The first GTUG meeting at HDM with the following technology sessions:

	Note
	Hochschule der Medien, Nobelstraße 10, Stuttgart room 11 ( Audimax ) 29. Januar, 2010, 16.00-20.00 Open to the public and free of charge.

Our last day for this term at HDM offers several highlights: experts and developers of large scale social networks will join us to discuss things like performance and scalability and many others. Social networks are now among the largest IT infrastructures which were ever built by humans and you will get some insight into the way they are built, the way they work and get tested.

We will have Dennis Bemmann, founder of StudiVZ with us. Dr. Johannes Mainusch, Vice President of Operations at XING and Heiko Specht of Gomez. Members of my master class on system engineering will demonstrate some tools to measure a Mediawiki installation.

	Note
	22.1.2010 at HDM Stuttgart, Nobelstrasse 10, room 056. The event is free and open to the public. Directions can be found at the HDM homepage . And the Live-Stream URL

I dare to say that the focus will shift from "security" as in attacks to damage controlled systems. This will affect system building in all areas (documentation/design, testing, runtime execution). The paper collects some thoughts on what can be done, using the Ariane crash as an example.

A few comments based on a paper by Markus Schlichting on Android security.

Some ideas on the effects of smart meters, smart vehicle control and smart everything on our life. The paper shows what is behind the "it is good for the planet" attitude really lies: a method to micro-control our everyday life by setting the parameters for our self-optimizations. This is not about privacy of data. This is about the accumulation of everyday data to make individual prices and offers. Customers have nothing in their hands against this overwhelming economic power.

The paper shows also that computer science is unable to protect those customer data - and that nobody seems to really care about this defect.

In my course on "secure systems and software" we are currently dealing with ways to secure browsers, languages etc. The Caja project is based on an object capability approach and I found the spec. quite readable. Learn how an approach that avoids identity based access control can achieve much safer software extensions and still be mostly compatible.

My friend and colleague Prof. Roland Schmitz held a presentation on Android security features at Droidcon. Take a look at the software techniques for security used in this operating system. And take notice of the "return of the process isolation idea".And that there is still a chance for "confused deputy" attacks.

A short article in german by F.Fahrbach and Miriam Müller on our new research project. We are building a virtual world for experiments in nanotechnology.

The BBC documentary on fear as a political instrument used by neo-conservatives and islamist terrorists.

Why CPI and the warnings of cyber-terrorism only serve to create profits for the security-industrial complex.

Comments on the latest study by Ben Hayes and the Transnational Institure on how military corporations started to dominate reseach in security as well as the definition of internal security itself. Learn about concepts of total control, full spectrum dominance, crowd control and other ideas financed and implemented completely without democratic control and with the help of specially created "dummy" NGOs. Read it!

A few pieces on science managment, buzzwords needed for sponsoring etc. based on the book by Joachim Schummer. He explains how the nano concept made its way from popular culture and science fiction into mainstream science funding. Really nice, especially in connection with my latest research project...

A few comments on two articles by Clay Shirky and Joel Spolsky on social software and what kind of GUIs are needed to support group behavior. Simple usability is just no longer enough. I extended it with some ideas on very large multi-touch devices and how they change the GUI again.

Just a short comment on the latest member of the "Beautiful .." series from Oreilly.

We are looking for colleagues for our new study area "mobile media". All positions are technical and require interdisciplinary activities. Take a look at the ads on the hdm homepage or at the Zeit magazine.. We need specialist for mobile application development, mobile network services and mobile content and gaming. The new colleagues will also be involved with courses in computer science and media.

HDM Stuttgart is hosting the second Linux Day. External speakers from the Mozilla Foundation, the Open Source Region Stuttgart as well as students and staff of the computer science and media faculty at HDM talk about open routers with Linux, open groupware and new Web technologies and standards. Get back control over your data, software and hardware!

	Note
	Monday 25.5.2009 at HDM Stuttgart, Nobelstrasse 10, 70569 Stuttgart. Room 056, from 13.15-20.15 (official program), afterwards get together. Live stream, chat and twitter channel available. For detailed information check the linux-day.de website.

