All Postings (86)

2016

Silent Online Writing

'Are You Still Doing PKI?'

My Philosophy (?)

Impact of physics on my life

Not much happened in 2015

2015

Unspeakable

Self-Poetry

Farewell Posting ...

Hacking away...

Web Project - Status

We Interrupt ...

Poetry from Poetry

PKI-Status-Update

Life and Work

Definition: 'Subversive'

2014 in Books

Physics Postings

Engineering Postings

True Expert

2014

2014 - a Good Year

Physics or Engineering?

Engineering Links

What Is Art?

Bio

PKI FAQ

Google's Poetic Talents

Certificates and Heat Pumps

Nr. 5: A Mind-Altering Experience

Technet postings

WOP!

Pink Spaceship

radices = Roots!

IT Postings

Web Projects

Life, the Universe, and Everything

Uh-oh, No Posting in March

PKI Resources

PKI Issues

Subversive Work

Spam Poetry

A Career 'in Science'

Writing

On the Shoulders of Subversive Giants

Search Term Poetry

Facebook Art

2013 in Books

2013

Explain, Evaluate, Utilize

Technology

About Life-Form Elke Stangl

elkement and This Site

No. 3: Internet Apocalypso

Retrospection

Newsletter Resurrection

2012

For Free

Subversive Yearly Report

Is My Life a Cliché?

Indulging in Cliché

Torture Turning Trivia

Intermittent Netizen

Knowledge Worker...

Profile

Physics on the Fringe

Graduation Speech

The Element is Back!

Offline

Physics Links

2011

Not Funny

Calendar and Magic

Expert

In Need of a Deflector

About to Change

A Nerd's Awakening

For the Sake of Knowledge

2008

Profession Or True Calling?

No. 2: On Self-Reference

I Have No Clue About Art

Netizen

2007

The End

No. 1: On Subversion at Large

2005

Emergency Exit

Modern Networker

2004

The Scary Part

Exploring the Work Space

2003

Instead of a CV

Favorite Books

2002

Elke was here

This is the personal website of Elke Stangl (elkement). Since end of 2015 it contains the content formerly published to one of these sites: subversiv.at, radices.net, e-stangl.at. German Version.

30 Postings shown.

I start a radical experiment: Opening my blog's editor, and typing what I think right now  - however, planning to never publish it to WordPress.

Contrary to what seems to motivate many freshly minted bloggers, and netizens inhabiting social web worlds in general, feedback and interaction had not been my primary goal. The appeal of writing 'in public' is that on principle somebody could read what you wrote, that the internet never forgets, and that you have to hold yourself accountable to what you wrote. Have to endure reading what you wrote when you were a different being.

The joy of my early web projects was also their subversive, semi-secret, and pseudonymous nature. Online spaces were wild places, blank sheets of paper, laid before me to hone my ideas.

There is another motivation for writing online, and this is as unrelated as possible from the philosophical approach: I enjoy crafting technical arguments, documentation of technical projects, 'science writing' because I want to force myself to turn my thinking into a consistent linear thread. I want to challenge my own ideas, find the loop holes in my own arguments. I know that my blog articles may be either boring or opaque or both unless the reader has explicitly searched for content like that. But actually the latter audience is who I am perhaps writing for: I have found so much useful tech / science stuff online, for free and in sublime quality, for my professional work, my own education, my pleasure of reading - and I do not want to remain on the receiving end of this communication only.

My second motivation is tied to a minimum level of 'feedback' - page views by fellow geeks - only seems to work for my articles written on our German blog: We only blog about two times a month now, but despite the smaller theoretical audience of German speaking readers the other blog has much more views, and views are still increasing. My English blog has fallen in oblivion again after I blog only twice a month and/or after I focussed more and more on energy, heat pumps, and down-to-earth engineering and physics of everyday life.

These are my personal recent top articles in the Physics / History of Science category so far:

As for Engineering / providing how-to's and explanations for DIYers, I like those: And this is where Physics and Engineering meet, in a way I truly enjoy: When I blogged about quantum theory, basic and un-original as my articles might have been, my blog was 'viral' in comparison to that.

But ironically, a silent blog brings me closer to my other goal: Using the silent online space to write just for me, holding myself as accountable as possible though. Last year I had overhauled this / these website(s) here, and it turned more into a blog. Now I finally know what the purpose of having effectively two blog(-like) sites are:

Here, I give myself permission for introspection and self-centered updates. I don't share subversiv.at links anywhere on social media. If somebody wants to reads this, he or she really has to be determined and go to the 20th page of Google search results. There is no interaction. Of course this is also a consequence of my minimal web programming, but feedback can be blessing and curse. You (or maybe only: I) tend to write more about what 'people have liked before', or at least you feel a little bit guilty if you expose your loyal readers to something unusual - which turns each new post into a challenge, one you'd like to dodge sometimes. My writing self is quite 'authentic' here, in modern parlance.

But I don't want to appear fake on my real blog, the one that has much more content that this page, much more carefully crafted, and I don't want my blog to die. My solution has been - since a few months, I am only post-rationalizing now - to stay away from the autobiographical, from opinions, from philosophical, from big ideas ... and to focus on hard things. The stuff I do really know. I think The Internet would be a better place, if people would only post or comment if they 1) had through education on the subject, 2) practical experience with it, and 3) skin in the game - being personally exposed to risks and consequences arising from putting their opinions into practice. (In reverse order.)

So on my blog I just try to be useful (hopefully) to some tech and science enthusiasts, and perhaps a bit entertaining. If I will ever find a more useful 'spin' to what I have written here now, I might actually turn it into a blog article, like: What I learned from having two different websites. Why I stay away from opinion on the web. What I learned from tech / science blogging.

But for now this posting here will just remain some open-ended collection, snippets of my stream of consciousness, and I am copying these lines to a new 'post' at this silent website here and deleting the draft for a blog post.

Since 2012 I have published PKI status updates here, trying to answer the question 'Do you still do PKI?' (or IT). I have re-edited them often, and my responses were erratic - I was in a Schrödinger-cat-like superposition state of different professional identities.

Now and then I still get these questions. Can I answer it finally? I am still in a superposition state - I don't expect the wave-function to break down any time soon. I enjoy this state! But my answer to IT-related requests is most often no.

So yes, I am still 'working with IT' and 'with IT security' professionally. Not necessarily 'in IT'.

I am supporting a few long-term clients with their Windows PKI deployments and related X.509 certificate issues (after having done that for more than 10 years exclusively). Those clients that aren't scared off by my other activities, and clients I had always worked with informally and cordially. But I don't have any strong ties with specific PKI software vendors anymore, and I don't know about latest bugs and issues. So I don't present myself as a Windows PKI consultant to prospects, and I decline especially requests by IT security partner companies who are looking for a consultant to pitch or staff their projects. I am also not interested in replying to Request for Proposals for PKI or identity management and 'offering a solution', competing with other consultants and especially with other companies that have full time stuff doing business development (I hardly did this in my PKI-only time). I am not developing software anymore that might turn into an 'enterprise solution'.

Today I am working 'with IT' more than 'in IT' in the sense that I returned where I came from, as an applied physicist who was initially drawn into IT, armed only with experience in programming software for controlling experimental setups and analyzing my data: I call myself the 'theoretical department' of our small engineering consultancy - I am developing software for handling Big Monitoring Data. I am also tinkering with measurement technology, like connecting a Raspberry Pi to a heat pump's internal CAN bus.

Security is important of course: I have fun with awkward certificates on embedded devices, I sniff and reverse engineer protocols, and I could say I am working with the things in the Internet of Things. But I am not doing large-scale device PKIs or advising the IT departments of major engineering companies: My clients are geeky home owners, and we (the two of us) are planning and implementing our special heat pump system for them. An important part of such projects is monitoring and control.

So every time I feel that somebody is searching for 'a PKI consultant' I am the wrong person. But if somebody stumbles upon my CV or hears my story at full length - and absolutely wants to hire me just because of the combination of this - I might say yes.

