Postings tagged with 'Internet', listed in descending order by creation date. Last Postings shown.
More than a decade ago this site started as a place of playful experimenting
with links - with content and structure. I hand-crafted and later semi-automated
some features that anticipated their modern counterparts, like
I have experimented with the true social media since 2012 - a party to
which I was rather late, given my previously early adoption of 'online writing'.
One of the things I learned again and again is that the tool you use and its
convenience do not really matter, at least not to me. I don't mind cumbersome
hand-crafting. It can even be a good filter to help with resisting the urge to
tweet shallow, not time-less stuff.
I am going to revive that tradition for a while!
2019-06-10: Last week I finally published my write on
unintended way to hack the box Sizzle von hackthebox - by hacking the PKI
and issuing myself a hardware token for the Administrator! I am overwhelmed by
positive responses - the security community is awesome! I might publish
something a bit similar in 'weirdness' for another Windows box.
2019-05-25: Reached a milestone in my clandestine web re-development
and content review project this week: Reviewed all blog postings, finally
found the right way to keep co-existing web databases and ad-hoc Excel
databases during a migration phase, ready to consolidate images. My plan is
to merge all sites gradually, without any deadline. Raking my virtual Zen
2019-05-14: Just completed my writeup of the unattended way to own my
favorite box on hackthebox.eu! Now I cannot wait until it is going to expire
:-) First time I used a piece of hardware to own a machine -
perhaps an image in the article will look as if this was influencer
marketing for ... SafeNet ;-)
2019-05-12: I have a blog and a personal website that
become more and more similar - again. I think I know what I have to do ...
2019-05-11: I am really excited about an unintended way I found to root a
Windows box on hackthebox.eu. I was finally able to combine what I learned
in the last year as a dabbling hobbyist pentester with my knowledge about
some of obscurer corners of Windows systems, especially that little
security-related server role I dedicated nearly two decades to :-)
2019-04-21: This website / these websites will undergo a transition - I will go full dinosaur. I
am questioning everything I took for granted, about 'how websites
should look like'.
2019-03-31: Every time I re-read Landau / Lifshitz' Course of Theoretical Physics I
discover new details. I am enjoying every word of their concise and elegant
explanations - and their ultra compact and typical physicist-style usage of
algebra and analysis.
2019-03-23: This website will not change much for a while - but elkement works on
stuff in the background. I am going to move all this here over to a static
website generator. One I code myself from scratch, for the fun of it.
2019-03-16: The best website on the internet has a grey background and
blue hyperlinks - the ultimate command line tool reference ss64.com.
See an example
2019-03-13: Every time I read the wizard book, I discover something new!
http://sarabander.github.io/sicp/html/index.xhtml I feel like I should
have read it much earlier in life, but in the other hand, I would not have
had so many light bulb moments - related to what I did 'wrong', or in an
inelegant and non-optimized way.
2019-03-13: The moment I hand-craft my pseudo-tweets, 1999-style,
something feels finally right again!
Long ago, these pseudo-tweets started with:
2002-12-16: The domain e-stangl.at was delegated in the glorious era of
THE GREAT dotcom HYPE, thus contains e-: .
The non-hyperlink part - the part
above the underscore - reflects the golden light of the evening sun or is
being shaken by an amber sandstorm.
Many years ago, The Web – which has its own category on my website here –
was an experimental playground for me. You might have guessed so, just
checking out the URL of this post.
Technologies and protocols once used for displaying static websites have
been repurposed, and HTTP(s) became the so-called Universal Firewall Bypass
protocol. We synchronize files with Dropbox or offline-cache or mailboxes.
Applications like Teamviewer or the signals from our Things (as in Internet
Of Things) poke controlled holes into our firewalls so that they are
somewhat accessible from the outside.
I have written about all of that at length elsewhere – about the
insecurity of the Internet of Things and about
Data Krakens dominating small businesses. I have had mixed feelings
about the evolution of The Web. But there is one absolutely positive
outcome: That HTTP(s) (mis-)use connection magic enables me to work in a way
I would have never envisaged 25 years ago – at the time when my most
important ‘files’ were still contained in physical folders.
