Merry Christmas everyone!

I have good news! I have successfully built a habit of exercising over the last 46 days. It was supposed to be 45 days, but I forgot to tweet on day 45, so I didn’t notice that I had passed the 45 day mark until after I had exercised on day 46.

The habit is pretty well ingrained at this stage. Starting around day 25, it became more of a compulsion. Now I barely think about it before starting. I call this a huge success. In fact, today Alex and I agreed that we’d sleep in. I got up at 9 to feed the cats, and it was hard for me not to start exercising at that time.

Given how well it went, I’m going to start a new habit on January 2nd, getting to bed on time. Here’s how it’s going to work:

• I will have an alarm set on my phone for 10 pm.
• When the alarm goes off, I will get to bed as quickly as possible. If I’m not at home, that means I start going home immediately.
• Before 6PM on a given day, I can exempt myself from the alarm by tweeting on @egerlachhabits. If I do that, I must turn the alarm off and set an alarm for 6 pm the next day to remind me to turn it back on.

So, here’s the full plan:

1. Timeline: January 2nd until February 15th.
2. Trigger: 10 pm alarm on my phone
3. Habit: Get to bed as quickly as possible.
4. Obstacles
   • “I just need to finish this”
   • “I’m in the middle of watching this”
   • “Alex won’t be going to be for a bit”
   • “Five more minutes won’t matter”
   • “I really need to get this done for tomorrow”
   • “I don’t need to be up early tomorrow”
5. Support structure: Primarily, it will be my wife. She’s the one whom I’m with every night. I will be tweeting about this on @egerlachhabits, though, so if you want to follow and ask me why I’m not in bed yet, I’d appreciate it.
6. Feedback: This will be a tough point, because I won’t get much. It will be the absence of negative feedback (being tired in the morning) that will be the most beneficial. I will be building on this habit though, and that’s where the positive feedback will come in. I think I’ll restrict myself to playing Scrabble for when I’m in bed. That will work.

This is going to be a tougher one for me. I’m really good at procrastinating going to bed, and there’s no inherent, immediate positive feedback. I’m going to have to build my own positive feedback. But I think I’ll be able to manage it. Follow @egerlachhabits on twitter if you want to find out how it’s going.

I was recently contacted by a friend in a predicament. One of their friends sits on the board of a not-for-profit corporation which has recently landed itself in limbo. More than half their directors resigned en-mass.

For those who aren’t aware, the Board of Directors of an organisation is the highest body of a corporation, and answers only to the general meeting—the collective of the members. The Board of Directors needs to have a certain number present—a quorum—in order to conduct business. This number can be defined by law or by the corporation’s by-laws. In this case, the by-laws of the corporation required the Board to have five of eight Directors present in order to have quorum. With five directors resigned, this Board could conduct no business.

In order to elect more directors the corporation must call a general meeting. But in order to call a general meeting, the corporation needs a quorum of directors. Quite the pickle!

What you have to do to fix this depends on the jurisdiction in which you are incorporated.

As a Federal Corporation:

This is easy. Section 132 sub-section (2) of the Canada Not-for-Profit Corporations Act allows the remaining directors to call a special meeting to elect new directors.

As an Ontario Corporation:

The only way out I could find for Ontario corporations is a little more complicated. Section 295 of the Corporations Act of Ontario allows a members petition to call a general meeting. It requires 10% of the members of the corporation to sign it, and then the directors have to call a meeting within 21 days. However, if they don’t (or in this case can’t) then any one of the members whose signature is on the petition may call the meeting. So it takes a bit longer, but it can be done.

The good news is, the laws of Canada and Ontario both allow a not-for-profit corporation to get unstuck if it gets stuck. It’s pretty rare to have that many directors resign at once, but in volunteer organisations (which are almost always not-for-profit corporations), it’s more likely. Good to know there’s a way out.

For my current project, I’m using Amazon’s Elastic Compute Cloud (EC2). I’ve chosen Ubuntu as my OS, and so I started with the Ubuntu EC2 Starters Guide, and the UEC images therein. Those are a good base, but I need my own configuration on first boot of the VM.

Naturally, I looked around to see how Ubuntu built their EC2 images, and found in the EC2 FAQ that they build them using python-vm-builder-ec2. Sweet! That seems easy. Oh wait, the EC2 part of vmbuilder has been broken since Lucid. Oh, there’s a patch in that bug report. Darn, that doesn’t work either.

Fine, let’s look up UEC (Ubuntu Enterprise Cloud) stuff and see if that provides successful information. Oh look! How to make your own UEC image, with different instructions! Maybe that will work? Oh no, the part file provided doesn’t work with vmbuilder, and the instructions don’t port over to EC2 that well. Grrrrr.