But it is no good rationalizing too much: Finally it is a matter of gut feeling; I am spoilt or damaged by our engineering business. Our heat pump clients typically find our blog first - which has been mistaken for a private fun blog by friends. Prospects are either 'deflected' by the blog (and we never hear from them), or they contact us because of the blog's weird style. Having the same sense of humor is the single best pre-requisite for a great collaboration. So whenever I get any other project request, not mediated by a weird website, I try to apply the same reasoning. Years ago I a colleague I had not met before greeted me in the formal kick-off meeting, in front of all others, with: You are the Subversive Element, aren't you? (Alluding to my Alter Ego on subversiv.at). That's about the spirit I am looking for.

My Philosophy (?)

(elkement. Last changed: 2016-05-02. Created: 2016-05-01. Tags: Learning, Life, Looking Back, Meaning, Philosophy, Profession, Technology, Work. German Version.)

Once upon a time this category was intended to comprise what I had learned about philosophy. I had even aspired to study philosophy. Then came the dawn of the web and of unconventional philosophers of web culture.
I had also followed common wisdom, and my first FrontPage-generated business website had a section called Philosophy.

What's left of that, or what has been my conclusion?

I believe - in a pang of cheeky self-assurance - that I ought to have my own philosophy. Experience, business and otherwise, should be good for something. My philosophy does not focus on the grand questions of life. I might have had an argument with my former self, the idealistic student of science who aspired to change the world as a physicist, a profession I pictured as a cross-over of hands-on MacGyver theorist-philosopher-mathematician, ad-hoc-inventing smart tools whole mulling upon deep insights on universe and everything.

The unexciting truth is that my personal philosophy is explained best by summing up the different roles I have ever seen myself to take on, no matter what my job title was. None of them was about making profound changes to the world or being any sort of thought leader.

1) The Reverse Engineer

I have been told that I dismantled (tech) stuff already at a time I have no conscious memory of. I wanted to know how things worked, and I found a way to get there. Some of these activities morphed into a career later, the obvious one having been IT Security - the stereotype field for lone maverick nerdswho reverse engineer stuff. Even as a white hat hacker and so-called security consultant you have to indulge in the relentless black hacker's mindset - or you become a security bureaucrat, ticking off checklists and following rules. (Which dies not mean you should not know the rules).
But I could as well have turned into a tax advisor or lawyer, given my pleasure in finding out how such systems work.

I disagree with Keep To Your Core Skills, and I have often used 'wasted my precious time' by 'not delegating'. I hope or believe - delusionally - that 'actually' everybody has this pleasure of finding things out ((c) Richard Feynman). I am wary of marketing (tech) stuff to allegedly dumb or stressed out end-users who don't want to understand anything about underlying technology. Perhaps I am talking to less than 10% of people, but after all this is about my personal credo.

2) The Mediator

One of my first ever fantasies as a child that came close to something like a career was being kind of a negotiator or diplomat. I am not kidding: I dreamt about settling peace treaties between Mickey Mouse and his sinister opponents in his cartoon world.
This has impacted any of my jobs, but it finally surfaced expicitly when a client booked me 'for another mediation', which was in fact the follow-up of a very technical meeting.

I had considered yet another training or degree, in coaching, psychology, or the like. However, I am glad that I never left technology for good (see 1). There is a paradox: People want such 'tech project psychology' services. However, they will not buy it if labelled as such yet happily use them if they come as a hidden by-product of technical consulting.

3) The Communicator

Maybe principles 1) and 2) can only co-exist if you bridge them with a lot of talking. During most of my career 'teaching', 'training', or 'lecturing' had been part of my official duties or a side-project done in moon-lighting fachion. I stopped teaching when I became a moonlightung student again. I have also realized that I am not cut out for over well managed, structured, quality-assured educational systems. I suck at keeping to my own agenda, and I beg for being carried away by hard off-script questions.
I was not the best class-room teacher, but I think I was good at informal, jam-session-style train-the-experts sessions.

Projects I remember most fondly were those where clients were not only interested in The Tech Guy Who Will Fix Everything but also in my pontifiating on fundamentals, even if that was not required to get the job done. But as I said above (1) - I believe it's always worth it.

4) The Organizer and Automator

When I was a child, I was not called upon to tidy up my room: Not only was I self-motivation to clean it - Mr.Monk-style - but I rather re-organized my cabinets quite frequently. It was Feng Shui of Decluttering meeting obsession with structure, and it has not changed to this day.

I have extended these principles to the virtual world as soon as I had 'data'. Writing a tool, script, program to automate something is second nature. Some sort of software development has always been part of my jobs - just as teaching was, but I found out only recently that I like data analysis and programming much more.

Proficiency with interpreting and manipulating data, and with using or fixing software is part of our culture and should be trained and valued just as other basic technologies and skills. And of course I believe that we, each of us, really needs them! But perhaps it is just my bad luck or my high standards... Every time I just to use and application or service as a normal end-user I end up with low-level troubleshooting.

 

I am aware of the picture of the obsessed nerd that I have painted here. I don't underestimate subtleties and human nature though. But nowadays soft skills are so often praised to the skies and people with 'big ideas', rather than nitpicking detailed persons, so as Subversive Element the contrarian stance comes natural to me. Even the most empathic coach who tells burnt out IT guys not ot overdo perferctiomism will be very happy if a neuro-surgeon or airplane engineer are totally obsessed with flawless technology.

I renamed my blog elkement.wordpress.com last November:

Theory and Practice of Trying to Combine Just Anything

became

elkemental Force

The original tagline was

Physics versus engineering
off-the-wall geek humor versus existential questions
IT versus the real thing
corporate world's strangeness versus small business entrepreneur's microcosmos, knowledge worker's connectedness
versus striving for independence.

until it became

I mean it

and finally turned into

Research Notes on Energy, Software, Life, the Universe, and Everything

This means that my blog elkement.wordpress.com has found its purpose, and I am able to distinguish blogging better from publishing to this website elkement.subversiv.at. My actual research and 'science writing' is featured on my blog. Over there I am using wordpress.com features I have no desire for developing them myself for - and this website will remain my 100% home-grown self-developed pseudo-blog with a very limited feature set and no interactivity. The blog has LaTex support and allows me to present galleries of technical figures and diagrams.

These recent blog articles showcase what elkemental Force has been and is covering now (the end of a journey that started already two years ago - when heat pumps and thermodynamics replaced quantum physics):

Rowboats, Laser Pulses, and Heat Energy (Boring Title: Dimensional Analysis)
How Does It Work? (The Heat Pump System, That Is)
Half a Year of Solar Power and Smart Metering

My personal website, on the other hand, should be just this: A more self-indulgent site that provides status updates, meta-information and About-Me-style summaries. Because of that I will keep not sharing articles here to any social network.

And so yes: The hands-on engineering, physics, math and data analysis will be done over there on the blog. But there really are personal meta-thoughts on physics - so I don't have to change categories here.

(Theoretical) Physics and Me

Over the Christmas holidays I have been nearly offline from social media. I used the internet as I believe it was intended for me: To learn about something in depth and not necessarily sharing my insights or my 'progress'. I indulged in theoretical physics lectures just for the joys of it. I can rationalize: Yes, a bit of mathy gymnastics also serves me well when I deal with more mundane physics as a professional - such as toying with the heat transport equation.

But the real reason is unrelated to work: Theoretical physics and mathematical modelling of a small part of a complex world gives me the pleasure - and/or the illusion - of being able to understand and solve, well, something. Whenever I had been very stressed out in the past, close to burn-out, I got up even earlier - as 4:00 AM sometimes - to plow through Feynman's Physics Lectures or my favorite German volumes of theoretical physics by my late professor, W. Macke.

Not only did it help me to focus onto abstract details of a logical clear universe and to enter a more detached state of mind, but amazingly it also made me work more efficiently and focused later - on whatever technical challenge I had to solve. In those days, I was mainly concerned with Public Key Infrastructure, networking security, and applied cryptography.

With hindsight - and hopefully not too much hindsight bias - I feel that a rigorous training in a mathy subject boosts your results in any endeavor that needs an analytical approach. Perhaps only your physics training makes your realize that you need a more analytical approach at all, in addition to soft skills, practice, and familiarity with culture in certain industry sectors. I am thinking about project management, for example.

