driver supports an arbitrary number of cameras. It also rotates space and adds time snapshot subtitles for more precision than a static framerate.

Simple Sudoku Solver

This sudoku solver doesn't do anything "fancy", but it does follow a few simple rules to do the brunt work on a sudoku puzzle. I haven't added trial-and-error solving to it, just basic first-level deductions, however, for all but the hardest puzzles this is sufficient.

Method Of Equal Proportions Perl Script

This is an implementation of the method of equal proportions I did as Elections Administrator of the Pacific Green Party of Oregon to apportion delegates to the national convention.

Miniature Bitmap font for X Windows (and Microsoft Windows)

I got tired of not having a font that was the perfect size for me to eyeball grep large log files and emails, so I made my own. I recently added a Microsoft Windows version to add to the existing X Windows version.

Dynamic Symbol Checker for Linux/ELF Files for Source Mage

This bash script uses Source Mage libraries to speed up library checking, not with plain ldd checks, but by actually attempting to resolve missing symbols (of course there are exceptions for callbacks, like kscreensaver, but if those are noted, a check like this can help spot ugly inconsistencies that only get found out, normally, by running every application.

Source Mage prelinking utility

This utility is now built into Source Mage's sorcery utility. It works with the package manager to handle elf prelinking and stripping to optimize binary link loading with in-situ, context-relevent link address mapping. Source-based distros tend to have a more difficult time with optimizations such as these, but my script is an attempt to work with the package manager instead of making it "outside" of package management.

jigl xhtml hack

I hacked jigl to be XHTML 1.1 compliant. I'm hoping upstream will take it in since I love the program but desire XHTML compliance

Example Free Software Security Bugs

SixApart's Movable Type XSS (search for "Seth Woolley")
PKS MIT's Public Key Server Off-by-one Error (changelog, commit)
Cafelog's b2/WordPress SQL Injection (credit)
Mozilla Parses Half-tags gullibly leading to XSS
Kaf Osea Quick and Dirty PHP Source Code Printer Directory Traversal
Wordpress Hashcash Logic Problems and Scriptability
man-cgi Directory Traversal
yolinux-hacked man2html Directory Traversal
h2desk PMOS XSS in the Login Form Demo
 Seth Woolley's Website        About Seth Woolley

Security Consulting(8)

(non-NDA) Example Proprietary Security Bugs

In some cases, I haven't signed an NDA for security bugs found. In that case, I list some on my website here.

Reported an SQL Injection vulnerability to the Salem-Kaiser School District regarding their online staff directory.
Allegro RomPager/2.10 DoS exploit
Found a major vulnerability leading to a root password to's email server. The vendor was notified and the problem was fixed.
Kayako eSupport XSS vuln
I spent an hour going over and reported some vulns to the author. The link is one of them. (See also bug 89).
ScanAlert tried to recruit me and I responded by pointing out the obvious with two XSS vulns on

Disclosure Policy

My disclosure policy is simple: notify the userbase as soon as possible. If I'm under an NDA, I will request the vendor sign a corresponding public disclosure agreement that any issues will be required to be made public on their own. This should not be an issue for any ethical vendor that hires any security auditing firm. Vendors who have no history of public disclosure, such as Kayako above, I am forced to release issues to the community so they can be educated. If I'm paid I don't mind not receiving public credit. If I'm not paid, I typically give myself credit during the public disclosure process.


Security Research and/or Penetration Testing

$300/hr or $1000 for disclosure of vulnerability info found.

 Seth Woolley's Website        About Seth Woolley



I'm a GNU/linux, HPC/clustering, GIS/geospatial data expert. Follow the link to Seth Woolley's Resume to see if I'd fit what you need. At the moment, I'm mostly busy, so I only have time to do consulting on the side. Please understand that my current employer, Uber Technologies, Inc. gets almost all of my time.


