Sound and Fury

I haven't been blogging lately. Mostly, I've been too busy with work and climbing. Mostly not the fifth-class rock sort, but the walking uphill sort.

I took the Mazama's Basic Climbing Education Program (aka. BCEP) this spring. It ran from March 15 through April 30th. I climbed a small mountain pretty much every weekend, attended a three hour lecture every week, and learned skills hands-on in four field sessions scattered through the six-week class. It was pretty intense, kind of hard, and lots of fun.

The bulk of the time commitment was the conditioning hikes. We climbed Hamilton Mountain, Dog Mountain, Table Mountain, the Palmer Glacier, Elk and King Mountains (one hike), and Mount Defiance. It was a really good progression from a fairly easy 2000 foot climb, to a difficult 5000 foot monster of a day hike.

I'm in better shape now than I've ever been in. It feels really good.

The skills sessions were good too. I was already pretty solid on the rock skills - not much new there, though I did do a lot of climbing in lug-soled boots rather than rock shoes. I don't really recommend that. The snow stuff, and rope handling skills were a lot of fun though. Prussiking up and down a rope, passing through fixed protection, ice axe skills, crampons, and roped travel were all new.

So, that's what I've been up to for the last couple of months. I'm climbing Mt. Hood on Tuesday. With any luck, I should be at the top at about sunrise.

I have an app running in a Tomcat server with Spring doing IoC, Hibernate doing persistence and Ehcache set up as the second-level cache provider for Hibernate. This is all good, as setting up a second level cache provider dramatically improved app performance.

The wrinkle comes with dynamic unloading of the app. The larger framework does hot-deploy/remove of extensions (which are Tomcat webapps with their own spring context and a bunch of custom classloader magic to make inter-extension dependencies work). Upon attempting to remove the extension after setting up Ehcache, I found that one of the JAR files was locked. Digging in to this, it appears that ehcache.xml (the main config file) gets loaded in such a way that it locks the JAR it lives in (on Windows at least; probably a non-issue on a Unix OS).

My solution, once I figured this out, was to put ehcache.xml in WEB-INF/classes, rather than at the root of my app's main JAR. I'm guessing there's some locking issue with how one of the classloaders loads resources from JAR files. Anyway. That fixed it.

It took me all day to figure that out though, so in hopes of saving someone a bit of time: ehcache.xml should not be in a JAR file.

I am entirely without words to describe the degree of stupidity necessary to allow this to exist. I believe the term gross negligence applies.

For an idea of why this might be bad, check out the Interview with an Adware Developer.

On the other hand, I suppose it's stupidity like this that creates a several-billion dollar market for security software on Windows. Which I benefit from rather directly.

The last decade of financial risk management has been dominated by a model that quantifies risk correctly 99% of the time.

What is 1% of a decade? About a month?

It has been observed that people pay a lot of attention - too much attention - to low probability risks with catastrophic outcomes. We've seen a lot of this since 9/11/2001. But that's a qualitative observation of people making decisions on a qualitative basis.

Apparently, given a nice, simple, quantitative threat metric with at 99% confidence interval, people rapidly start behaving as if it were a 100% confidence interval. If the metric says that the worst that is likely to happen is that you lose x, it is interpreted as saying that the worse that could possibly happen is that you lose x.

And worse, this metric has a hard edge beyond which it cannot see, so it can be gamed. You push the risk out beyond the confidence interval, and no matter how catastrophic, it gets lost. Once the risk model gets tied to incentives like multi-million dollar bonuses, this will happen, sometimes deliberately, but often by accident. You can fit a lot of disaster into 1%.

A certain computer security software vendor has launched an internal marketing campaign whose key image is a gentleman dressed in black, with a ski mask, repelling off the roof of a glass office building. The caption is "We're relentless".

I really don't know what the marketing message here is supposed to be. Perhaps members of the sales force are being issued ski masks and static lines?