All Postings (100)

2018

Happy Dinosaur

Learning to pentest!

Physicist, walking down the stack

The First Search Result

Reverse Engineering

2017

Best of 2017

Working Remotely

Computer Science and IT

Taking stock! Physics

Subversive? Physics?

My Philosophy!

Scripts Beget Scripts

2016

Theoretical Physics. A Hobby.

Self-Referential Poetry

Silent Online Writing

'Are You Still Doing PKI?'

My Philosophy (?)

Impact of physics on my life

Not much happened in 2015

2015

Unspeakable

Self-Poetry

Farewell Posting ...

Hacking away...

Web Project - Status

We Interrupt ...

Poetry from Poetry

PKI-Status-Update

Life and Work

Definition: 'Subversive'

2014 in Books

Physics Postings

Engineering Postings

True Expert

2014

2014 - a Good Year

Physics or Engineering?

Engineering Links

What Is Art?

Bio

PKI FAQ

Google's Poetic Talents

Certificates and Heat Pumps

Nr. 5: A Mind-Altering Experience

Technet postings

WOP!

Pink Spaceship

radices = Roots!

IT Postings

Web Projects

Life, the Universe, and Everything

Uh-oh, No Posting in March

PKI Resources

PKI Issues

Subversive Work

Spam Poetry

A Career 'in Science'

Writing

On the Shoulders of Subversive Giants

Search Term Poetry

Facebook Art

2013 in Books

2013

Explain, Evaluate, Utilize

Technology

About Life-Form Elke Stangl

elkement and This Site

No. 3: Internet Apocalypso

Retrospection

Newsletter Resurrection

2012

For Free

Subversive Yearly Report

Is My Life a Cliché?

Indulging in Cliché

Torture Turning Trivia

Intermittent Netizen

Knowledge Worker...

Profile

Physics on the Fringe

Graduation Speech

The Element is Back!

Offline

Physics Links

2011

Not Funny

Calendar and Magic

Expert

In Need of a Deflector

About to Change

A Nerd's Awakening

For the Sake of Knowledge

2008

Profession Or True Calling?

No. 2: On Self-Reference

I Have No Clue About Art

Netizen

2007

The End

No. 1: On Subversion at Large

2005

Emergency Exit

Modern Networker

2004

The Scary Part

Exploring the Work Space

2003

Instead of a CV

Favorite Books

2002

Elke was here

Postings tagged with 'Links', listed in descending order by creation date. All Postings shown.

Heat Pump System and Renewable Energy

(elkement. Last changed: 2015-11-07. Created: 2015-02-04. Tags: Postings, Blogging, Resources, Links, Engineering, Heat Pump. German Version.)

I blog about anything heat-pump-related, in particular about our system. In addition, I am interested in thermodynamics, heat pumps and heating systems in general - and their integration with the smart grid and related security concerns. These are my postings about our 'ice-storage-/solar-' powered system specifically and postings on closely related subjects like the power grid, renewable energy and sustainable living.

Hydraulic schema of our system

My Articles on IT Security, Monitoring, PKI.

(elkement. Last changed: 2015-11-07. Created: 2014-06-01. Tags: Postings, Blogging, Resources, Links, IT, Monitoring, PKI, Security, X.509, Cryptography. German Version.)

My lecture slides on PKI and security are a bit dated already, I add them for completeness though.

Articles on my blog are targeted to a broader audience - perhaps they are too 'philosophical' for security experts. See the complete list of postings below, after the image.

X.509 Certificate

Last link changed: Migration of classical CSP to CNG / KSP, and old but good MS overview on certificates for network authentication of devices.

PKI: Links and Resources

(elkement. Last changed: 2015-12-07. Created: 2014-03-04. Tags: Resources, Links, IT, PKI, Public Key Infrastructure, Security, X.509, Cryptography. German Version.)

This is my list of Links to white papers and the like that I have found useful (restarted 2014). It is not an attempt to create a balanced or educational list. I am adding what I need right now!