I believe that in any 'STEM' job, e.g. in IT, it is soothing to re-learn fundamentals often. One should know more than seems necessary about 'theory', before or in addition to knowing how to google, where to look up things, or whom of your tech buddies to call. Success in technical troubleshooting always gave me most contentment when I was doing it in my head mainly - like walking through a networking protocol the way it was designed, comparing that to messing reality, and uttering an educated guess about the root cause of an issue which was finally correct.

Whenever I had been blogging about a field of physics not related to my work - like quantum field theory - it was these mental connections I had in mind. I was trying to convey the joys of physics, but my main focus was different from most science writers' ones, so I think my writing was not engaging enough for the interested lay audience and sometimes oblique owing to too much references to math (whereas it was very basic for experts, of course).

My science writing is often a covert and feeble attempt to encourage others to tackle the real thing, that is the fundamentals and the math, and then to feel the same effects. I have seen that more books seem to have been released recently that try to bridge this gap between classical science writing (following the mantra of: Every formula will half readers) and text books.

I want to be part of that movement.

The most existing things, in no particular order:

Infrastructure updates - 'real'

Solar panels, before installation

Infrastructure updates - 'virtual'

  • We migrated three bank accounts, and I learned what I never wanted to know about different ways to setup debit orders. My favorite: an anonymous form on the vendor's website. Security = knowing your client account
  • Our village has changed its zip code. I learned what I never wanted to know about how organizations store addresses. Goodie: Opening 'support tickets' turned interactions with big platforms into something human.

Work and Life

Edible wild vegetables from the meadow in the garden

Global corporations have their brand names tested for potentially unwanted connotations in different cultures and languages. Now I understand why.

One minimum requirement is perhaps: Being able to get it across on the phone.

e-stangl.at

...That's my surname, in German it's pronounced like [Add phonetic cryptic signs here]. But never mind, I will spell it out...

radices.net

That's Latin and means Roots. It is a bit similar to radicles. Well, I realize now it differs just by a single letter... that may be unfortunate, sorry!

subversiv.at

All our domains have their issues, also in German. This is the only one that causes no troubles in German. But in English you need to stress:

It's the German translation of Subversive, just remove E at the end!

z-village.net

Wow - that works well in English! You just have to mention the dash!

epsi.name

It's just a non-sensical acronym, I'll spell it out... Yes, name really is a top-level domain!

Now we enter the realm of business - and we have obviously tested the domain with utmost diligence:

punktwissen.at

That's an artificial German word, Punkt actually meaning Point or Dot. Hadn't I mentioned that it might have been less confusing in English than it is in German. But I'll spell it out for you...

To make it more confusing in English, we could create better sub-domains and e-mail addresses - to convey the spirit of the German confusion:

  • point@point.punktwissen.at
  • point.dot@point.punktwissen.at
  • point.at.dot@point.punktwissen.at
  • point.at.dot@point.at.dot.punktwissen.at

I wonder if the US Department of Transportation has similar issues.

Self-Poetry, catalyzed by Google

(elkement. Created: 2015-11-13. Tags: Google, Poetry, Flarf, Weird, Web, Art, Poem. German Version.)

Same rules as for search term poetry or spam poetry:

  • Search your own site or profile on Google, using: site:elkement.subversiv.at/en/.
  • Open each page in the order Google dictates.
  • Pick one phrase from this (your own) post or article. Don't think about it too long! Editing is not permitted.
  • Each phrase becomes a line in this 'poem'. Re-orderingor re-considering previous lines is not allowed.

I play

reconnected with my roots
just reassembling weird snippets
since the turn of the millenium I have been experimenting

Alas, I stick with
Responsive Design

Which also contains the expected meta-musings
a world taken right out of a gothic movie

We are now going to challenge this, and we will ask Google
I'll pontificate about anything nonetheless
This is done deliberately

I can hardly see a problem at all
pathetic attempts of mine
It turned to a second 'branch' of
a Perpetuum Mobile

Off-the-wall geek humor versus existential philosophical questions
You be the judge on lightness and darkness.

We are flabbergasted
Instead of a 'Bio'
The subscriber may not be happy with that

I rather pick and add what I stumbled upon
created from cookies
as sort of a mental exercise

allusions to the mystical without knowing about
in the glorious era of THE GREAT dotcom HYPE

my post adolescent postmodern gloomy stanzas
boiling down knowledge to the essential information
somewhen in 2003

new counterparts
a combination of my eternal laziness and lack of motivation
I got involved in some serious discussions

No human being on this planet registered the historical event.
I've built
my inner clock

spontaneous outburst of my creativity
the structure is always work in progress
in contrast to standard mantras of modern 'information and knowledge worker society'

We are using the Babylonian system of numbers
in sunny Pannonian Plain
Or could we be subversive all the time?

... and first post published to the new site, live and public now :-)

elkement.subversiv.at

For a short time, the old sites are still available in parallel to the new site.

Looking back, I mainly struggled with:

  • My flat-file database - accessing content and all meta information stored in text files, using standards SQL queries.
  • Redirect strategy: Existing loads of redirects, temporary ones, permanent 301 ones, nice URLs without physical files...
  • Migration of the actual content, uniting what was separated in different sources - asp files, RSS feed, CSV file databases

See also my latest blog post. Which also contains the expected meta-musings on The Web.

Lest we not forget - these were the old sites:

e-stangl.at, before migration 2015

radices.net, before migration 2015

subversiv.at, before migration 2015

Hacking away...

(elkement. Created: 2015-10-18. Tags: Web, Internet, Programming, Software Development, Websites, Blogs)

In the past weeks since the last update I've added the following features:

Web Application

  • XML sitemap including English and German posts - URLs and last changed date.
  • Make yearly archive URLs 'hackable', thus using just /[lang]/[yyyy] as archive URL.
  • Population of meta tags, using also open graph tags.
  • Adding 'breadcrumb' / 'where am I' information by highlighting the item just clicked in the menu and side bars: Current category, current post, current tag.
  • Assign an optional image to a post via related attributes: Image source, image size or full image tage (for embedding Wikimedia images plus copyright information). If an image should be displayed, but no source is given, add a standard image.
  • Display the image automatically on the bottom of the post and use it in the open graph image tag, to be used as a preview image. Calculate height and size from the image's physical size and intended width.
  • Create thumbnails of these images, to be shown in the list of posts in the category pages.
  • Store all global configuration settings such as tagline in a config file that uses the same [name:] [value] parsing logic as content files.
  • Migrate all existing posts on the sites e-stangl.at, radices.net, and subversiv.at, and keep track of where the content came from. (One former .asp page contained one or more 'posts').
  • Use one default.aspx for all applications, differences depend on the app name. Example: Don't show post archive for the business page, but show latest posts from Wordpress blog feed instead.
  • Clean old content: Replace relative references (../) by absolute ones, replace CSS classes in tags. Move meta infos from content to new file attributes.

Web Server Settings and DNS

  • Tested the IIS URL rewrite module with a key map, to be created from Excel documentation. In case of issues with rewriting: Fall back to redirecting in a main ASP file.
  • Configure new host names and subdomains in DNS as primary URLs of the new applications. Add new host names for testing to reflect the already existing redirects plus the migration redirects plus the future standard redirects.
  • Modify the existing main default.asp, global.asa, and main asp script creating all pages to work with the new redirects (some duplicate code in asp and .net could not be avoided)

Redirect Logic

  • Host name determines application name: One main host name for each  (of the 3-4) application. I will use a subdomain of subversiv.at as my new primary host.
  • Check if the application has been migrated, as per config parameters. If not the existing redirect logic and existing asp code kicks in - which sends the user to a subfolder depending on host name. This is for historical reasons as I had only one virtual web host in the old times, so e.g. e-stangl.at/ redirected to e-stangl.at/e/
  • If the app was migrated, redirect all attempts to use a 'secondary' host to the new one. So e.g. accessing e-stangl.at will be recognized as calling the elkement app and redirect to my new primary name.
  • Configuring the application as 'migrated' does not yet redirect any attempt to access one of the old articles. I will have to turn on my rewrite map or code for that.