Well, looks like I need to provide my own instructions (and eventually fix the wiki). So here I go:

1. Start by creating a part file that will work. As per the vmbuilder man page, each line in the part file can have four fields: mountpoint size (device) (filename). In the man page, it says the third and fourth fields are optional. They’re not. So a valid part file is:

   root 400 /dev/sda1 rootfs
   /mnt/ephemeral 2000 /dev/sda2 instance

2. Next, build an Ubuntu vm image. This works as long as you don’t use any of the ec2 options:

   $ sudo vmbuilder xen ubuntu --suite=natty \
     --firstboot=/usr/share/doc/python-vm-builder-ec2/examples/ec2-firstboot.sh \
     --part=./part

3. Bundle and upload your newly created image:

   $ mkdir image
   $ ec2-bundle-image --image ubuntu-xen/rootfs --destination ./image --cert $EC2_CERT \
     --privatekey $EC2_PRIVATE_KEY --user $EC2_USER --arch i386
   $ ec2-upload-bundle --access-key $EC2_ACCESS_KEY --secret-key $EC2_SECRET_KEY \
     --bucket $EC2_IMAGES_BUCKET --manifest ./image/roofs.manifest.xml
   $ ec2-register --cert $EC2_CERT --private-key $EC2_PRIVATE_KEY \
     $EC2_IMAGES_BUCKET/rootfs.manifest.xml

4. The last line of that step will return “IMAGE ami-xxxxxxxx” where the “ami-xxxxxxxx” part is your AMI ID to use when launching instances.

Some notes:

1. You could specify a different —kernel and —ramdisk when you ec2-bundle-image, but the defaults work well. I couldn’t find a list of AKIs and ARIs with descriptions. If someone could help me out on that it would be awesome.
2. You need to set up the environment variables (the things that start with $) to make this work. The names should be self-explanatory.
3. You may want to customize your first boot script from the ec2 default.
4. You can use the —addpkg parameter to add packages to your vm in the vmbuilder step (one package name per —addpkg). That’s from the old JeOSVMBuilder docs. Lots of “hidden” info about vmbuilder there.

Warning: Some of this post might squick out the faintest of heart among you. No gory details, but enough that might make you say “Ewwww!” once or twice.

About five months ago, my snoring got so bad that my wife insisted I go see a doctor about it. The doctor sent me for a sleep study, which found that my snoring wasn’t apnea, and referred me to an Ear, Nose, and Throat specialist. The ENT took one look inside my nose and throat and said: “You’ve got a Deviated Septum!” As a result, my palette and uvula have enlarged, which flap around in my mouth while I sleep.

So today was the first of three special days. I got my deviated septum corrected! Huzzah! Surgery was easy, but it will have some negative consequences on my short-term life (though it should be very positive in the long run).

So today I got up at 5:15, had nothing to eat or drink, and headed off to St. Mary’s Hospital for 6:30 (three hours before my surgery, as instructed). I got into my “preparation bay” (number 23!) around quarter to seven.

Alex and I got to listen to the day surgery ward nurse deal with a guy who hadn’t read any of the instructions or filled out half of the forms. He showed up with his rings on (a big no-no), and they had to cut one off. They also had to ask him a bunch of questions that he should have already answered. Oh, and did I mention that he got in at 7:30 for a 9:00 surgery? Geez.

At about 9:45 I got wheeled into the OR and was put under. One of the cool and spooky things about general anaesthetic for me is I lose the time I’m under. I’m not sleeping, I’m just gone.

So I woke up at about 11:45 int he recovery room, where they removed 6cm long nasal packing from each of my nostrils. Kind of amazing there was that much in there!

After having my nose dressed, I was brought back into my “preparation bay”, where Alex met me. I had to have my dressing changed twice (one hell of a nosebleed!), but after about an hour I had recovered sufficiently to be sent home! Home by 1! Woo!

So now I sit on my living room floor, reclined 45 degrees, which is how I have to stay for the day. If I lean forward (when sitting or standing) I can feel the blood putting pressure on the clots. That’s the wierdest thing. My nose is almost completely full of clotted blood (i.e. scab). It’ll fix itself over the next few days, but it’s just really odd.

The thing that sucks about this is that after keeping up my exercise for nearly two weeks, I’m going to have to discontinue. No cardio for 2-3 days, and after that weight training (even body weight) is out. I’ll try to keep my cardio up, but I’m going to have to restart my exercise habit building once all of this is over… in September.