Comprehensive reviews of PKI issues

Analysis by Peter Gutmann who likes to throw rocks at PKI according to his bio:

Certificate validation

Request for Comments:

In Windows systems:

Cross-certification and hierachies

Certificate enrollment

Links for Microsoft's autoenrollment are provided in more MS-related sections

Weird, hacked, forged certificates

PKI planning

Somewhat Microsoft-centric:

Windows PKI: Features and management

After I started compiling my own list, I found this - I will keep picking some of the microsoft.com links and publish them to this page though:

Some of the features required to run a Microsoft PKI in a larger, corporate environment:

Windows PKI 2008 R2 versus 2012 R2 and upgrade of hash algorithms

New features in 2012! Note I started added some the detailed articles about specific features - NDES, templates - also to other sections. This section is for overviews covering many new features or cryptograpy / algorithms in particular.

New ways to leverage a TPM chip - key attestation by validation of an endorsement key. You could have used a TPM chip as a custom key store for the machine / SYSTEM in earlier versions of Windows (basically like a 'smartcard for machines) in case the vendor of the TPM chip or a vendor of crypto software provided a suitable CSP / CNG provider. Starting with Windows 8.1 as the end-entity's OS the CA (2012 R2) is able to check if the private key had really been stored to a TPM chip.

New algorithms:

  • Changing public key algorithm of a CA certificate - only the hash algorithm can be changed (for CNG providers), not the provider itself.
  • Upgrade Certification Authority to SHA256 - after the change of a registry key the CA signs anything with the new algorithm, including CRLs and its own CA certificate when renewed (Step-by-step-instructions).
    Attention - according to my experiences with 2008 R2 the registry value for hash values is case-sensitive. Good: The change of the hash algorithm can be reverted easily. Bad: This is a per-CA settings, so once the algorithm has been changed all certificates and CRLs issued by that CA are signed using the new algorithm.

Certificate and key stores

Windows client-side stores:

Encoding

Using certificates for authentication

Native Active Directory logon:

Webserver-based mapping (no directory)

Apple iDevices, SAP, and other non-MS clients

  • In contrast to Windows'/AD's native logon via UPN string mapping SAP uses a 1:1 mapping of binary certificates to users:
    Single Sign-on mit SAP (part of a German book, assignment of the certificate is explained on pp.33)
  • Apple iPhones, 802.1x authentication against Active Directory using Windows RADIUS server (NPS)
    (promoted to blog post, summary kept here for traceability).
    • Properties of the certificate
      Subject CN: host/machine.domain.com
      Subject Alternative Name machine.domain.com
      Certificate Template (Windows Enterprise PKI): Copy the default template Workstation Authentication, Subject Name: Name as submitted with the Request.
    • Create the key, request and certificate on a dedicated enrollment machine and export key and certificates as PKCS#12 (PFX) file.
    • Create a shadow account in Active Directory
      dnsHostName: machine.domain.com
      s
      ervicePrincipalNames: HOST/machine.domain.com
    • According to my tests, the creation of an additional name mapping (as recommended here) is not required - SAN-DNS gets mapped onto dnsHostName in AD.

Network authentication of devices

  • Overview: Certificates for different services / protocols, like 802.1x or IPsec

PKI Applications

Started in 2014-10. Usual suspects as SMIME, EFS, 802.1x to be added as needed over time. See also the list of Technet Postings and the PKI FAQ.

Useful commands (in the Windows world)

Configuration parameters:

Emergency processes, for Windows.

  • Delete cached CRLs:
    certutil -setreg chain\ChainCacheResyncFiletime @now
    (Weitere Optionen siehe diesen MS-PKI-Team-Blogeintrag)
  • Start a CA even if the revocation check on its own certificate has failed - set this flag:
    certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
  • Key Recovery:
    • Search for the archived keys of a specific user and create a batach script (CA admin permissions required)
      certutil –getkey domain\username >recovery-username.bat
      This script also contains the password of the p12 key file that will be created.
    • Run this batch file. This creates a single p12 file including all keys for this user. Pre-requisites: The user executing the script needs to have one Key Recovery Agent's certificates associated with each of the keys to be recovered in his/her store. In addition CA Admin permissions are required and this needs to be an admin cmd session.
    • The batch file does the following for every key found:
      certutil -getkey [SerialNumber] [encrypted blob]
      certutil -recoverykey [encrypted blob]
      A temporary p12 file is created from every blob; then all p12 files are merged using
      certutil -mergepfx and all temporary files are deleted.