To Do

  • Complete all features for all applications before taking 'elkement' live. mainly:
    - Feed parser for punktwissen,
    - 'image database' for z-village (using small posts with images effectively as entries in a table of images), add an option to show the large version of the image inline.
  • Maybe: Ordering of posts in category by changed date, not by created date.
  • Limit number of posts on main page and on tag's pages, number = global parameter.
  • Replace internal relative URLs to pages in the same virtual directory by absolute ones.
  • Maybe: Replace parent path (../) URLs in old code, to turn Parent Path in the ASP config off as soon as possible.
  • Migrate all content from side panes, header, and footer. Add images used before to new posts, re-use descriptions from old image database (TXT).
  • Take elkement live and test redirects and preview images (social networks).
  • If OK: Take the other apps live.
  • Fix bugs
  • Turn on redirects for old ASP pages.
  • Watch results in web master tools.
  • Inform Google about new URLs (Web Master Tools)

I've built the underlying 'flat-file database' (Details in this post), and my not yet public site has these features now:

  • Menu bar from pages.
  • Show all postings on home page
  • Recent posts and archive in left bar.
  • Tag cloud in right bar, tags created by grouping all posts' meta data.
  • 'Tag page': Show all posts tagged with a specific tag.
  • Indicate category of current posting by highlighting category in the menu.
  • Highlight currently clicked article in archive.
  • Menu page contains custom text plus automatically created list of all postings in this category.
  • Automatic creation of RSS feed.
  • CSS stylesheet and responsive design.
  • 'Nice' URLs - ASP.NET Routing.

Currently I am painstakingly migrating snippets of content to new counterparts / articles / text files.

For testing I am using a layout similar to my Wordpress.com's blog design now:

elkement's new site, not public yet

We Interrupt Our Scheduled Programming ...

(elkement. Last changed: 2015-08-17. Created: 2015-08-11. Tags: Announcements, Web, Blogging, Websites, Programming, Webdesign. German Version.)

I am finally doing it:

Having run three differerent websites on a hopelessly outdated 'platform' (ASP) for nearly 15 years, I set out to:

  • Develop a new .NET site from scratch.
  • Merge all three sites - subversiv.at, radices.net, e-stangl.at - into one.

This will take a while. I am really longing for programming for fun. I don't migrate to WordPress deliberately - I have two wordpress.com blogs and like them a lot, but I want this place I design from scratch just for the joy of it.

All existing subversive / Elke's / back-to-the-roots stuff will be migrated to the new site, and I try to go as gentle as possible on the old asp URLs afterwards.

However, this means I will most likely not pull off to publish new content to the old versions of these sites while I am working on the new one in the background.

I will report on the progress on the main page of the old sites, and I will keep up my usual blogging over at elkement.wordpress.com.

elkement tackling daunting project

Elkement's Poems - The Definitive List and Introducing: Poetry from Poetry

(elkement. Last changed: 2015-09-29. Created: 2015-05-25. Tags: Poetry, Poem, Art, Flarf, Self-Referential)

The Elkement is a Netizen and living in many places. Its most innovative poetry has actually seen the light of the virtual day elsewhere.

Shamelessly plagiarizing ourselves, we cross-post the whole list of Poems from the Virtual Scrapyard Below. But we add bonus material and - again! - invent a new genre (first seen @ subversiv.at): From each of the historical poems, one line is picked to be inserted in a new poem (So this is Poetry From Poetry). Rules: One poem needs to be processed after the other, in chronological order, and you must not go back to older poems and change the picked line. So you don't know how the story will unfold. As real life as it can get in experimental poetry!

Poem from Poems

One line taken from each of the poems / articles on poems listed below, starting with the oldest. Note that some blog postings are meta-postings on poetry; so not every line was poetry in the 'original'.

just received a blank piece of paper in the mail
irony vs oxymoron
I ain’t saying your information isn’t solid,

A Digression – There is no digressification, is it?
I don’t dare to do more research!
and things should be back to normal

make sure there are no hidden phrases
poems standing on the shoulders of others
to flush the toilet

everything has already been told
40 below summer fire at zero gravity
you might want to put that on your blacklist.

You must not edit the original lines in any way
If you are inside the horizontal scenery
These are actually enormous ideas

irrevocable, eternal – insert you favorite legal phrases
un-ambiguity and preserveness
alien themed control panels

abilities in narrating an event
travel in past by falling asleep
engineering and art meets

let us determine what you think
clap hands
i need to remember this

dark side of me is even more interesting
gloomy and cynical futurism
That was a difficult period and I couldn’t maintain my sanity

It doesn’t matter if you forget the lyrics
Fun and adventure that is
Exploding the Phone

What should become a manifesto
sealed by the tokens of 20th century’s civilization

To be continued...

The list of seed poems

[2015-08-01] Travelling Like Spam Poetry. How spam poetry actually started - doing it in real-live instead of writing it.

[2015-07-02] What the Internet Asks of Me. A cross-over between Search Term Poetry and trying to seriously learn from the searchers’ questions.

[2015-03-18] Virtual Book Spine Poetry (Edition 2014 + 2015/6). Merging two posts: 1) the 2014 edition of my yearly book reviews, a tradition I started last year, and 2) my next experimental poem, in a new experimental genre.

[2014-12-22] Google Translational Poetry – Austrian Christmas Edition. Poem already created from Google results – transformed once more by running them through 10 languages in Google Translate. Bonus: Literary critique and a connection to a Wikimedia image related to Christmas and to Austria.

[2014-12-04] Imaginative Poetry. Inspired by the Second Name of Collected Space. Flarf taken to the next level: Inspired by images created also by a flarf-y method. And printed on real paper – for the first time.

[2014-11-01] Poetry of Anything. Now I Know This Is Called Flarf! I learned two things: 1) I am very late to the poetry-from-the-internet-scrapyard party, but 2) that stuff is serious art. I am also trying something new – poems unrelated to my websites but fuelled by Google only.

[2014-08-24] The Destiny of the Universe. My darkest spam poem so far, not for the faint of heart. I owe to the spammer trying to sell games involving the killing of aliens.

[2014-07-28] Crowdsourcing Poetry (Again). Search terms from the second quarter, blended with terms from Google Webmaster Tools and some enigmatic – and typically Austrian – images.

[2014-04-04] Search Term Poetry – Spring Edition. Very condensed search terms, mixed with some pathetic images taken by an ancient smart phone.

[2014-01-10] I am determined to subvert Google’s efforts to hide this precious raw material for Search Term Poetry: Search Term Poetry Sans Google.

[2013-12-06] Celebrating one year of so-called poetry with a stream-of-consciousness-style Spam Poem: Poetry from the Virtual Scrapyard Anniversary: I Subconsciously Think about This Element.

[2013-10-12] Breaking News on Search Term Poetry (Good, Bad, Ugly). A post by an accomplished author featuring one of my search term poems has been Freshly Pressed, but Google has started encrypting search terms. The end of Search Term Poetry?

[2013-10-03] The Science of Search Term Poetry, using mostly physics-related search terms from the third quarter.

[2013-09-08] Quarterly Search Term Poetry Results (Overdue!) based on search terms submitted in the second quarter. For the first time comments left on the previous post have been included.

[2013-08-14] Welcome to the Real World! – warm-up after a time-out from social media with an haiku-style short Search Term Poem.

[2013-06-06] What? A Spooky Spam Poem of Danger, Fear, Hope, and Lifeless Faces: combining Spam Poetry and images for the first time. (Warning: This poem is not for the faint of heart.)

[2013-05-26] Decoding Myself: Searching for Hidden Clues in My Blog Posts’ Titles – founding a new variety of the genre (again) by creating poetry from headers of posts of mine.

[2013-05-16] Existential Spam Poem: The Soul of This Bag takes the concept of dialogue one step further: We hear a disciple appealing to his or her cult leader.

[2013-05-07] Remarks Written by Brain-Dead Visitors is a surprisingly apt self-referential comment, promoted to the title of this post and the spam poem (sub-)titled searching for sanskrit tattoos. This poem was the first showing off dialogues containing fortune-cookie-like pearls of bizarre wisdom.

[2013-04-26] My debut as a  literary critic and spam poetry expert – a review on the (alleged) first book of Spam Poetry: Surprise Potatoes in the Soldiers’ Vegetable Soup!

[2013-04-16] Impolite and Humiliating Spam and Why We Really Need Tags for Spam Comments More than Time Machines, a poem made from nasty spam only.