Oh well, time to find a new habit!

I’d like to thank the staff who helped me out at the hospital: Jeanette and Michelle, the Day Surgery Nurses; Bruce, who wheeled me into the OR; Jackie, the recovery room nurse; Gail, the OR nurse; Dr. Alexander, the anesthetist; Dr. Bharadwaj, who did the surgery; and everyone else who helps St. Mary’s run (especially the IT guys, unsung heroes that they are).

I just finished listening to Security Now Episode 303, in which Steve Gibson talks about his concept of password haystacks. The idea is that rather than making strong passwords in a purely theoretical sense, you design them to resist nearly all possible attacks.

I recommend you go and read Steve’s page on the topic or listen to the podcast, as it really is a good idea, one which I will implement in a few key places after writing this post. In fact, you should read it right now because I’m assuming knowledge of the concept. There’s two reasons that password padding works for us: one psychological, and one computer scientific. As a Computer/Cognitive Scientist, password usability is something I’ve taken a stab at before, and I’ll even show you my implementation, but Steve’s is even better, and I’ll explain why.

Before I begin, I’d like to point out that Steve’s reasoning about password padding is completely correct. Without any knowledge of the pattern you use to create a password, it absolutely forces an attacker to brute-force your password, at which point (alphabet size)^length is your friend. So we’re going to take it as a given that the passwords are strong against attacks. What I’d like to focus on is why are they better for us as humans than 8, 10, or 12 characters of random gibberish.

Let’s start with a discussion of the psychological. It has been known for 50 years that memory stores things in “chunks.” For example, if I gave you the following list of letters: F-R-G-T-H-I-O-F-W-C-A-Q-N-M-F-K-I-P, and then took it away and asked you to repeat it, the research suggests that you’d be able to get about 7 letters in a row right, plus or minus 2. However, if I gave you this list A-B-C-Q-R-S-E-F-G-L-M-N-X-Y-Z-I-J-K you’d probably do much better because your brain is able to break it into six chunks of three consecutive letters each.

It’s immediately obvious to see how chunking helps you remember a long, padded password. You only have to remember a word and a few algorithmic steps to remember the password, instead of all 25 characters (for example).

But there’s lots of techniques like this. In fact, it was chunking that inspired my old password generation technique¹ (no longer in use since I started using LastPass): Take 2 random words between 5 and 8 characters, and 2 random other characters. Arrange them randomly. Randomly capitalise one of the letters. It creates passwords of between 12 and 18 characters, but you only have to remember 5 chunks (2 words, 2 symbols, and where the capital letter is). Much easier, but very strong nonetheless.

I begin the Computer Science side of this post with an anecdote: Let’s say I flipped a coin 1000 times, and it came up heads every single time. You’d probably look to see if the coin was rigged, because “What are the chances of that?” Actually, the chances are exactly the same as any other possible outcome, but for some reason we humans regard this outcome as special. Why is that?

In computer science, particularly formal languages theory², there’s a concept known as Kolmogorov Complexity. Roughly speaking, the Kolmogorov Complexity of a string is the size (number of bits) in the shortest program that will print the string (the language used is provably irrelevant, no input allowed).

So what does this mean? Well, I can write a program that spits out 1000 heads in a row easily:

1000.times { |x| print 'H'}

But a program that printed a more complex string like ‘HTTHTHTHHTHHHTHTTHTHHTHHHTHHHTHHHTHTHHHTHHTHTHHHT…’ (imagine 1000 characters of that) would be considerably longer, and maybe the shortest possible program is:

print 'HTTHTHTHHTHHHTHTTHTHHTHHHTHHHTHHHTHTHHHTHHTHTHHHT...'

That’s why we see 1000 heads in a row as special: its Kolmogorov Complexity is low. As you can imagine, this concept has huge implications in several fields such as the compressibility of strings.

When Steve and Leo were discussing ways to pad your password out on the podcast, they were choosing algorithmic steps that were “Kolmogorov-ically simple”, such as adding 20 dots, or surrounding it with parentheses and six dashes. All of those steps are simple enough that our brains can store them into a single chunk.

But that’s the cool part: you can express any length string with a “chunk-able” algorithm step, whereas the length you can express by using words as your chunks is limited by your vocabulary. Since we have a limited number of chunks that we can store, algorithmic steps can lead to longer passwords than words.

That’s why the system Steve came up with is demonstrably better than the one I came up with. Both of our systems force an attacker into brute-force mode, but in mine the length of the password is limited by the length of words. With Steve’s password padding, you can get much longer passwords, and in a brute force attack increasing alphabet size and length are the only things that matter.