Go and read this beautiful book on the damaging effects of intellectual property rights on all of us. Zypriss and the EU are preparing the next steps to create even more monopolies in software and other areas. Read Michele Boldrin and David K. Levine blog to realize how badly the current system of copyrights and property rights is already abused. BTW David K.Levine also wrote a nice book on game theory, reputation etc.

Some words on performance analysis, weak spots and a few pointers to where you can get help.

I have integrated Google Analytics and the comment tracking system disqus.org.

Just a bunch of nice quotes I stumbled over recently.

To read books on symbolic processing, logic and knowledge representation some basic math on first order logic, sets and graphs, relations etc. is needed. An easy read by John F. Sowa.

I just got through the book by McGraw and Hoglund on "exploiting online games - cheating massively distributed systems". I've tried to extract the most important attack vectors because I found the book rather verbose. And don't expect much "distributed". Most of the attacks discussed are purely local exploits of the game client. But the threat model is quite interesting: The server side needs to trust the game client while being aware that it might be under control of the attacker - so it uses heuristics to find out about the manipulations. This is not a scenario that most business e-services would survive...

Yesterday I attended NETT at the University of Freiburg. A short report and comments on the tracks on communication technology and economics/technology. Keywords: network coding, cross-layer architecture, cloud computing and compliance.

The recently published second edition of the excellent book "Software Architektur:Grundlagen-Konzepte", amongst others written by members and friends of the Computer Science and Media faculty at HDM is an opportunity to discuss the relation between design an programming language. While architecture and design are key, underestimating the dangers but also the power of a good programming language can really cut down on your productivity. A short discussion of some common misconceptions around architecture and programming languages.

Thanks to the efforts of Bernard Clark, IBM University Relations Program Ambassador to HDM, another IBM Day will take place in December at HDM. Representatives from IBM Global Business Services will present current work and strategies. The Computer Science and Media faculty at HDM welcomes the opportunity for industry specialists, students and accademia to learn about the many faces of modern information technology - presented by world class specialists who are involved in large scale international projects.

	Note
	12.12.2008, 9.00, room 056, at HDM Nobelstrasse 10. Open to the public and free of charge. Agenda, directions and the url for the live stream can be found at the homepage of HDM .

Karl Klink and Dr. Klaus Goebel continue their engagement in the computer science and media faculty at HDM with an extended course on mainframe technology. Read how hot and successful this technology really is in this NZZ article on mainframes

A collection of interesting papers on Chromium, Vista, tainting, non-determinism by concurrency, Sel4 and anonymity in P2P systems. And about the bad effects of compatibility.

The computer games industry is growing like never before. The development of computer games and extensions has become a billion dollar business. If you want to get an overview of the latest developments, the technologies and strategies behind, then the GamesDay is your event. Companies will demonstrate game development and products and you can get your hands dirty in workshops.

The topics covered include artificial intelligence, simulation of business processes, building extensions to well-known games, the development of mobile games and game engines and many more.

	Note
	13.6.2008, 9.00, room 011 (audimax), GamesDay at HDM Nobelstrasse 10. Open to the public and free of charge. You can find directions to HDM at the HDM homepage . Agenda and url for live stream, chat and blog can be found at the GamesDay Page.

On our third web day we have a focus on the latest development technologies on the web. We will show data mining technologies, usability approaches and especially various client facing technologies. Microsoft will present Silverlight and Adobe will do the same with Flex and Air. Last but not least deployement and maintenance of web apps will be discussed. Colleagues from the faculty for audio-visual technology will present a collaborative 3D site based on Adobe Air.

	Note
	30.5.2008, 9.00, room 011 (audimax), WebDeveloper Day at HDM Nobelstrasse 10. Open to the public and free of charge. You can find directions to HDM at the HDM homepage . Agenda and url for live stream and chat can be found at the WebDeveloper Day Page.