[2013-04-04] Spam Poets Write Weird Things was a Search Term Poem. For the first time the title of a blog post was borrowed from a search term. Since search terms on WordPress Stats started to repeat themselves I have also added terms from Google Webmaster Tools. On the other hand I introduced length ordering of search terms.

[2013-03-29] I Need More Trivial Content which was: A Spam Poem created from snippets of a blog post of mine that had been pasted into a spam comment in its entirety.

[2013-03-22] On the Hierarchy of Needs and Needless Things – not really poetry, just two search terms. But the post itself could be called art from the scrapyard.

[2013-03-03] My Zen-ny Search Terms: Where Engineering Meets Art Meets Physics Meets Geekdom. (And Rodents, Sometimes.) and providing the concise How-to-guide readers have asked for.

[2013-02-13] Turning Flattering Chatty Spam into Postmodern Art.

[2013-02-01] An attempt to transcend the genre: The Art of Error Messages.

[2013-01-24] What a let-down: Standing on the Shoulders of Giants and Not Recognizing It.

[2013-01-18] Spam Poems and Search Terms Poems: Preliminary Results. I have started a movement – this is an account of its history.

[2013-01-14] Taking Crowdsourcing of Art to the Next Level? by including spam comments in my poems, in addition to search terms.

[2012-12-31] The end of the year and some some life events are celebrated in a search term poem: 2012: The Year We Make Contact.

[2012-12-12] The very first search term poem saw the light of the blogospheric day: Crowdsourcing of Art: Poetry from Search Terms.

This is a wormhole.

I had been a PKI consultant since 2002, mainly working with European enterprise customers on designing and implementing their PKIs run inhouse. Now I am supporting some long-term existing clients with their PKI / X.509 issues but I don't take on new clients.

As a former Microsoft employee I have focused mainly on the Microsoft PKI, versions Windows 2000 / 2003 / 2008 / R2 / 2012 R2 - but I also had some exposure to various other PKI-enabled applications and devices. The fun part of PKI projects is in debugging weird issues that exotic or allegedly 'industry-grade' applications have with validating certificate paths, using keys etc.

Here is the often requested one A4 page summary, and here you can see that those PKI services are part of an ... uhm... odd combination of IT services.

  • I try to keep track of links, books, papers etc. I found useful and add them to this list. This is not intended to be the perfectly structured, 'educational' collection. I rather pick and add what I stumbled upon while working on PKI issues or discussing with other security freaks.
  • I started logging PKI issues here. The idea is to described them most concisely, in TXT format.
  • Struck by vanity I made the collection of my modest own contributions a page in its own right. I am also trying to keep track of my postings to security forums in order to use those as my knowledge base.

I am originally a physicist (completed PhD in 1995), worked in R&D and switched to IT security. In 2013 I have completed another master's degree called Sustainable Energy Systems and did a master thesis on smart metering and security (LinkeIn profile). Now I am consulting engineer working with heat pumps that use a special heat source. Yes, I know - it is weirder to combine that with PKI.

The security of the smart grid and internet of things [add more buzz words here] provide options to re-use my security know-how in the context of my new field. Such heat pumps may use control units connected to 'the internet' and all kinds of certificate-/PKI-enabled stuff might be involved here.

For five years I have given a yearly lecture in a master's degree program, then called Advanced Security Engineering at FH Joanneum. Here is the last version of the slides.

This is an image I called PKIs in the real world in this post.

PKIs in the real world. By Elke Stangl

Life and Work

(elkement. Created: 2015-05-15. Tags: Life, Work. German Version.)

We feel the fresh air of a new category: A new major tag that has infected most of our online content: It is called Work, Life, and Balance.

So it has to be added here of all websites, of course! Do we need a manifesto?

We don't want only a solar collector for research and self-sufficiency - we want 100% self-sufficiency re tomatoes!

Solar collector and tomatoes

We don't only want to hack play with our inverter's web interface - we want to have enough time to watch our PV panels harvesting energy!

Harvesting energy

Again: Defining 'Subversion'

(elkement. Created: 2015-04-01. Tags: Life, Subversive, Ultimate Truth. German Version.)

We are flabbergasted as we notice that we tied 'Subversion' to hackneyed clichés from managers' self-help books and Dilbert-style satire. Or to fluffy internet poetry. Lest we don't forget that subversion is hard work and rather down-to-earth...

... THIS ist subversive:

Subversvion. Or: When I grow up I'll be an eggplant!

2014 in Books

(elkement. Created: 2015-04-01. Tags: Books, Reading, Philosophy. German Version.)

I have been chronicling the books I have read on my blog since 2012. For 2014 I wanted to do something different: I created the virtual equivalent of Book Spine Poetry.

This page here (on e-stangl.at) seems not fit into my overall system of writing and curating content in different places. But on the other hand I had once started the first list here, stating that what you write about books says more about you than about the books.

Last year I read mainly about:

IT security and related culture and history. I'd attribute this to nostalgic flashback and the feeling I can and should tell some funny anecdotes many years after they had happened.

Sleep research. I believe that sleep is underrated and professions are self-selecting. I am a different being when I can sleep in harmony with my inner clock. I have briefly reviewed three of these books in my blog posting on hacking the biological clock - written under the impression of the upcoming most hated Sunday of the year, end of March 2014.

Technology and its interdependence with work and life. I wrote only three posts that might qualify as book reviews, and they represent my inner inconsistency and ambiguous thoughts:

  • Nicholas Carr's thoughtful critique of too much automation. Though I was some sort of tech professional, maybe even an evangelist, most of life, it struck a chord with me. Not only am I bragging about using a scythe tongue-in-cheek, but I sometimes prefer the less automated and 'smart' solution. I can relate to architects and photographers renouncing of software voluntarily.
  • Automattic's (WordPress') way of organizing its global workforce. I also enjoy working 'remotely' and communicate 'asynchronously'. We have worked in IT like this for a long time, but we have also started to do so in our down-to-earth heat pump projects.
  • Douglas Coupland's Generation X. Gen X’s denial or envy of their boomer parents’ values and social security, and their denial of their considerably younger siblings who are cooler and more career-oriented. Yet, Coupland ends on an optimistic note.

A sign on the path (2014)

Blog Postings on Physics

(elkement. Last changed: 2015-11-07. Created: 2015-02-04. Tags: Physics, Thermodynamics, Quantum Physics, Quantum Field Theory, History Of Science. German Version.)

Today I am writing articles on physics mainly on my English (elkement's) blog and our German (punktwissen) blog. This site (and its precursor, radices.net) help me with curating the links to my English physics postings.

All English postings written to date are displayed below, in decending order, from the Physics category's feed on my blog.

While I gravitated against quantum theory and the connection between physics and philosophy in 2012 and 2013, I finally switched to more hands-on applied physics in 2014. Before I have done 10-15 years of soul searching; some of these posts from 2012-2013 give prove of that.

'Physik - Urbanitzky', 1905

Heat Pump System and Renewable Energy

(elkement. Last changed: 2015-11-07. Created: 2015-02-04. Tags: Postings, Blogging, Resources, Links, Engineering, Heat Pump. German Version.)

I blog about anything heat-pump-related, in particular about our system. In addition, I am interested in thermodynamics, heat pumps and heating systems in general - and their integration with the smart grid and related security concerns. These are my postings about our 'ice-storage-/solar-' powered system specifically and postings on closely related subjects like the power grid, renewable energy and sustainable living.

Hydraulic schema of our system

(Re-visiting two months in WWW's netherworlds. I can prove my theoryvia two similar but independent and surreal events.)

As the saying goes, an expert is somebody who has committed every blunder in his or her discipline. It should be 'her' discipline as I have finally made it. I can prove via two similar but independent (and surreal) events.

1) The Subversive Element's website had been hacked. Well, not quite, as it was the same web server but the URL pointing to The Element's so-called business identity.

Paranoia and panic was mitigated by the curiosity of the nerd. The Element spent countless hours dabbling with Google Webmaster Tools. That is: Not only clearing Google's cache from spammy URLs, but also with scrutinizing all data available, for all websites including also the elkementary blog. And there we looked into an abyss:

2) Google's love for the elkement's blog was dwindling - by a factor of 100 within a few weeks.