Initial consultation and estimates are not billed. Rates are the same for on-site, remote, e-mail, and phone service and are billed in ten minute intervals. Rates are subject to change without notice before work is begun. Net is due after 30 days of invoice. Materials will be charged at-cost. Please keep good backups. No warranty for services is granted unless I determine something I did was a direct cause of the problem, and repair extends to no-charge for time fixing (better than most in the industry). No additional warranty on parts is granted because they are charged at-cost.

Consultation Rate


 Seth Woolley's Website        About Seth Woolley



See Seth Woolley's Resume for details.


Uber acquired deCarta, and I do basically the same stuff there, mostly focused on turn-by-turn navigation.


I was a Senior Software Engineer at deCarta (formerly Telcontar), on the Core team's Portland Development Center with a primary emphasis on deCarta's Rich Map Format (topology and spatial database), Rich Map Engine (geometric and spatial algorithms), Uniform Data Model (spatial topology attribution modeling), and RMF for Embedded and Server Systems. At deCarta, I work, eat, and sleep Cartography. Three-time medalist (twice gold) in Washington State's Science Olympiad for Cartography when I was in Middle School, I've always been into Mapping. At deCarta I can merge my two loves: Maps and Software. It really is the perfect job for me.


I was a Software Engineer at Panasas. I helped write the test harness, tools infrastructure, and libraries for automated testing their parallel filesystem product "panfs".

 Seth Woolley's Website        About Seth Woolley


3403 NE Stanton St

My house is located at 45° 32' 37.5" N, 122° 37' 46" W.

I'm a bit of a public records nut, so if you really want to see the details, try 3403 NE Stanton St at

For current valuation, see 3403 NE Stanton St at Zillow.


  • added a natural rock retaining wall (thanks Wes Sixeas!)
  • trimmed and removed some overgrown bushes
  • added a garbage disposal (did that myself)
  • replaced the gutters
  • resealed the firebox
  • (almost) fixed an annoying water leak in the siding
  • repaired damage from above water leak in master bedroom
  • recrowned the furnace chimney
  • rebuilt the deck roofing
  • installed ground drainage
  • removed wallpaper and skim coated the master bedroom
  • replanted grass on all ground surfaces
  • replaced and re-sealed the garage roofing
  • installed a gas insert fireplace
  • replaced the foundation
  • added two bathrooms, in the attic room and in the basement
  • insulated the entire house with spray-foam insulation
  • finished the basement and laundry room
  • upgraded the furnace to a split-zone air-soruce heat pump
  • upgraded the water heater to a tankless condensing gas water heater
  • upgraded all electrical to code and grounded, 20-amp circuits
  • installed a 19 inch rack in the basement with battery backups
  • ran 600 feet of 3/4 inch conduit for cat-6a ethernet pulls
  • installed gigabit fiber
 Seth Woolley's Website        About Seth Woolley



Computer science, cartography, biology, artificial intelligence, sociobiology, ethology, political science, cognitive science, physics, acoustics

I've filed patent claims regarding turn-by-turn navigation.


I'm a logical empiricist that places empiricism as the only dogma, a slight improvement upon logical positivism that avoids the two dogmas criticism. Logic is founded in empiricism and can only be supported by direct empirical observations supporting the correctness of each meta-assertion about logic.


Nonreligious Agnostic Atheist with a Secular Humanist arc

Jesus is a myth. If you have a problem with that, take it up with Zeus, who's a myth, too. The academic work of Richard Carrier is so far quite clear on this historical fact. ( For a good summary: )


I created the word "vexel" on Fri Jun 27 07:50:26 2003 US/Central, post #532851 on (then, since defunct). has given me the honor of the credit for it, which started with a couple posts I made which have been saved for posterity. Wikipedia has even picked up on vexels. DeviantArt even has a vexel category for it to separate it from vector art (it's under Digital Art). As of June 2007, there were 6200 DeviantArt Vexel entries and has 18200 entries (where likely most overlap). Langmaker has a vexel entry. There have been many attempts to further define or clarify "Vexel":

What is a Vexel? from (most often reposted)
vectorstory.txt (first ever use of the term)
vexel vs vector (etymological clarification)
vexels - style or technique? (gradient clarification)
 Seth Woolley's Website        About Seth Woolley



I'm 35 earth-years old, 1.86m, 93kg.