Few programmers are aware that API design really is user interface design. And few know some basic rules on API design like minimal interfaces etc. Here is some information extracted from an excellent article in QUEUE (the ACM magazine).

After the freeway killing: are you scared about driving below highway bridges? Do you think about the incident while driving? How rational is this behavior? How natural? Read about surprising ways our stone-age brain does risk assessment and take a look at some real risks.

I have read those specs recently and I do not really understand them well. Read my objections and tell me where I am wrong. I will discuss both later in detail..

This is a discussion of a very interesting paper by Reiner Hartenstein, TU Kaiserslautern, on the success of FPGAs and the problems of programming configurable hardware. He describes the benefits of configuration (improvement of the von Neumann Architecture) and we software people understand the problems of it by now as well (;-). At least in software there is a trend back from configuration to more flexible programming languages.

I found the article in the book "nature based computing" which I had ordered for distibuted systems in the winter term. There are quite a number of nice papers, e.g. on hardware architecture, statistical methods and swarm computing.

Thanks to input from Roger Stampfli I was able to assemble a nice collection of papers and videos on the current crisis. It is actually quite frightening to realize how badly the bankers and brokers have been gambling and how badly the national banks are now reacting by printing ever more money. Being a fan of cybernetics it looks to me as if the abuse of the financial systems is now threatening the whole. This crisis could start the end of capitalism. But will it change back to a state-run bureaucracy that has already once shown that it does not work? Or will it change to something better?

Is an earthquake really a military and security problem? Questions about the securitization of a human catastrophy. From New Orleans to Haiti: the world as a military-industrial opportunity.

A few comments on Facebook scalability benchmarking.

Just a few thoughts and links on empirical validation of statements in software development, the philosophy of science and how to tackle the causality problem.

Technical experts from IBM will give an overview on current trends and developments in computer science and information technology. If you are thinking about using a compute cloud for your latest social network software or are plagued by documentation problems in multi-tier architectures: The experiences from current IT projects might help explain the advantages and problems of new developments. Visitors will get a realistic view on the use of IT-technology in complex business environments.

	Note
	Feel free to join us at this (free) event. If you can't be here in person you might want to watch the IBM Day at http://days.mi.hdm-stuttgart.de. Live-Stream and Live-Chat are available. Friday, 18.12.2009, 14:00 Uhr - 18:30 Uhr, room 65 Hochschule der Medien, Nobelstrasse 10, Stuttgart Directions

A few notes on our attempt to defend computer games, including the presentation to media and network specialists in Bartholomä

There is no end to the changes brought by web and internet to our society. For a while it looked like interaction would move completely into social networks and virtual worlds. Now it looks like a host of new social instruments are being created in the real world - of course with heavy backing by Web2.0 driven collaboration software. Meet bibcamps, breedcamps etc., discuss the current state of blogging and its political relevance or see visionary business ideas like publishing pipelines or methods for identity in the web. Like the Web Days before this one will include both technical and social topics and there will be ample opportunity to discuss the future of the web and the internet. And there is lots to talk about like pressure from social networks on members, attempts to regulate the internet by governments or providers and so on.

	Note
	20. November 2009, 14.00 Uhr at Hochschule der Medien Stuttgart, Nobelstrasse 10, 70569 Stuttgart, room 056 (Aquarium). The event is open to the interested public and free of charge. Agenda, live-stream and chat are available on the Web Day Homepage .

Why does it take a guy from the netherlands to ask the right questions in Germany? And yould you have heard about this without social networks? And learn about the censorship by "super-injunction" in Britain: the Guardian-Trafigura case . Note that those are rare exceptions in a profession suffering from "Berlusconization".

Learn how large-scale Massively-Multiplayer Online Games (MMOGs) work, how games get developed and how game technology is successfully used in research and the industry. Enjoy game demonstrations and competitions and discussions with gamers and game developers.

	Note
	30. Oktober 2009, 14.15 Uhr at Hochschule der Medien Stuttgart, Nobelstrasse 10, 70569 Stuttgart, room 056 (Aquarium). The event is open to the interested public and free of charge. Live-stream and live-chat are available on the Gamesday Homepage .