But what an opportunity: Conspiracy theories running wild. In two blog postings, presented to THE INTERNET at a global level:

Of course I want you to click these links. The anatomy of a hack part is perhaps interesting. After all, I can still consider it correct, given most recent findings.

This does not apply to the elemental theories on Google. Here is the final explanation, in an incredibly brief posting, by elkement's standards:

tl;dr: All WordPress.com blogs had been gradually migrated to https only in the past months. In Google Webmaster Tools you need to add the https URL as an additional site. My traffic was tucked away in statistics for the https URL.

Facepalm (7839341408)

Facepalm, Tim Green from Bradford, Wikimedia.

E on Track (Edition 2014 - a Good Year)

(elkement. Last changed: 2015-04-01. Created: 2014-12-24. Tags: Life, Meaning, Looking Back, Contentment. German Version.)

(December 24, 2014. Updated: April 1st, 2015, not funny though.)

The outlook was vague and dubious.

Elke Stangl 2014

You can take pride in the way you've already mastered.

Elke Stangl 2014

Fortune favors the prepared mind.

Elke Stangl 2014

Be creative with what is available.

Elke Stangl 2014

Don't underestimate the power of the right companion.

Elke Stangl 2014

Sorry, wrong image! I try again!

The Two of Us 2014

I am alone in the fog, but the victory is mine.

Elke Stangl 2014

I'll pontificate about anything nonetheless.

Elke Stangl 2014

Physics, Science, Engineering, and a Lot of Fun

(elkement. Last changed: 2015-02-04. Created: 2014-12-17. Tags: Physics, Engineering, Science, Heat Pump, Simulations, Career, Life, Work. German Version.)

I am running a small engineering consultancy together with my husband. Following Star Trek terminology, he is Chief Engineer, and I am Science Officer.

In overly correct legalese, my job titles according to our business licences are 1) Consulting Engineer in Applied Physics and 2) IT Consultant.

We specialize in planning of heat pump systems with unconventional heat sources, that is a combination of an underground water tank and an unglazed solar collector. 'IT' means: playing with control units and data monitorin.

Solar collector for harvesting energy from ambient air.

As we run a German blog focused on this system and I also devote a 'sub-division' of my English blog to it, I use this site (radices.net) mainly for consolidating resources and links - in the same way as I curate security / PKI related links. Perhaps these link dumps will not be very useful for anybody but myself.

I once was a laser physicist and a materials scientists - my specialties having been high-temperature superconductors, laser-materials processing with Excimer lasers, and the microstructure of stainless steel. Then I turned to IT security, IT infrastructure and IT management for more than 10 years.

In 2012 I felt the urge to reconnect with my roots as a scientist and engineer, and we started working on our own heat pump research project in stealth mode. It turned to a second 'branch' of our two-person business. There are connections between my different fields of expertise - IT security and heat pumps - like: the security of the smart grid, 'hacking critical infrastructure', monitoring and control systems. Even the data we gather with our pilot setup have turned into 'big data' that require analysis and management.

So I am actually more of an engineer than a physicist. But I am still very interested in theoretical physics as sort of a mental exercise, and I indulge in reading textbooks as hobby. In 2013 I had focussed on (re-) learning quantum field theory.

Since 2014 I am mainly blogging on down-to-earth classical mechanics or thermodynamics, and I enjoy doing cross-checks and back-of-the-envelope calculations on my blog.

Simplified simulation of ice in the water tank in different years.

Last change: Updated dead link to Austrian statistics on fuels and heating systems.

Heat pumps

Heat pump usage in different countries and history of heat pumps

Unusual heat sources

Sizing heat pumps - I am trying to learn the terminology of standards commonly applied in English-speaking countries:

Power grid and availability

Power generation

Hydro power plants

In Sweden the world's largest pumped hydro storage plant might be built:

  • See bottom of page 30 of this research paper:
    Besides the official estimations there are some discussions [28b] about building pumping capacity between the lakes Vänern and Vättern in Southern Sweden. The difference in altitude is 44 meters between these lakes.?
  • ... and the last page of this presentation:
    Possible future? Mariestads Kraftverks AB & others 50 km tunnel between the lakes Vänern & Vättern Cost: 250 billion SEK. Installed capacity: 50000 MW .

Free long-term weather data

Inputdaten für eigene Simulationen.

Germany and Austria.

World

  • Climate data for the last decades. The navigation is something you need to get used to (Pick: Cities, Climate, Climate Robot...). Therefore I start with Ice Days for Vienna. It is a bit weird that available data seem to depend on the choice of the language (less data for Vienna in English).

Extreme Weather

The winter 1962/63 was the coldest since 250 years in Europe (German article: Winter 1962/63 in Europa. Englisch article: Winter of 1962–63 in the United Kingdom).
More data from a talk / slides avaiable at the website of the Royal Meteorological Society: The bitter winter of 1962/63 - this winter was unusually mild in Canada and Greenland (p.17)

Could such a winter ever happen again? "The 1963 winter is well within the population of other cold winters that have been experienced in this country ... It is not necessary therefore to seek some very special cause in order to explain it." – H.C. Shellard , Meteorological Magazine , 1968  (p.21 of PDF)

Different heating systems

Statistics for Austria: Heating 2003 to 2012 by fuels used and heating system (in Austria). Less than 15% of (primary) heating systems are stoves, and they have been on a decline in the last decade.

Units, heat values, energy costs

Tools for converting units

Heat values

Properties of water (for comparing the energy stored in a water / ice tank)

Costs of energy - international

Monitoring, Control, IT

Metering and monitoring electrical power consumption

  • Smart meters with data loggers and/or various interface for attaching loggers - to be installed behind the official smart meter:
  • Parsing an online monitoring website is perhaps the most universal 'real-time protocol' in case not other interfaces are available. E.g. by using Powershell, I tested with the local website of a Fronius Symo inverter and their web portal www.solarweb.com. One option: Start an InternetExplorer.Application comobject and identify the html containing the interesting value per its ID (getElementById).

Manuals of data loggers by Technische Alternative Gmbh (for control units UVR1611, UVR16x2)

CAN Bus

  • Bus topology. Note that UVR1611 is automatically terminated by default.

Heating with computers

Computers installed in private homes provide their computing power to cloud services - while heating those homes.

Basics (Physics) - Mechanics, Electrodynamics

The Feynman Lectures of Physics

  • Volume 1: Mainly mechanics, radiation and heat.
  • Volume 2: Mainly electromagnetism and matter

Unglazed solar collector - part of the heat source of our heat pump system

What Is Art?

(elkement. Created: 2014-11-08. Tags: Art, Self-Referential, Flarf, Weird, Nostalgia, Poetry. German Version.)

This seems to be fundamental question The Subversive Element is trying to answer on numerous Red Pages.

subversiv.at has been a feeble would-be protest against Dilbertesque world of work. After I had risen to the challenge, lamented, fought, and transmogrified myself I consider that resolved, once for all. What remains to be done here? Write comments on my comments on my old articles, the ones I recoil in horror when re-reading them. Sometimes I comment in English on German stuff or vice versa. Sometimes I resort to Google Translate to reach one more meta-level in creating Google-based poetry from existing Search Term Poetry or Spam Poetry.

Can that be art? Never, I'd said a few weeks ago. But recently the Element has learned that this is indeed art, called 'Flarf'. So I have been creating Flarf for nearly two years - or perhaps longer, if some of my early subversive art here counts as well - although I was not the innovator I had hoped I was.

But there is an eerie effect - you experts will explain that to me. Each Flarf poem has the same signature style or flavor - I call it the post-modern, the dystopian. It is experimental sci-fi movie crossed with Dilbert going New Age. It is being ironic about irony. Or maybe not. This is independent of the details of the Flarf method used - search terms, spam comments, arbitrary Google searches, even snippets from my own posts, or readers' comments - they speak to me in the same way.