In 2015, I had custom-built a Seven Touring Bicycle through River City Bicycles. It's titanium with couplers and custom racks. It has electronic XTR shifters with holes for internal routing, plus bosses for both Rohloff internal hub shifters and mechanical shifters. It has rocker dropouts, a belt drive stay break, and custom, asymmetric handlebars to match a childhood injury that altered the growth of my right arm (1cm difference). It uses disc brakes and a steel fork. I internally wire antenna and usb power cabling to the rear of the bike for rear lights and a titanium 2 meter antenna (144.39mhz for APRS) On this bike I've ridden 400 miles of the Montana Great Divide Mountain Bike Trail, from Eureka to Butte. I currently use 50mm Schwalbe Marathon Supremes inflated to about 2 bar. I also have their 50mm studded Marathon Winter tires and 42mm Marathon Plus Tours. It has a Schmidt dynamo and centerlock discs, 160mm in diameter, on front and rear, with Ice Technology heat dissipation fins for long mountain descents.

In 2010 I picked up a Kona Honky Inc and upgraded it to a triple-crank for weekend touring trips around Portland Metro. In 2011 I managed to do tours from Astoria and to Government Camp via US 26 and back (via Oregon Skyline Road (NF-42) and the Clackamas River Highway). By 2012 I had done a 1500 mile tour of Oregon in one month. I continued to do long tours, including in 2014 a 700 mile tour from Portland to San Francisco in two weeks.

I had a 2006 Dahon Vitesse folding bicycle from Bay Area Bikes that I used for commuting to San Jose from Oakland, via Amtrak's Capitol Corridor. I put about two hundred miles a month on it. For some time after that I also lived next door to work, and used the bike for recreation. Then I moved back to Portland.

I left my Dahon in San Jose for when I visited deCarta HQ. Then one day in California I crashed it and bent the frame, which being aluminum, is unrecoverable, so I recycled it.


I have a 2008 Kymco People 150 for cases where premium gasoline can get me there faster. I have a lot more miles on my bicycles though.

 Seth Woolley's Website        About Seth Woolley



The website style is inspired by and based upon the Unix manual page style as output by the 'man' command and 'troff'-like interpreters on unix-like operating systems. See the Manual for Man for an example. The use of the third person mirrors the descriptive style of each utility. In the Unix philosophy it's better to make small utilities be specialized and interoperate together through pipes and inter-process communication rather than to make single, large, monolithic, complex programs. In that spirit, Seth specializes and works well in teams and with other services.

Self-hosted Netblock

CIDR hostname allocation is as follows

Brilliant Buttons

Why 80x15 web badges? Because 2006 was a fun year in web design. runs or was created on the following platform:

  • Source Mage Distribution
  • GNU Userland
  • Linux Kernel
  • Firefox Graphical Web Brower
  • w3m Text-based Web Brower
  • THTTPD HTTP Server
  • BIND DNS Server
  • openssh SSH Server
  • netkit bsd-finger Finger Server
  • NTP PSP NTP Server
  • Sendmail SMTP Server
  • mutt Mail User Agent
  • procmail Mail Delivery Agent
  • perl Scripting Language
  • VIM Text Editor
  • AFB Ad-Free Blog

Internet World Wide Web Consortium Standards

This website also validates to the following standards:

  • XHTML 1.1 W3C XHTML 1.1
  • CSS Level 3 W3C CSS Level 3
  • RSS 1.0 RSS 1.0 as W3C RDF 1.0
 Seth Woolley's Website                 About Seth Woolley