A few comments on privacy control, faultless software and self-testing applications from the latest issue of the computer magazine.

A good german book on surveillance and overboarding security in Germany. Emphasizes the importance of the legal system as a defender of civil and public rights in the area of security privatization.

At least if you believe in Tom DeMarcos second thoughts on his earlier statements on measurement and control in software projects. An ex- control freak gone soft over the years or a necessary correction?.

A real explanation of the reasons behind insecure software based on an article by Raymond Chen of Microsoft and last years black hat conference talk on Vista security by Sotirov et.al. Backward compatibility kills new security features. But e.g. the Windows business model absolutely relies on backward compatibility: who would buy a new Windows if the old programs do no longer run. And why do the other software companies shun free updates of their software? Read on.

BW-Test, a non-profit organization working on quality improvement in software development has invited Karl Klink, former head of the VSE operating system development at IBM and well known quality and test specialist. From his vast experience in building complex software systems he is also aware of the necessary social and organizational skills to turn testing into a core discipline of software development. Karl Klink is also a lecturer at the computer science and media faculty at HDM.

	Note
	The BW-Test meeting will take place 16. Juli at HDM Stuttgart, 18.00-20.00 room 056. It is open to the public and free of charge but a short registration is requested. Please use the links above to register.

Our computer science and media faculty will present student projects like semsix and many others ranging from cryptography to web applications and experimental prototypes. And of course all other faculties will be present too.

The stream is now available at mms://stream.mi.hdm-stuttgart.de/linuxday09. Viewable with Media Player (Sessions selectable) oder VLC Media Player. Formats: ASF, OGG. Firefox 3.5 can show OGG directly with the new HTML 5 video tag. Watch the talk "keep the web open" to see the new features in action at http://archiv.linux-day.de/linuxday09-3-mozilla-tech.ogg

The current way to specify requirements creates "inverse problem specifications" - a rather costly and slow way to pose a problem. It works backward from a given solution and needs to find the correct input parameters by tedious approximation. A nice theoretical argument for agile project management where business and IT together create requirements.

Short notes on the new book from Oreilly. Good articles on various kinds of architectures..

As the next girlsday is approaching fast I have collected some ideas and results from our last girlsday. Learn about what works and what doesn't. (in german)

How browsers could defend user data and actions based on what they know about communication and presentation. A short into to Bastian Zimmermans thesis on client-side security in browsers and some project ideas. (in german)

Some reflections on the current state of IT. Is change management social engineering and manipulation? Is ITIL the Maxwell Demon for the enterprise? A few critical statements on control by information processing.

How come that the closer computer animated characters get to reality, the harder it is sometimes for the player to experience complete immersion? Valentin Schwind describes the "uncanny valley" effect in his thesis (with Norman Pohl) on the modeling of Sophie Faber, main game character in the adventure game "Die Stadt Noah". I show some pictures from the various stages of production and add some thoughts on why our brain seems to be so picky about "realistic characters".

Logging and log analysis has plagued me frequently in the past. The excellent thesis by Michael Zender, supervised by my colleague Raju Varghese at UBS AG, offers an interesting and very usable solution to achieve a typed log statements and automatic report generation.

An inspiring talk by Richard Gabriel on ultra-large scale, self-sustaining systems and a few thoughts on computing beyond human and turing machines (aka: Digital Evolution and Hypercomputation). Crazy but interesting stuff.

A good overview paper from enisa on the dangers in virtual worlds with the title "Virtual Worlds, Real Money". Good links on various attacks and countermeasures. Let's one speculate about the realtion between virtual and real worlds. Lists several types of VW and compares core features. Discusses automated attacks, social engineering and many other forms of abuse and misbehavior and the respective technical or legal reactions.