Here is an example: my latest Spam Poem to date, cross-posted from the elkementary blog. The complete list of all Flarf poetry listed chronologically is curated here - if and which ones I re-post here remains an enigma to myself, much like Flarf.

the destiny of the universe

my honest, preconceived thoughts

a great unreal dream
actual irony
when you con the destiny with your artistry

gloomy and cynical futurism
that any mortal should avoid

you arrive from the Victorian England
in the known galaxy

Illustration for Jules Verne's The Mysterious Island, by Jules Férat

dark and cynical sci-fi
forces an illusion
of that time gone by
When skyscrapers were first built

you are not understanding anything

what if i told you
There are undoubtedly more color options nearby

paradigmatic coal-black
started to be repetitive
one of the big deterrents to me

your deprecating coherence
is a potpourri

this type of despicable hypocirite
it will be the future of the human race

handing more control over
lets us progress even deeper into this sci-fi nightmare

armor and weapon
usually do not adhere to regulations
The glare of the goblin sparks partially blinded him.

Artwork for the book The War of the Worlds, Alvim-correa12

player in cyberspace
heed your call of duty

I’ll certainly come back
through the dust
or snipe the undead beasts

talk with other mentors
emotionally distraught

men and women dressed in cartoon costumes

The cartoon is attractive
corporate, regal, or fair-minded

these crooks
reported to have ghost activity

space zombies
called Glass Collective
never publicly dated anyone

Put your prowess to evaluation
removing their skin

rapidly rose the reputation
conditional upon the execution

Disgrace on Google
the cosmic horror
We do know these people analyze

NSA Muscular Google Cloud

Numerous aliens in space will traumatize you
with the fantasy stars
Your toddlers shall like it

none of the visions has borne fruit
as a matter of fact

unsubstantiated distortions
completely ridiculous.

in public areas nevertheless

This cue
the echo
The spring of 24
most is inconsistent

the web
becomes a virtual community
something that we are hoping

i could truthfully do something to be able

Slowly return your head to the original position

Uhmm..

Will there be a part 2?

the last sentence of the page

Instead of a 'Bio' ...

(elkement. Created: 2014-11-08. Tags: Spaceship, Bizarr, Life, Garden, Lifeform. German Version.)

... we show you an organic - 'bio' - space probe.

Organic 'Bio' Space Probe

Elkement is an amalgam of Elke and the Subversive Element.

Physicist and consulting engineer by trade and by day, self-proclaimed dilettante science blogger and avant-garde poet by night.

(This compilation of links is static - no more amendments planned.)

PKI FAQ

(elkement. Last changed: 2014-12-16. Created: 2014-10-06. Tags: IT, PKI, Cryptography, Security, Forums, Troubleshooting, Postings, X.509, Resources. German Version.)

This is a compilation of threads in Technet forums, organized by topic.

Chain validation and revocation checking issues

Chaining and hierarchies

Time validity

Revocation lists

(For issues with SCEP and EFS, see the sections on applications at the bottom of this page.)

Windows PKI design, implementation, and maintenance

PKI AD integration and clean-up

CA migration, backup and restore and high-availability

Scripts and automation

Certificate generation and deletion (in personal stores)

Searching the CA's databased and expiration notifications.

PKI configuration

Third-party CAs, compatibility

Windows PKI components and features - and related troubleshooting

Web Enrollment (ASP pages)

Simple Device Enrollment Protocol (SCEP) AKA Network Device Enrollment Service (NDES)

Windows OCSP: Errors and Pitfalls

  • White papers on how to make OCSP servers and CRL web servers high-available? There is an article for OCSP, for CRLs it is just a plain simple web server.
  • /ocsp/ application directory is not created before the role service had been configured. However, revocation configurations can be created before using the MMC - this causes and HTTP error 404 despite the Online Responder Management reports 'all green'. [ref]
  • Third-party validator (Axway) causes CryptoAPI to look only for OCSP URLs but OCSP is not used. Root cause finally was: CRL not accessible to the validator. [ref]
  • OCSP Responder issues: Misunderstanding about how to use one Responder for different CAs, and how an array should work. Additional interesting issue: Adding the Intermediate CA certificate to Trusted Root store can cause an error 403.16 in IIS and thus break certificate validation!
  • OCSP design: Use a dedicated OCSP server?

HTTPS-based enrollment via CEP/CES

(Auto-)enrollment troubleshooting

Kerberos troubleshooting

Certificate templates

Pre-requisites

Certificate and request attributes and extensions, and how to create requests

Certificate Subject Name and Subject Alternative Name, and tools and processes for CSR creation. Overlap with section on Scripts and automation.

OIDs

Hash algorithms

Cross-forest certificate enrollment and multiple domains.

PKI Applications

SCEP is listed unter Windows PKI components.

Logon against AD

SSL web servers

See also the section on Certificate and request attributes and extensions above.

LDAPs, DC certificates

  • Concerns re expired DC certificates. Can a DC be rebooted safely? Yes, as certificates are not required for 'standard AD functions'.
  • Easy-to-manage solution for LDAPs (only) - PKI to be avoided (?) Theoretically one might distribute a self-signed server certificate (with multiple SANs) just as a CA. I would not try to re-use an existing server's certificate as a CA certificate. As usual, I am wary about non-SSL-capable crypto providers. In case a simple 1-tier PKI is created today, templates could be moved to a well-planned 2-tier PKI later.
  • Domain Controller uses the wrong certificate for LDAPs. My suggestion was to supersede the current template with one that allows for issuance of certificates that will expire after the unwanted third-party certificate. Another user provided instructions on how to use the AD (NTDS) service's certificate store instead of the machine's store.

RADIUS / NPS and 802.1x

Exchange Server

Outlook and SMIME

EFS - Encrypting File System

BitLocker

SAP

Third-party LDAP clients

RDP / RDS

CISCO VPN

Windows VPN client

IPsec

Office Macro and document signing

Key stores and cryptographic providers

Crypto general

Software stores

Using an HSM as key store

Silent waters. Northwest of Tenerife, 2004.

On the German version of this page you do indeed find my original poetry, written in 1998. In order to allow English readers a glimpse into my post adolescent postmodern gloomy stanzas I resort to Google Translate. This is done deliberately to add that flavor of Search Term Poetry or Spam Poetry.

Words
By the Subversive Element

words
preformed
in the depths of consciousness
blister
on the surface
overdraw my picture of the world
with thousands of multicolored drops

words
rich like tentacles
in my reality
and tug at unwavering.
Burning streams of lava
apparent safety
Streams of water
wet the parched land
my reason

words
dig their tunnels
through my mind
let my soul
go on swaying bridges
about locations of past struggles
past monuments
for heroics
whose meaning I have forgotten

words
flow into my reality
here and now
and satisfy themselves
echoed by
in a world
which has changed
in this moment

This is even worse than the German version. But with more help from Google I know we can do better.

I am running this now through Google Translate again and translate it - using one result as an input for the next round:
>> to Spanish >> to Italian >> to French >> to Zulu >> to Nepalese >> to Korean >> to Finnish >> and back to German

The result (shown on the German page) is quite remarkable - to me this sounds like a Zen koan.

Now I am ready to translate it back to English - and this is what I call poetry!

Text
By the Subversive Element and Google

text
Preformed
deep knowledge of the
GO
surface
Search in my view of the world
Thousands of colorful drops

text
Subscribe to the rich
In fact, my
Hold on tight and pull.
burn the floor
apparently safety
current
short dry
My September

text
shaft tunnel
my heart
My soul
swivel the foot
In the past, a state of war
Monuments of the past
competition
The meaning is forgotten

text
my real
now here
And to ensure
echo
March
change
2 hours

Artistic Jupiter

... an odd combination probably.

But I have a penchant for combining anything. For me IT security, physics, and engineering are all connected naturally, and not only through my biography.

The communication between devices making up the internet of things need to be secured. Publicy Key Infrastructures may provide X.509 certificates needed to do this.

Physics provides one the one hand the underpinning of engineering, on the other hand mathematical methods used in physics can be applied to all kinds of complex systems. There is some truth to this satirical explanation of the relation between Feynman diagrams, certificate validation, and hydraulic designs..

But philosophical musings aside, on a daily basis I simply like to play with technology: Exploring how applications and systems use digital certificates and how they can or can't be 'hacked'. How to build ('hack') a technical solution using off-the-shelf components? How to develop a simulations tool from so-called simple 'Office software'?

A rehash of the German Subversive Newsletter sent January 31, 2005

Nearly 10 years have passed, so The Subversive Element can speak about it in public.

