Pie Palace

I’ve been poking at XMLRésumé for the past little while. It seems like a nice idea: a markup language for resumes, with handy little features like being able to mask off portions of experience depending on who the resume is targetted at. As someone who wants to stay relatively anonymous as he posts to this site, I was quite taken by that feature. Until I realized that I’d have to be digging deeply into XSLT to do it.

So I’m going to go back to straight HTML. Probably with a little XSLT for anonymization so I can post it here.

In case anyone else is interested in mucking around the software, I’ve copied all of the Jar files I needed to get the crufty little device to run. You can grab ‘em here.

I’ve finally run across a (cheap) bike seat that looks like it may comfortable. Maybe I will be cycling at Burning Man this year…

Doesn’t it seem odd that Justice Rothstein is being questioned by a parliamentry committee? He’s the sole nominee to the position, and the committee that’s questioning him cannot make any recommendations. It’s kind of like asking your a child where they want to eat dinner, as you pull into the Denny’s parking lot; and then plugging your ears.

Having said that, I do like the idea of public review of judicial nominees. It’d just be nice if the reviewers were, I don’t know, knowledgeable about law (ie, a jurist); and there was the possibility of choosing someone who isn’t pre-selected by a politician.

I try to stay away from posts that are entirely self-absorbed, but I’ve been having a great time snowboarding this year, so I’m going to devote some of your precious time, dear reader, to learning about it.

Snowboarding isn’t as hard as it looks. If you make the clueful choice properly configuring your board before learning. I didn’t. Five years ago, I listened to some guy in the rental shop at Mt. Ste Marie tell me, in no uncertain terms, that I’m goofy. Goofy is an adjective describing a snowboarder that rides with their right foot pointing forward. Maybe he just meant that I’m silly or ridiculous. Either way, I spent the last four years riding right-foot-first. And sucking.

This year, I decided that even if I am goofy, I couldn’t be much worse riding regular. I switched my bindings around and haven’t touched a slope goofy since. I’m already better riding regular now, than I was riding goofy at the end of last season. Lesson learned.

I also discovered that the tip if the board should be longer than the tail of the board. Whups. After fixing that little mistake, my nose is 23 inches, and my tail is 17. That 5 inch difference makes turning so much easier. Before I felt that I had to crank my rear leg to get any kind of turn. With a stubby little tail, I feel like I can corner on a dime.

As a reward for reading this far, here’s a link to some really bad poems by snowboarders.

BoingBoing has an entry pointing to Family Watchdog. Family Watchdog is a mapping service that shows the home addresses of convicted sex offenders in the US, with their mug shot, and the nature of their crime. Part of me says “bravo! Parents have the right to protect their kids!”, but another part of me is deeply creeped out.

As far as I can tell, the justification for publishing this information is that sex offenders are very likely to reoffend, and vulnerable groups (namely kids) must be protected. Okay, I can handle that. But this kind of listing seems like it would have a whole raft of unintended consequences:

• Mistaken identity leads to haressment of innocent people. This has already happened in at least one case in the US, where a woman put a sign on her neighbour’s lawn stating that he was a sex offender, except she’d screwed the address, and got the wrong guy. Oops.
• Vigilantism. The BBC has reported a story about a man who the police believe was murdered because he looked similar to an offender on a registry. Oops.
• Dangerous people shouldn’t be set free. If the legal system thinks that these people are dangerous enough to reoffend, they shouldn’t be put in a position where they can reoffend. They either shouldn’t be allowed back into mainstream society, or they should be monitored in such a way that prevents them from reoffending.
• Compounding false convictions. If someone is falsely convicted of a crime, then this system will only compound the crap they have to go through. Canada has a proud history of false convictions. The US has a history of incarcerating large portions of its ethnic minorities. Is our legal system trustworthy enough to put potentially innocent people at risk of murder?
• A false sense of security. Most sex offenders are known to their victims (90%, according to Family Watchdog). We shouldn’t be teaching kids to look at strangers with fear, when it’s much more likely that kids will be attacked by a family member, or someone in a position of authority.

These lists seem to be an indication that something has failed in the legal system. One of the roles of our legal system is to ensure that dangerous people shouldn’t be out in society. The symptom of this failure is that innocent people get smeared or hurt.

Fun fact: Family Watchdog is hungry for money, so hungry in fact, that they limit the information available to nonsubscribers. They also state that their website costs $4 million annually to run. They clearly care about your family so much that they are running their own small nuclear power plant to keep the site up in case of power failure. And don’t forget to check out their great store for all the cool fear-inspired merchendise.

Ugh. Maybe when I have kids, I’ll think these registries are a good idea. Who knows?

Last night, as a lounged around Bridgehead waiting for my Lovely to finish talking to her volunteer group, I happened upon a pamphlet from Inside the Bottle. According to the pamphlet, Inside the Bottle is a campaign to “challenge the bottled water industry.”

I shall regail you with some factoids from the pamphlet before I start bitching about the sites themselves:

1. Bottled water costs between 250 and 10,000 times more than tap water.
2. At least 25% of bottled water is taken from municiple water systems.
3. Municiple water systems test the quality of their water at least daily. Bottled water plants are inspected every 3 to 5 years.

