Note

More information from my blog entries can be reached via the left navigation links.

Security

Ways to exploit online games, more...

I just got through the book by McGraw and Hoglund on "exploiting online games - cheating massively distributed systems". I've tried to extract the most important attack vectors because I found the book rather verbose. And don't expect much "distributed". Most of the attacks discussed are purely local exploits of the game client. But the threat model is quite interesting: The server side needs to trust the game client while being aware that it might be under control of the attacker - so it uses heuristics to find out about the manipulations. This is not a scenario that most business e-services would survive...

Security Enhanced Linux

Security Enhanced Linux is NSA's open source version of a better Linux. The work on SELinux has taken many years (some aspects of the implementation look a bit old-style) but it is an interesting approach towards better host based security.

The following is based on the excellent book about SELinux by Bill Mccarty and concentrates on the concepts behind SELinux and its implementation.

Security Improvements to the Windows Platform

Can the security of a local system be achieved through collaborative services? And what is the price you have to pay for it in the long run? A few comments on Bill Gates talk at the RSA 2005.

Are security laws "immutable"?

and why would somebody say so? A short bit on so called "immutable laws" of security proposed by Microsoft guys. I've used structural text analysis methods to uncover the assumptions behind. It's the typical MS argumentation: the operating system is OK. Systems can't be safe against malware. It has nothing to do with architecture. And it's the users fault anyway.

Internet Technologies

Site Hosting

A few diagrams on how to setup DSL etc.

Web Usability

The web ain't no MS Windows. Users, groups and behavior.

How Information finds me

Explains how to find information (with links to interesting sites)

Social Systems

Social Intelligence and Social Computers - the future of Computer Science, more...

Inspired by swarm intelligence, human centric computing and the general fear of all things social a short piece on why intelligence is socially based, what kind of role the Internet plays in fostering this type of intelligence and who the enemies are. Includes a discussion of Shirky's "here comes everybody".

Software and Other Patents - new monopolies and whom they serve

On the danger of software patents in a digital world. And who gets the benefits.

What makes good students in computer science?

How to organize a girlsday in computer science,...

As the next girlsday is approaching fast I have collected some ideas and results from our last girlsday. Learn about what works and what doesn't. (in german)

Theory

Sometimes we can't do it (or not?): Computability, Turing, Eliza and Peter Wegners Interaction Machines

I started writing on this "trend" but it got too big for the blog. Find the small article here

IT Today - technical, social and organizational aspects

Politics (some in German)

A few political thoughts sometimes expressed in my mother tongue

Deutsche Uni

Gute oder schlechte Uni? Komische Vergleiche mit USA und das andauernde Aushungern durch die Politik.

Konservativ sein

Über die Ausnutzbarkeit des Wertkonservativen Denkens

Political Patterns

Learn the political mechanisms (e.g. how to introduce unpopular things).

Usability and Security

My friend Roland Schmitz and myself have written an article on the relation between usability and security for <KES> magazine. It speculates on user interface design in a world of reduced authority compared to the typical windows style of ambient authority. Usability and Security (in German) as part of the BSI forum.

Advanced Enterprise Portals

This paper resulted from building a large scale enterprise portal for a major bank. It covers performance aspects (caching, request handling, Java problems) as well as architectural issues (fragment architecture, data-warehouse connection, personalization and rule engine integration). Quite technical. 100+ pages.

Is there more to user interface design than Model-View-Controller, more...?

Looks like our usability workshop was quite a success. Here are some ideas about what could be done to improve developer awareness. In the summer term we will make a workshop on usability in mobile computing. Contact me if you'd like to present something.

Frameworking and Development

This paper resulted from building a large object-oriented framework. It covers CORBA, OO, SGML, Domain Analysis, Design Patterns, C++ specialties, automated builds and last but not least social issues of replacing an existing system. It was probably the first attempt to combine object technology with descriptive techniques like SGML in Europe. 150+ pages in German!.

Large Scale System Architecture

This paper was an attempt to apply lessons learnt from a large scale framework project to banking projects of different size. OOPSLA97 paper.

Social Structures

Sometime projects need a while to get over them (;-). The framework project above was one of those. When Bernhard (who was also working on this project) and myself couldn't stop talking about it even more than a year after we had left the company we decided to write about our experiences - especially about the conflicts between the developers of the first releases of the software and us - coming late into the game and trying to re-design the software completely.

We've learned a lot from this exercise: about differences in social behavior between the groups, about the terrible effects of re-inforcing technical differences through social differences and that there is no "better" technology that one is forced to accept. We've also presented our findings during two events at the University of Freiburg, department for computer science and society, Prof. Britta Schinzel. 30+ pages in German!.

Media and Virtual Worlds

Virtual Worlds - Party or Content, more..

http://www.hdm-stuttgart.de/multimedial/secondlifeThe presentation of the HDM media jungle raised some heated discussions on design, goals and content (or its lack of). But do we know the language and rules of virtual worlds yet? On growing pains of technologies and media channels.

Secondlife - making the virtual life work like real life

Secondlife is just like Digital Restriction Management - a backward view on the possibilities of "being digital". It is important to separate the centralized business model from the the technical and social opportunities of virtual worlds. Are there distributed alternatives? SeeOpenCroquet Article from Heise News.

Simple Mind - a federated repository

While working on the development environment for a distributed infrastructure for a large bank I've started to write down some requirements for a meta-data repository that would be able to hold the development artifacts and ttheir dependencies - both for development and runtime purposes. This would finally lead to a more flexible environment and also support generative computing better. Currently no repository exists that would fit the bill here. 10+ pages .

Operating Systems

Back to the Mainframes

Reasons why mainframes are more important than ever

Information re-use with SGML

Around 1995 SGML became an important topic for me as a tool for system configuration and generic computing. When I started working for larger banks I learned about the general qualities of a markup language, e.g. to support the re-use of information. That's when I started teaching first SGML (1996) and later in 1997 and 1998 XML. XML Event with Adam Rifkin and Rohit Khare 10+ pages .