I am able to work nearly remote-only, not only in IT projects. About 10
years ago I was a consultant in information security. We worked from ‘home
office’, too, although company culture often dictated that there had to be
meetings in real life. Today, I still support some long-term IT security
clients, but mainly via remote and/or asynchronous channels. When we started
our experimental heat pump side-business several years ago, my standard joke
was: Someday we will work in heat pump projects the way we work in IT
projects. And the joke became true – it actually became the default way of
working, even for clients that are within geographical reach, like a 50-70km
This list on our website explains the steps / stages of such a project –
but it’s hard to convey the spirit of a remote project properly. It sounds
way too serious. On our German blog we feature
verbatim hilarious quotes of a client / ice storage heat pump system
self-builder – translation could never do it justice.
Working remotely seems to be about technology: We need to have the tools
we have today to communicate, exchange information, to monitor and manage
systems over the internet. But it is more about culture. In IT, such tools
have already been available for a long time, yet some corporations insisted
on ‘face showing rituals’. Notably, during the economic crisis of 2008/2009
many companies worked hard to keep travel costs low and resorted to working
remotely – and later never reverted to face showing mode.
Successful remote communication is based on the skill of asynchronous
communications, e.g. on processing more than the first three lines of an
e-mail, but replying thoughtfully in nested threads. My anecdotal evidence
tells me that our typical heat pump clients have that skill – tech-savvy
geeks whose day jobs are usually tech- / IT- / engineering-related .
You need to keep politics out. As soon as that infamous ‘non-verbal
clues’ become important, remote channels might be too narrow. However, I
wonder if politics can ever be tamed properly even with heavy face showing.
My pragmatic solution is to focus on simple ‘structures of command’ – work
with one single accountable client who is in charge for his/her project and
has skin in the game. Only if you need to intermediate between ‘team
members’ and listen to ‘different sides’ you get into troubles. I have my
share of experiences – like: Clandestine meetings in which project member X
told me they considered to revolut against project manager Y – depending on
my honest opinion of Y.
Many hands-on engineering tasks are gradually being supported by remote
IT tools. I am not a first adopter of such technology – like augmented
reality glasses for engineers in power plants. My icon is an angry dinosaur
for a reason. But even I say, half-jokingly, that someday people might 3D
print our heat exchanger tubes and PVC supporting constructions, instead of
working with our traditional design documents and plans.
So at the end of 2017, I embrace The Web again and my outlook is
positive. It’s like returning to the old days – when
The Cluetrain Manifesto told us that The Internet will kill TV-like ads and
foster communications between human beings – also in business. That may
sound irrational, given the ominous power of online tracking, all for the
sake of advertizing. But anyway: The positive spirit of
remote working pioneers, like Automattic (wordpress.com) is what defines
The Web for me!
Since 2012 I have published PKI status updates here, trying to answer the question 'Do you still do PKI?' (or IT). I have re-edited them often, and my responses were erratic - I was in a Schrödinger-cat-like superposition state of different professional identities.
Now and then I still get these questions. Can I answer it finally? I am still in a superposition state - I don't expect the wave-function to break down any time soon. I enjoy this state! But my answer to IT-related requests is most often no.
So yes, I am still 'working with IT' and 'with IT security' professionally. Not necessarily 'in IT'.
I am supporting a few long-term clients with their Windows PKI deployments and related X.509 certificate issues (after having done that for more than 10 years exclusively). Those clients that aren't scared off by my other activities, and clients I had always worked with informally and cordially.
But I don't have any strong ties with specific PKI software vendors anymore, and I don't know about latest bugs and issues. So I don't present myself as a Windows PKI consultant to prospects, and I decline especially requests by IT security partner companies who are looking for a consultant to pitch or staff their projects. I am also not interested in replying to Request for Proposals for PKI or identity management and 'offering a solution', competing with other consultants and especially with other companies that have full time stuff doing business development (I hardly did this in my PKI-only time). I am not developing software anymore that might turn into an 'enterprise solution'.
