The Whole Canada Post Thing

I suppose I should write my thoughts on this whole Canada Post debacle that happened over the last month or so. I will open with the chronological facts as I understand them. If they're wrong, my thoughts may be wrong, so please correct me if they are.

  1. The Canadian Union of Postal Workers (CUPW) began rotating strikes after their talks with Canada Post (CP) broke down. These strikes were in no more that two cities at once (though they may have expanded given the chance).

  2. CP locked the CUPW out.

  3. After a week, the Government of Canada (Conservative) introduced Bill C-6 to get Canada Post operating again, which:

    1. Orders CP to stop the lockout;

    2. Orders the CUPW back to work;

    3. Sends the remainder of the outstanding issues to arbitration, except for salary and term of contract; and

    4. Orders the final settlement to have lower salary increases than CP's last offer before Bill C-6.

  4. The Official Opposition (NDP) filibustered the bill over the weekend.

  5. Following that, the Opposition proposed amendments to the bill, which were rejected by the Government.

  6. Bill C-6 passed.

  7. Mail service has resumed.

In how things turned out, everyone was stupid and a loser in one way or another, except possibly the Conservative Party, but I'm not even sure about that.

Canada Post was stupid by locking their workers out. Hundreds of thousands of Canadians switched to online billing over the lockout period. So in trying to help lower their expenses, they also lowered their revenue. Even if they were promised by the Government that they'd get a resolution in their favour, they might not be considered an essential service next time.

The Canadian Union of Postal Workers was stupid in that they didn't accept the offer on the table the instant the Government announced its intention to get involved. The Conservative Party of Canada is not known for it's kindness to Unions. Now the CUPW has been legislated back to work with lower wages than they could have had.

The NDP was stupid in that they filibustered the bill before they proposed amendments. In doing so, they lost some of their credibility with the general populous. They came into the opposition on the promise of restoring civility to the house. The civil thing to do is to try to work together on legislation first, then to filibuster if you believe it's fundamentally bad for the country. I haven't seen polling data on the event, but I wouldn't be surprised if it were bad news for the NDP.

The Government was stupid because they overstepped their bounds. It's the governments job to mediate and push labour disputes to arbitration if they affect essential services, i.e. to get them back to work. It's not their job to specify terms in that agreement, and especially not their job to specify terms "worse" (from the union's perspective) than what is on the table.

I'm not pro-union by any measure. Unions can be some of the most destructive forces in our society. I've watched unions negotiate themselves into a worse deal than the original offer from management. I've seen unions intentionally give away their workers rights, because some of the management was unionised. What I am is a supporter of the right to bargain collectively. We know what life is like without unions. If you don't know, just listen to the song Sixteen Tons.

When mediating a negotiation, you know you've done your job right if no party to the negotiation is happy with how things went, but also no party is angry. That is how you know that the right balance has been struck. I can't help but feel that the Conservatives have walked away happy, while the CUPW are pissed off.

Why Steve Gibson's Password Padding Works for Humans

I just finished listening to Security Now Episode 303, in which Steve Gibson talks about his concept of password haystacks. The idea is that rather than making strong passwords in a purely theoretical sense, you design them to resist nearly all possible attacks.

I recommend you go and read Steve's page on the topic or listen to the podcast, as it really is a good idea, one which I will implement in a few key places after writing this post. In fact, you should read it right now because I'm assuming knowledge of the concept. There's two reasons that password padding works for us: one psychological, and one computer scientific. As a Computer/Cognitive Scientist, password usability is something I've taken a stab at before, and I'll even show you my implementation, but Steve's is even better, and I'll explain why.

Before I begin, I'd like to point out that Steve's reasoning about password padding is completely correct. Without any knowledge of the pattern you use to create a password, it absolutely forces an attacker to brute-force your password, at which point (alphabet size)^length is your friend. So we're going to take it as a given that the passwords are strong against attacks. What I'd like to focus on is why are they better for us as humans than 8, 10, or 12 characters of random gibberish.

Let's start with a discussion of the psychological. It has been known for 50 years that memory stores things in "chunks." For example, if I gave you the following list of letters: F-R-G-T-H-I-O-F-W-C-A-Q-N-M-F-K-I-P, and then took it away and asked you to repeat it, the research suggests that you'd be able to get about 7 letters in a row right, plus or minus 2. However, if I gave you this list A-B-C-Q-R-S-E-F-G-L-M-N-X-Y-Z-I-J-K you'd probably do much better because your brain is able to break it into six chunks of three consecutive letters each.

It's immediately obvious to see how chunking helps you remember a long, padded password. You only have to remember a word and a few algorithmic steps to remember the password, instead of all 25 characters (for example).

But there's lots of techniques like this. In fact, it was chunking that inspired my old password generation technique1 (no longer in use since I started using LastPass): Take 2 random words between 5 and 8 characters, and 2 random other characters. Arrange them randomly. Randomly capitalise one of the letters. It creates passwords of between 12 and 18 characters, but you only have to remember 5 chunks (2 words, 2 symbols, and where the capital letter is). Much easier, but very strong nonetheless.

I begin the Computer Science side of this post with an anecdote: Let's say I flipped a coin 1000 times, and it came up heads every single time. You'd probably look to see if the coin was rigged, because "What are the chances of that?" Actually, the chances are exactly the same as any other possible outcome, but for some reason we humans regard this outcome as special. Why is that?

In computer science, particularly formal languages theory 2, there's a concept known as Kolmogorov Complexity. Roughly speaking, the Kolmogorov Complexity of a string is the size (number of bits) in the shortest program that will print the string (the language used is provably irrelevant, no input allowed).