According to the Polaris Institute,

1. Bottled water producers are not regulated. The Canadian Bottled Water Association has a voluntary code of conduct. But the largest bottled water producers aren’t even part of the CBWA, so it doesn’t really matter.
2. Bottled water producers pay virtually nothing for the water they use. If the producer uses groundwater directly, then they pay a few thousand dollars for permits that last 10 years. If the producer uses water from municiple systems, they pay a pittance. Every other extraction industry must pay a levy or royalty on their use of the common good. Not so for bottled water producers.
3. During the ozone treatment, bottled water is bubbled with calcium chloride, which can contain high volumes of bromide. Bromide can turn into yummy bromate during the process. Aside from adding a pleasant tingle to the water, bromate can cause cancer.
4. There is evidence that acetaldehyde (a probable carcinogen) can leach out of the plastic bottles and into the water they contain.
5. Health Canada is recommending that regulations around bottled water be improved.

And now I shall bitch:

I agree with these crazy hippies. Bottled water is a sham. I don’t have a problem with suckers being parted with their money (I work in IT, after all), but I have a sneaking suspician that the whole bottled water thing is undermining confidence in a public infrastructure; and the money is going to disreputable corporations who are doing nasty things around the world.

But their websites suck. It seems like a third of the pages on kNOwBottledWater.org, InsideTheBottle.org, and StopCorporateAbuse.org are placeholders. Their fact sheets are hard to find, and are fairly sparse. It seems like everything is an advertisement to buy their “Action Kit”. The only reasonable site that I’ve found is the venerable Polaris Institute, it contains information, but the pages are poorly organized. It was only after hunting that I was able to find some juicy facts.

If these people are going to make a difference in the world, they’re going to have to improve their outreach. Students like me have time to dig around on poorly designed sites to find damning information, but the general public doesn’t.

Cute: a little flash applet to visualize a regex and watch it matching an input.

I ran across a neat attack on online services that uses the browser’s cookie-cache and JavaScript runtime as the attack vector. The attack requires that the target service uses cookies for authentication; the service uses a constant URL to access sensitive data; the victim’s browser is running JavaScript; and that the victim can be lured to an attacking site.

When the victim’s browser is pointed at the attacking site, the attacking site serves up some malicious JavaScript. The JavaScript requests the sensitive data at the well-known URL. The browser happily complies, feeding the authentication cookie to the service in the JavaScript request. The malicious JavaScript parses the returned page, performing whatever nastiness it chooses on the received data.

The problem is that the service has no way of distinguishing between the legit links it feeds to the user’s browser, and the illegitimate requests coming from the attacking JavaScript. The problem can be solved by moving the authentication token out of a cookie and into the links that the site hands to the browser. Since the JavaScript runtime limits code to touching elements on the page that it loaded, the service should be safe.

Of course, if the authentication token is regenerated every time the user logs in, that means that the user can’t bookmark those secure services. Then again, AJAX often breaks bookmarking anyway, and there’s a big rush to AJAX for absosmurfly everything, so maybe this isn’t such a big deal.

This is one of the reasons I’m kinda leary about using hosted services. When they go offline, there’s nothing I can do. Other than get angry. Of course, the flipside of that equation is that when I own a service, and it goes offline, I have to fix them.

But this was enough to push me over the edge. Treating folks in China like crap is one thing. Locking me out of my email is a whole other story. I’m getting a Goolag shirt.

I’m starting to fall behind on my thesis. Which is kind of worrying, as the election and our (attempted) VEE 2006 paper has already pushed my completion date back much further than I wanted it to go. As if that isn’t bad enough, I’m starting to dream about it. How’s this for a nightmare:

It starts out with me leaving Tremblant after a day of skiing, at something like 2am. I drive back to Ottawa, but southern Quebec isn’t its usually snowy self, instead it’s a desolate wasteland of grey stone, low stone outcroppings, and the occasional brushy pine. Despite the hour, the landscape is lit with a dull light that illuminates the land. The closer I get to Ottawa, the more lifeless the land becomes.

Eventually I get back to Ottawa, and the dream flips to third person. The perspective is off, like I’m watching myself through a fish-eye lens. The landscape looms around me. Ottawa has been replaced by an oversized grey stone replica of itself. I watch myself stop on Lebreton Flats, and get out. The Flats have had a massive turnpike draped over them, with the only colour being the green of the Parliament Buildings roof in the distance (the buildings themselves are too far in the distance making them look like miniatures on a mountain). My advisor happens to be on the edge of the turnpike. I walk over to him and he tells me that in order to get my MCS I have to pass the following exam.

He starts to write on a napkin, with red pen:

There are fat people, and there are skinny people.

You are applying for a job with Andy’s Advanced Algorithms. They are producing beads for beachgoers (because we know that they are the most diverse population, right?). In order to get a job with them, you must come up with types of beads the beachgoers will like. Relate your solution to software engineering.

I started writing, mentioning that this is clearly a customization problem (and therefore a good application of generative programming), before I began classifying beachgoers.

At which point I woke up. Which is too bad, because in the dream, I thought that I had a pretty good solution to the problem. I would have liked to have seen it. The dream wasn’t scary per se, but it did kind of creep me out. I can’t remember the last time I dreamt of something that I was working on.