Today I am working 'with IT' more than 'in IT' in the sense that I returned where I came from, as an applied physicist who was initially drawn into IT, armed only with experience in programming software for controlling experimental setups and analyzing my data: I call myself the 'theoretical department' of our small engineering consultancy - I am developing software for handling Big Monitoring Data. I am also tinkering with measurement technology, like connecting a Raspberry Pi to a heat pump's internal CAN bus.
Security is important of course: I have fun with awkward certificates on embedded devices, I sniff and reverse engineer protocols, and I could say I am working with the things in the Internet of Things. But I am not doing large-scale device PKIs or advising the IT departments of major engineering companies: My clients are geeky home owners, and we (the two of us) are planning and implementing our special heat pump system for them. An important part of such projects is monitoring and control.
So every time I feel that somebody is searching for 'a PKI consultant' I am the wrong person. But if somebody stumbles upon my CV or hears my story at full length - and absolutely wants to hire me just because of the combination of this - I might say yes.
But it is no good rationalizing too much: Finally it is a matter of gut feeling; I am spoilt or damaged by our engineering business. Our heat pump clients typically find our blog first - which has been mistaken for a private fun blog by friends. Prospects are either 'deflected' by the blog (and we never hear from them), or they contact us because of the blog's weird style. Having the same sense of humor is the single best pre-requisite for a great collaboration.
So whenever I get any other project request, not mediated by a weird website, I try to apply the same reasoning. Years ago I a colleague I had not met before greeted me in the formal kick-off meeting, in front of all others, with: You are the Subversive Element, aren't you? (Alluding to my Alter Ego on subversiv.at). That's about the spirit I am looking for.
Global corporations have their brand names tested for potentially unwanted connotations
in different cultures and languages. Now I understand why.
One minimum requirement is perhaps: Being able to get it across on the phone.
...That's my surname, in German it's pronounced like [Add phonetic cryptic signs here].
But never mind, I will spell it out...
That's Latin and means Roots. It is a bit similar to radicles. Well, I realize
now it differs just by a single letter... that may be unfortunate, sorry!
All our domains have their issues, also in German. This is the only one that
causes no troubles in German. But in English you need to stress:
It's the German translation of Subversive, just remove E at the end!
Wow - that works well in English! You just have to mention the dash!
It's just a non-sensical acronym, I'll spell it out... Yes, name really is a top-level domain!
Now we enter the realm of business - and we have obviously tested the domain with utmost diligence:
That's an artificial German word, Punkt actually meaning Point or Dot.
Hadn't I mentioned that it might have been less confusing in English than it is
in German. But I'll spell it out for you...
To make it more confusing in English, we could create better sub-domains and e-mail addresses -
to convey the spirit of the German confusion:
I wonder if the
US Department of Transportation has similar issues.
... and first post published to the new site, live and public now :-)
For a short time, the old sites are still available in parallel to the new site.
Looking back, I mainly struggled with:
My flat-file database - accessing content and all meta information stored in text files, using
standards SQL queries.
Redirect strategy: Existing loads of redirects, temporary ones, permanent 301 ones, nice URLs
without physical files...
Migration of the actual content, uniting what was separated in different sources - asp files,
RSS feed, CSV file databases
See also my
latest blog post. Which also contains the expected meta-musings on The Web.
Lest we not forget - these were the old sites:
In the past weeks since the last update I've added the following features:
XML sitemap including English and German posts - URLs and last changed date.
Make yearly archive URLs 'hackable', thus using just /[lang]/[yyyy] as archive URL.
Population of meta tags, using also open graph tags.
Adding 'breadcrumb' / 'where am I' information by highlighting the item just
clicked in the menu and side bars: Current category, current post, current
Assign an optional image to a post via related
attributes: Image source, image size or
full image tage (for embedding Wikimedia images plus copyright information).