I do admit:

  • I spent vacations on distant islands. Just like any other tourist.
  • Vacations were for escaping the so-called real world.
  • I used to make fun of literature about quantum consciousness and the like.

But I was penalized for all this.

At first days in the year of 2005 The Element and Somebody embarked on a journey they would never forget. Equipped with lots of popular science magazines on quantum physics and a few ones on so-called alternative physics the travelled to a quite calm, distant, very green, and very wet and foggy island.

[Skipping the boring part about nature and your typical vacation reports.]

There were some eerie forebodings of evil to come:

They were invited by a lonely inhabitant of natural caves at a stormy coast - uttering unintelligible sounds. They declined politely.

An entrance to hell.

The Element was struck by a mysterious illness for one day, right after the island drowned it water as it rained heavily for two days.

Luckily the island did not break in two parts and cause a tsunami as had been proposed by serious scientists.

Streams of muddy water meet the sea.

But the native spirits of that island found the most mischievous way to punish the busy corporate workers. They nearly managed in keeping Element and Somebody prisoners on that green former volcano.

When you see this in movies, you would say this is so improbably it is not even funny:

  • At the island's airport the voice from the speakers says that the plane suffered from a technical defect - more information to come.
  • The plane would not be able to depart today but there are 34 seats left in another plane - two seats left than stranded passengers. Any volunteers?
  • Relief - we were not those two poor souls decided by drawing lots and happily boarded the plane.
  • Finally the plane landed and Element and Somebody went to their car.
    Element: I'll pay for the parking ticket.
    Somebody: Let's check if it starts first
    Element: Ha ha, yes  - very funny!!
    Somebody: [Turns the ignition key]
    [... Silence ...]
    Both: *Panic*
  • So the short story was that the small courtesy light had been on for two weeks and the battery was absolutely empty.
  • Element found the manufacturer's emergency phone number at a sticker in the car. Fortunately it was a company as they discard that type of insurance-like services usually.
  • A helpful human being was answering the phone - he will be here in about half and hour.
  • It is getting cold - it is close to midnight.
  • The helper arrives, and worries that the battery might be too exhausted.
  • OK, it can be recharged and we warned to absolutely never stop for the next 150 kilometers.
  • We drive - to the south. Target: The settlers' home in the Pannonian Plain, via Vienna.
  • And then it starts to snow. Like it hasn't before in that season.
  • We drive slower and slower.
  • We realize we will never make it to z-village so that Element will be able to drive to Vienna again, somewhat recharged.

Piece.

It should be noted that timing was probably a bit too optimistic. The ideas was to arrive at the airport before midnight, drive home through empty streets without issues, and sleep for a few hours - until The Element had to deliver one of its legendary security workshops. But based on perhaps a vague premonition of what was to come The Element had taken a USB stick with course material along during vacation, it had outsourced the preparation of virtual machines to a service provider, and it had its company badge, a toothbrush and some other things for grooming.

  • So The Element accepted its destiny and said to Somebody: We will never make it, drop me off in Vienna.+
  • Fortunately, at that time the Element's employer offered its overworked staff a so-called recreation room.
  • So The Element sleeps peacefully for about two hours on the couch in the recreation room before it is waked up by the lights and sounds of the snowplow outside and by the cleaning stuff.
  • The workshop went well.

Sleep is overrated.

Postings in Technet Forums

(elkement. Last changed: 2015-04-01. Created: 2014-07-29. Tags: IT, PKI, Cryptography, Security, Forums, Troubleshooting, Postings, X.509, Resources. German Version.)

In 2014 I had resumed posting to security forums in the Microsoft Technet community. I have been using these threads as my personal knowledge base.

Here is a feed on recent activity. Seems my mission has come to an end by the end of 2014!

A list of all my threads is also generated automatically but I am hand-curating them here again.

I am not using the original thread title but another one that makes me remember the discussion more easily; and I add a short summary. The date is the date of my first reply in this thread.

(Last changed: April 1, 2015. Added last threads I contributed to in December 2014.)

Insert some years during which I was just busy doing PKI but not contributing to the community. I try to compensate for that now!

  • [2009-07-16] What is PKI compatibility? It depends on what is compared: Certificates and their fields, key stores and access methods, request structure, protocols to enroll for certificates,...
  • [2009-07-16] Notification e-mails sent by the SMTP Exit module contain variables instead of values. Might be an issue of using the variables in a scripts versus running the commands interactively. In a script the % needs to be masked by another %.
  • [2009-07-16] Windows CA and redundancy: Does a second CA help? Templates are redundant in AD anyway. A second CA does not help as it uses a different key and cannot sign CRLs on behalf of a failed first CA automatically. For risk mitigation the CRL validity period should be configured for a few days or whatever is needed to detect and fix an issue in the worst case. Redundancy could be achieved with fail-over clustering.
  • [2008-11-09] Planning fail-over clustering for a CA, in particular how to migrate an existing non-clustered CA into the cluster. Clustering is only supported with HSMs(*). As for the names it can be done but the legacy of LDAP objects and HTTP URLs that contain the old machine name makes that rather messy. Suggestion: Use a new clustered CA setup from scratch with proper names and create a long-lived CRL for the existing CA before retiring it.
    (*) Learned in 2014 that this is not true (anymore?)
  • [2008-10-01] How to configure CRL URLs for offline CAs. It seems either a CRL has not been copied to the CRL server denoted in the CDP or the defaults have been used and the URL points to the Root CA itself. Brief outline of process.
  • [2008-09-23] Variables in CA configuration (starting with %) do not get replaced by their values. Turned out to be a copy and paste error as the lines have been copied to the command window directly.
  • [2008-09-19] Limit PKI usage to one domain - how to set permissions. The CA is a forest resource but permission for domain-specific groups can be set at the CA (Request Certificates right), or permissions on all templates could be limited to groups from this domain
  • [2008-09-18] Time zones and clock skew. Date formats in certificates are in Universal Time format including time zone information. There is only a clock skew of 10 minutes applied by default to avoid false not-yet-valid messages.
  • [2008-07-28] Checking and changing validity periods of CRLs as the default period of a week is too short for a typical Root CA. Overview on how to set the validity period in Properties of Revoked Certificates and - optionally - overlap by editing the registry.
  • [2008-07-28] Requirements for macro signing certificates. I suggest to time-stamp macros as otherwise (even if signed) signature would be considered invalid when the signer's certificate has been expired.
  • [2008-07-26] Certificate services simply fails to start after setup. Not clarified but another user indicated that in his certocm.log a permissions error was logged when he saw the same error - using the domain admin resolved it.
  • [2008-07-26] Sending certificate requests to an untrusted forest. Ideas: Automate the creation of requests and let a service user account from the CA forest fetch the requests, send them to the CA, and collect the certificates. Alternative: Simply use an AD user of the forest where the CA resides and use the certsrv web application to create keys and requests.
  • [2008-07-12] Autoenrollment issues - an XP client does not autoenroll through manual enrollment works and the event log says that Autoenrollment has been completed successfully. Potential root causes: 1) There is already a certificte of that type in the store and the setting Do not re-enroll if a duplicate certificate exists in AD has been set 2) Weird but known issue with credential roaming sometimes falsely archiving certificates.
  • [2008-07-01] Wild-card certificates - feasible but not recommended as there is a slight chance clients may not recognized the wild-card character.

WOP!

(elkement. Created: 2014-06-22. Tags: Art, WOP, Douglas Adams, Spaceship. German Version.)

Finally we know where this fond addiction to eerie spaceships materializing out of thin air stems from:

What happened next they could not ignore. With a noise like a hundred thousand people saying "wop'', a steely white spaceship suddenly seemed to create itself out of nothing in the air directly above the cricket pitch and hung there with infinite menace and a slight hum.

--Douglas Adams, Life, the Universe and Everything, Chapter 4.

Now more than one initiative had been started to actually collect and mix these 100.000 WOPs - it seems without success.

Do we need a new attempt? Do we need a Facebook page?

LEGO space ship Duffy photographers jeh

Personal website of Elke Stangl, Zagersdorf, Austria, c/o punktwissen.
elkement [at] subversiv [dot] at. Contact and Legal Notice