The web based support page for our upcoming book on "Sichere Systeme" is growing. I added a link on multitenant security in a SaaS (Software as a Service) environment and a tip from Thomas Reuter on demonstration software for web based attacks (in PHP). I am thinking about a piece on Telekom-Security failures but I have to admit that I kind of lost the overview (see Heise news article) on what they lost when and how. I just noticed that I cannot find information on who did the programming. The last time (good old OBSOC) it was done by Microsoft professional services for the enterprise. Now the T-Systems data center claims the customer (telecom) to be responsible for bad adminsitration of their multitenant application. But did the application support many tenants in a correct way?

Students interested in mulit-core CPU desing and applications (like cell-clusters) should not miss this opportunity at the joint Fraunhofer and IBM workshop in Kaiserslautern. Multi-core is one of THE big topics of the future and it raises very intersting questions about concurrency and performance..

And just at the right time: system security is slowly getting more attention with google and microsoft trying new browser architectures. The book covers a lot of critical areas: usability, attacks, platform security and frameworks, browser archtictectures etc. I will also post links to papers and thesis work from HDM people. We had some good work recently on concurrency, anonymity, tainting and Sel4. And we managed to get a guest author: Fred Spiessens wrote a chapter on a langauage and model checker for capability systems. Scoll and Scollar are now an open source projects.

Take a look at an amazing new portal site for IT-interested people. Excellent articles and videos from on of the makers of theserverside.com.

Lidl and Co. - is security making our life better or worse? Who wins, who loses? And how do we deal with risk in general. If you want to learn more about the psychology, sociology and technology of risk and security, this is your day. An excellent panel of speakers will take you on a tour around all aspects of security and risk. From the underground economy and abuse of systems to the dangers of total control, mixed with concepts and tools for anonymity or safer e-commerce. And at the beginning we will take a view on the history and social evolution of risk and its assessment.

	Note
	25.4.2008, 9.00, room 011 (audimax), Security Day at HDM Nobelstrasse 10. Open to the public and free of charge. You can find directions to HDM at the HDM homepage . Agenda, url for live stream and chat can be found at the Security Day Page.

There is a clear pressure on the software industry towards better quality software. Testing is becoming a core competence for developers too who need to learn a test-driven software production process. And architects need to understand what applications have to provide to make testing easier. Model-driven development and testing are core technologies here.

Meet industry specialists and learn about test methodologies, procedures and real world tools to test web-based and other software.

	Note
	Test and Quality Day at HDM, 11.04.2008, 9.00 room 56 at Nobelstrasse 10, Stuttgart. Live stream and chat channel are provided. Please see the HDM homepage for agenda and travel info.

The Computer Science and Media faculty at HDM is one of the few universities in the world that has IBMs blessing to teach this special methodology. It has its roots in the Global Services Method and the Rational Unified Process Methodology. In its fifth installment Bernard Clark, Senior IT Architect and Managing Consultant at IBM GBS and University Ambassador for HDM will cover new channels and media in the financial industry. Governance, service-orientation etc. will be big topics of the workshop as well. Particpants will learn the continuous refinement of visions to tractable models and methods.

	Note
	Starting Friday 28.4.08, 9.00 at HDM Nobelstrasse 10, room 041. Contact me if you want to attend.

Only a short reminder that parser generation toolkits exist (like Antlr) and that they should be used for reasons of quality and maintenance. And a mentioning of the second edition of Wirths book on compiler construction which is just unbelievably well written - in case you need to stock up on compiler technology and are too shy for the 1000+ pages of the dragon book. Go get Wirths book! At 24 Euro this is a bargain!.

I had lots of fun lately with an issue of cryptogramm. Schneier mentioned an article that described the patterns of explanation used by criminal profilers as cold reading patterns. In other words: language pattens destined to create vagueness and to avoid being caught with a wrong statement? Who would have thought that profilers use those?

We will have four days in the (short) summer term. Testing of web applications, of open source programs, test methodology, risk assessment and psychology, forensics and industrial espionage, the latest in web development frameworks and tools and last but not least the development of games and the communities supporting them. These are all topics in the upcoming Days.

	Note
	If you are working on something in those areas, perhaps just about ready to finish your thesis, or you are an industry-specialist in those areas. Please get in touch with me if you would like to participate.