If an image should be displayed, but no source is given, add a standard image.
Display the image automatically on the bottom of the post and use it in the
open graph image tag, to be used as a preview image. Calculate height and size from the
image's physical size and intended width.
Create thumbnails of these images, to be shown
in the list of posts in the category pages.
Store all global configuration settings such as tagline in a config file that uses the same
[name:] [value] parsing logic as content files.
Migrate all existing posts on the sites e-stangl.at, radices.net, and subversiv.at, and keep
track of where the content came from. (One former .asp page contained one or more
Use one default.aspx for all applications, differences depend on the app name. Example:
Don't show post archive for the business page, but show latest posts from Wordpress blog feed instead.
Clean old content: Replace relative references (../) by absolute ones, replace CSS classes in tags. Move meta
infos from content to new file attributes.
Web Server Settings and DNS
Tested the IIS URL rewrite module with a key map, to be created from Excel documentation.
In case of issues with rewriting: Fall back to redirecting in a main ASP file.
Configure new host names and subdomains in DNS as primary URLs of the new applications. Add new host names for testing
to reflect the already existing redirects plus the migration redirects plus the future standard redirects.
Modify the existing main default.asp, global.asa, and main asp script creating all pages to work with the new redirects
(some duplicate code in asp and .net could not be avoided)
Host name determines application name:
One main host name for each (of the 3-4) application. I will use a subdomain of subversiv.at as my new primary host.
Check if the application has been migrated, as per config parameters.
If not the existing redirect logic and existing asp code kicks in - which
sends the user to a subfolder depending on host name. This is for historical reasons as I had only one virtual web host
in the old times, so e.g. e-stangl.at/ redirected to e-stangl.at/e/
If the app was migrated, redirect all attempts to use a 'secondary' host to the new one. So e.g. accessing e-stangl.at
will be recognized as calling the elkement app and redirect to my new primary name.
Configuring the application as 'migrated' does not yet redirect any attempt to access one of the old articles.
I will have to turn on my rewrite map or code for that.
- Complete all features for all applications before taking 'elkement'
Feed parser for punktwissen,
'image database' for z-village (using small posts with images effectively as entries in a table of images),
add an option to show the large version of the image inline.
- Maybe: Ordering of posts in category by changed date, not by created date.
- Limit number of posts on main page and on tag's pages, number = global parameter.
- Replace internal relative URLs to pages in the same virtual directory by absolute ones.
- Maybe: Replace parent path (../) URLs in old code, to turn Parent Path in the ASP config off
as soon as possible.
- Migrate all content from side panes, header, and footer. Add images used before to new posts,
re-use descriptions from old image database (TXT).
- Take elkement live and test redirects and preview images (social networks).
- If OK: Take the other apps live.
- Fix bugs
- Turn on redirects for old ASP pages.
- Watch results in web master tools.
- Inform Google about new URLs (Web Master Tools)
I've built the underlying 'flat-file database' (Details in
this post), and my not yet public site has these features now:
- Menu bar from pages.
- Show all postings on home page
- Recent posts and archive in left bar.
- Tag cloud in right bar, tags created by grouping all posts' meta data.
- 'Tag page': Show all posts tagged with a specific tag.
- Indicate category of current posting by highlighting category in the
- Highlight currently clicked article in archive.
- Menu page contains custom text plus automatically created list of all
postings in this category.
- Automatic creation of RSS feed.
- CSS stylesheet and responsive design.
- 'Nice' URLs - ASP.NET Routing.
Currently I am painstakingly migrating snippets of content to new
counterparts / articles / text files.
For testing I am using a layout similar to my Wordpress.com's blog design
This site contains a messy collection of allegedly original creative texts
which are most likely unintended plagiarisms of really subversive thinkers.
This might be true for all pseudo-subversive websites but I do admit it.
The investment in the domain subversiv.at was found to correlate
unambiguously with the exposure to a subversive business book:
The Cluetrain Manifesto.