So what does this mean? Well, I can write a program that spits out 1000 heads in a row easily: 

1000.times { |x| print 'H' }

But a program that printed a more complex string like 'HTTHTHTHHTHHHTHTTHTHHTHHHTHHHTHHHTHTHHHTHHTHTHHHT...' (imagine 1000 characters of that) would be considerably longer, and maybe the shortest possible program is: 

print 'HTTHTHTHHTHHHTHTTHTHHTHHHTHHHTHHHTHTHHHTHHTHTHHHT...'

That's why we see 1000 heads in a row as special: its Kolmogorov Complexity is low. As you can imagine, this concept has huge implications in several fields such as the compressibility of strings.

When Steve and Leo were discussing ways to pad your password out on the podcast, they were choosing algorithmic steps that were "Kolmogorov-ically simple", such as adding 20 dots, or surrounding it with parentheses and six dashes. All of those steps are simple enough that our brains can store them into a single chunk.

But that's the cool part: you can express any length string with a "chunk-able" algorithm step, whereas the length you can express by using words as your chunks is limited by your vocabulary. Since we have a limited number of chunks that we can store, algorithmic steps can lead to longer passwords than words.

That's why the system Steve came up with is demonstrably better than the one I came up with. Both of our systems force an attacker into brute-force mode, but in mine the length of the password is limited by the length of words. With Steve's password padding, you can get much longer passwords, and in a brute force attack increasing alphabet size and length are the only things that matter.

1: It's not secure, so don't use it to get real passwords, it's just there as a demo.

2: I'd like to give a shoutout to my Formal Languages and Parsing prof, Jeffrey Shallit. His course was incredibly difficult, but he taught me a lot of stuff that is now part of my intuitive understanding of computer science. I can't remember a single theorem from the course, but I understand computing a lot better.

My First Habit: Exercise

According to the method I'm following to develop habits, there are a number of things you need to plan for each habit you want to build. First, is your timeline. I've heard that 21 days is enough to build a habit, but I've also heard that 6 weeks is needed.

The second thing you need to do is identify the habit you want to develop, and the trigger after which you are going to perform your habit. The idea is to condition yourself to always perform the habit after the trigger, so once you stop the training period you'll never stop.

The third thing you need is to identify what obstacles are going to get in your way. By identifying them, you'll be prepared for them and won't let them stop you from executing your habit.

The fourth item in your plan is your support structure. Identify the people who are going to support you in your habit building. Also, every day after you perform your habit, announce it somewhere public and relevant. This will help everyone keep you honest, and just knowing that they will do that will prevent you from missing.

Finally, identify what source of positive feedback you'll have. Positive feedback is very important to building a successful habit. If you enjoy the habit you're trying to build, you're already ahead. But if not, some sort of positive feedback loop to make you want to do your habit.

I'm adding one more component to my plans: how to extend my habits. This will serve as a reference for me if I ever want to come back and revisit the habit and develop it further.

Here's my plan for my first habit:

  1. Timeline: June 15th to July 30th

  2. Trigger: After waking up in the morning and going to the washroom

  3. Habit: Perform exercises from the fitness ladder

  4. Obstacles:

    • Rationalization. I'm going to say things like:

      • "Oh, I'm late for work" or

      • "I'm tired this morning"

    • Time. I need to go to bed in time in order to wake up with 5-15 minutes to spare

    • Motivation. There are going to be mornings where I don't want to do them.

  5. Support Structure

    My wife, @flying_squirrel and @TheIronGus have graciously volunteered to be my primary support structure. If you're interested in following along and supporting me, I've created a new Twitter account, @egerlachhabits to track my habit building. There should be one-two tweets per day on that account, so it will be low-volume. I appreciate any support any of you are willing to give.

  6. Feedback

    • I'm going to enjoy doing the exercises. It will feel good.

    • Also, my muscles will tone up, and my wife will probably enjoy that, which will make me feel good.

  7. Evolution of the habit

    • There's a lot of good stuff from the American Council for Exercise, particularly their workouts.

    • At some point, I'd also like to get a metabolism assessment at Iron Heart done, but that will be when I'm ready to take my cardio exercise to the next level.

Overall, I'm really looking forward to getting started. If you're interested in hearing weekly progress reports here, let me know and I'll post them.

But right now, I'm concentrating on June 15th, 7:30 AM. My first step towards building a new habit!

Forming Habits

Well, it's been over 8 years since I've written a blog post. I haven't really had a website in years. But I suppose it's time to change that (since I'm feeling cramped by the 140-character stylings of Twitter).

I've been wanting to change a number of things in my life for the better for many years now. I think that's a common theme among human beings. I've tried a lot of different techniques, but none of them have really taken in the long run. I really think I've got a better shot this time, though. I've been reading the Zen Habits blog on-and-off for some time now, and I've enjoyed Leo's writing. So when he announced a free webinar about How to Create Powerful Habits For Life, I jumped at the chance. Of course, me being me, I only read about it a few days after it happened, so I missed it.

The real purpose of the webinar was to announce the launch of the Habit Course. I can't afford to take the course, but Leo did archive the webinar on the Habit Course site, and it explains his Simple Method for Creating Powerful Habits, which he's used to change his life. I've decided to follow his Method to try to get in on some of that life-changing action.

The first step of Leo's Method is to take the first week to plan, so that's what I'm doing. I've decided I'm going to start my first habit on June 15th. I've got my plan mostly written, and I'll post it here in the next few days.