PKI and smart metering

Requirements for a smart meter PKI in Germany:
Sicherheitsinfrastruktur für „smarte“ Versorgungsnetze

An example: Smart Meter mit PKI Sicherheit

X.509 Certificate

Physics Links

(elkement. Last changed: 2015-02-14. Created: 2012-03-10. Tags: Physics, Links, Resources)

Here I maintain a list of physics books, documents, blogs, and lectures I read / watch or that I have put on the (virtual) bedside table.

The collection is not some carefully crafted, balanced list - I am not searching for resources to add them here but I add what is interesting to me as a professional or a dilettante science blogger. I apologize for the mixture of German and English resources, and the structure is always work in progress.

This list had been formerly curated on my blog, on a page called Physics Books on the Bedside Table. I decided to migrate these links over here as in 2014 I had started to curate all my tech / science links on radices.net.

Popular Science Books 'enthusiastic'

Popular Science Books 'critical' (Note: This is not 'Alternative science')

History of Science and Biographies of Physicists

Quantum Physics, Quantum (Field) Theory

  • Oersted Medal Lecture 2002: Reforming the Mathematical Language of Physics, as recommended here. Actually, this is about all of physics and how more powerful, concise, and elegant Geometrical Algebra would do away with concepts that just appear tacked on – as there is an underlying hidden structure. It is useful in classical physics but especially to understand the seemingly weird world of the complex wave function.
  • Lectures on Quantum Field Theory by David Tong. Videos of his lectures delivered at Perimeter Institute can be found here (different formats available). These lectures were my starting point for (re-)learning QFT having been exposed to mainly condensed-matter-related and non-relativistic quantum statistics and 'second quantization' 20 years ago.
  • Quantum Field Theory in a Nutshell, a concise textbook by Anthony Zee. David Tong highly recommends this book, saying tongue-in-cheek: He lies to you all the time, but in a good way. It is not an easy read because the presentation of the material is quite condensed. You have to fill a lot of intermediate steps in derivations. On the other hand this makes it a great book for serious self-study. It shows that Zee is a gifted writer of popular science books as well as his conceptual overviews are spot-on and very helpful for tackling the hard stuff.
  • I trust Graham Farmelo on this and put Stephen Weinberg's book on my To-read-list.
  • Student Friendly Quantum Fielf Theory by Robert D. Klauber. Klauber describes and writes out details in derivations, avoids all references to so-called trivial, obvious and easy steps, and he refers to his own learning QFT often. The book seems to have been written from the learner's perspective – he often anticipates those typical baffled student's questions and answers them before you dared to ask it. More praise in this post of mine.
  • A lecture on Quantum Field Theory in German, by Gerhard Soff. I like these lecture notes because topics are reviewed from different angles (such as: canonical quantization versus path integrals) and the derivations are done in detail for all the different options.
  • The Fun is Real. Blog author Warren Huelsnitz definitely meets his goal: to sort through the myths and misconceptions, and the excessive and misleading hype, associated with quantum physics.
  • An Island In Theoryspace – an awesome blog by Jaques Pienaar on physics (mainly of the quantum variety) and sometimes also on its interface with philosophy.

Quantum Computing and Quantum Cryptography

The first field that rekindled by excitement for physics in about 2003, having worked in IT already for some years.

  • wavewatching.net. A blog written by a physicist and IT consultant who tries to separate fact  from VC fiction and to predict what impact quantum computing will have on corporate IT.

Relativity

Thermodynamics and statistical mechanics

Fascinating water, water vapor, and ice

Fundamentals

Classics: Basics and fundamentals – books and blogs that cover all of physics

It is very interesting to compare Feynman's and Macke's books – they have been published at about the same time and might serve as good examples for both excellent, but different ways  to describe physics from scratch – 'American' versus 'German'.

  • A very detailed blog – physicspages.com – Physics Tutorials with lots of examples, introductions and the author's solutions to text book problems.
  • Scientific Finger Food: Sebastian Templ achieves his goal – quote from his About page: “I give my best to break it down into simple language. In doing so, I hope that I can serve you some pieces of physics, which I like to think of as being clear to me, in 'delicious and manageable bites' “.
  • motionmountain.net: Six volumes on physics, written by a physicist who works as an innovation manager. Probably the most professional hobby / moonlighting physics project I have come across.

Classical Physics

Classical (point particle) mechanics

Fluid dynamics

Personal website of Elke Stangl, Zagersdorf, Austria, c/o punktwissen.
elkement [at] subversiv [dot] at. Contact