I am now plagiarizing
The website – and the book is a call to the people of earth and puts
forward 95 theses, the first of them being Markets are Conversations.
You might say: Yawn. That’s web 2.0 – so what? And the site exhibits HTML
design from the last millennium.
But bear with me and remember (people of earth) that this was 1999. Back then
I was in charge of “managing” some of those infamous web projects and of
operating “compliant” corporate web sites. That is: Theoretically I should have
disciplined anarchic web site builders and force them to use the corporate CI.
Above all, they should refrain from ordering a domain and web space elsewhere,
circumventing “corporate” and setup their subversive departmental website. On
the other hand I should have – theoretically – motivated people to add some
content to the zombie corporate content management system nobody wanted to use.
But dictatorial directives – “All Web pages must be formally approved by
the Department of Business Prevention” — throw cold water onto all that
magic-mushroom enthusiasm. (Quote from Chapter 1)
Markets are conversations, and conversations between genuine human beings are
at the heart of business. Corporation that ignore this are doomed.
In a nutshell that’s the message of the book, and in contrast to its deceptive
simplicity, this is not one of those business books (if it is a business book at
all) that make you think that an article in a magazine would have been
sufficient to cover it all. The reason is that Christopher Locke, Rick
Levine, Doc Searls, and David Weinberger tell their stories instead of stating a
message. This makes the book remarkably self-consistent.
Continue reading here:
Burn the Org Chart – if Not the Organization – Down to the Ground
These are the preliminary results of the Website Resurrection
Project. In spring 2012 rotten web pages have been de-linked.
Those have been polished in a clandestine fashion in our
steam punk web page manufacture and are gradually re-linked since autumn
The Subversive Newsletters published in German in 2004-2005 have been
The Elkement is going to analyze those and comment in English.
Note that this will not add any new content. Not even the original newsletters
had conveyed anything resembling 'content'.
The following newsletters have been analyzed:
The Elkement has recently put forward a theory: Its
life is cliché and some googling does prove that.
It has been proposed that there is a huge community of people (Netizens) who
would share the following characteristics / properties / hobbies:
- IT security
- Interested in the history of science
- Star Trek fan
- Douglas Adams fan
- Douglas Coupland fan
We are now going to challenge this, and we will ask Google. As
Scott Adams has pointed out correctly the internet is nothing else than the
consciousness of an omnipotent being, once splintered and now reassembling
- Searching for "physics" "IT security" "Star Trek"
yields 5 out of 10 hits on page one that can be associated with The Element.
Actually 2 more elemental links have been pushed down to page three since I
wrote the German version of this article two days ago.
- "physics" "IT security" "history
of science" yields 6 elemental page 1 hits.
Similar results can be achieved with nearly every combination of key words
So my advice is: If you are frustrated about being cliché:
- Write an article about those attribute
- And enjoy your page 1 Google hits.
Online since the early 90s.
Yet The Subversive Element might be an impostor netizen.
I have never discussed in Usenet, learned programming on a
C64, or compiled a Linux kernel. Even worse, I used Microsoft Word instead of
LaTex with all my scientific publications, and the first website of my own was a
Yet I feel I have the right to call myself a netizen. The
vague definition of this term allows for misuse anyway.
I probably turned into a true netizen again because of
my trepid (non-)adoption of the interactive web 2.0. So I could have been an
avid open course keep-the-internet-free-of-commercials activist.
The Element has instructed the Element to
that more frequently. I am using Web 2.0 as a platform for discussing why I
am so not fond of web 2.0 unequivocally.
A netizen is an inhabitant of the internet. Everybody knows that today. Back
in the golden times of the internet a netizen had to be an expert. A navigator
through a new world, a world that existed only for the technologically adept. It
comprised dark corners and caves.
Dark corners do still exist today. If you
want to explain to paranoid technophobes why the internet is cute and harmless
despite cybercrime you ought to say: It is just like the real world.
So everybody is a netizen. If the Know Everything
Oracle (Google) does not find any content related to you - you might be something special.
You might be a