Search Results: "wiene"

10 May 2020

Russ Allbery: Review: Golden Gates

Review: Golden Gates, by Conor Dougherty
Publisher: Penguin
Copyright: 2020
ISBN: 0-525-56022-X
Format: Kindle
Pages: 249
This review, for reasons that will hopefully become clear later, starts with a personal digression. I have been interested in political theory my entire life. That sounds like something admirable, or at least neutral. It's not. "Interested" means that I have opinions that are generally stronger than my depth of knowledge warrants. "Interested" means that I like thinking about and casting judgment on how politics should be done without doing the work of politics myself. And "political theory" is different than politics in important ways, not the least of which is that political actions have rarely been a direct danger to me or my family. I have the luxury of arguing about politics as a theory. In short, I'm at high risk of being one of those people who has an opinion about everything and shares it on Twitter. I'm still in the process (to be honest, near the beginning of the process) of making something useful out of that interest. I've had some success when I become enough a part of a community that I can do some of the political work, understand the arguments at a level deeper than theory, and have to deal with the consequences of my own opinions. But those communities have been on-line and relatively low stakes. For the big political problems, the ones that involve governments and taxes and laws, those that decide who gets medical treatment and income support and who doesn't, to ever improve, more people like me need to learn enough about the practical details that we can do the real work of fixing them, rather than only making our native (and generally privileged) communities better for ourselves. I haven't found my path helping with that work yet. But I do have a concrete, challenging, local political question that makes me coldly furious: housing policy. Hence this book. Golden Gates is about housing policy in the notoriously underbuilt and therefore incredibly expensive San Francisco Bay Area, where I live. I wanted to deepen that emotional reaction to the failures of housing policy with facts and analysis. Golden Gates does provide some of that. But this also turns out to be a book about the translation of political theory into practice, about the messiness and conflict that results, and about the difficult process of measuring success. It's also a book about how substantial agreement on the basics of necessary political change can still founder on the shoals of prioritization, tribalism, and people who are interested in political theory. In short, it's a book about the difficulty of changing the world instead of arguing about how to change it. This is not a direct analysis of housing policy, although Dougherty provides the basics as background. Rather, it's the story of the political fight over housing told primarily through two lenses: Sonja Trauss, founder of BARF (the Bay Area Renters' Federation); and a Redwood City apartment complex, the people who fought its rent increases, and the nun who eventually purchased it. Around that framework, Dougherty writes about the Howard Jarvis Taxpayers Association and the history of California's Proposition 13, a fight over a development in Lafayette, the logistics challenge of constructing sufficient housing even when approved, and the political career of Scott Wiener, the hated opponent of every city fighting for the continued ability to arbitrarily veto any new housing. One of the things Golden Gates helped clarify for me is that there are three core interest groups that have to be part of any discussion of Bay Area housing: homeowners who want to limit or eliminate local change, renters who are vulnerable to gentrification and redevelopment, and the people who want to live in that area and can't (which includes people who want to move there, but more sympathetically includes all the people who work there but can't afford to live locally, such as teachers, day care workers, food service workers, and, well, just about anyone who doesn't work in tech). (As with any political classification, statements about collectives may not apply to individuals; there are numerous people who appear to fall into one group but who vote in alignment with another.) Dougherty makes it clear that housing policy is intractable in part because the policies that most clearly help one of those three groups hurt the other two. As advertised by the subtitle, Dougherty's focus is on the fight for more housing. Those who already own homes whose values have been inflated by artificial scarcity, or who want to preserve such stratified living conditions as low-density, large-lot single-family dwellings within short mass-transit commute of one of the densest cities in the United States, don't get a lot of sympathy or focus here except as opponents. I understand this choice; I also don't have much sympathy. But I do wish that Dougherty had spent more time discussing the unsustainable promise that California has implicitly made to homeowners: housing may be impossibly expensive, but if you can manage to reach that pinnacle of financial success, the ongoing value of your home is guaranteed. He does mention this in passing, but I don't think he puts enough emphasis on the impact that a single huge, illiquid investment that is heavily encouraged by government policy has on people's attitude towards anything that jeopardizes that investment. The bulk of this book focuses on the two factions trying to make housing cheaper: Sonja Trauss and others who are pushing for construction of more housing, and tenant groups trying to manage the price of existing housing for those who have to rent. The tragedy of Bay Area housing is that even the faintest connection of housing to the economic principle of supply and demand implies that the long-term goals of those two groups align. Building more housing will decrease the cost of housing, at least if you build enough of it over a long enough period of time. But in the short term, particularly given the amount of Bay Area land pre-emptively excluded from housing by environmental protection and the actions of the existing homeowners, building more housing usually means tearing down cheap lower-density housing and replacing it with expensive higher-density housing. And that destroys people's lives. I'll admit my natural sympathy is with Trauss on pure economic grounds. There simply aren't enough places to live in the Bay Area, and the number of people in the area will not decrease. To the marginal extent that growth even slows, that's another tale of misery involving "super commutes" of over 90 minutes each way. But the most affecting part of this book was the detailed look at what redevelopment looks like for the people who thought they had housing, and how it disrupts and destroys existing communities. It's impossible to read those stories and not be moved. But it's equally impossible to not be moved by the stories of people who live in their cars during the week, going home only on weekends because they have to live too far away from their jobs to commute. This is exactly the kind of politics that I lose when I take a superficial interest in political theory. Even when I feel confident in a guiding principle, the hard part of real-world politics is bringing real people with you in the implementation and mitigating the damage that any choice of implementation will cause. There are a lot of details, and those details matter. Without the right balance between addressing a long-term deficit and providing short-term protection and relief, an attempt to alleviate unsustainable long-term misery creates more short-term misery for those least able to afford it. And while I personally may have less sympathy for the relatively well-off who have clawed their way into their own mortgage, being cavalier with their goals and their financial needs is both poor ethics and poor politics. Mobilizing political opponents who have resources and vote locally isn't a winning strategy. Dougherty is a reporter, not a housing or public policy expert, so Golden Gates poses problems and tells stories rather than describes solutions. This book didn't lead me to a brilliant plan for fixing the Bay Area housing crunch, or hand me a roadmap for how to get effectively involved in local politics. What it did do is tell stories about what political approaches have worked, how they've worked, what change they've created, and the limitations of that change. Solving political problems is work. That work requires understanding people and balancing concerns, which in turn requires a lot of empathy, a lot of communication, and sometimes finding a way to make unlikely allies. I'm not sure how broad the appeal of this book will be outside of those who live in the region. Some aspects of the fight for housing generalize, but the Bay Area (and I suspect every region) has properties specific to it or to the state of California. It has also reached an extreme of housing shortage that is rivaled in the United States only by New York City, which changes the nature of the solutions. But if you want to seriously engage with Bay Area housing policy, knowing the background explained here is nearly mandatory. There are some flaws I wish Dougherty would have talked more about traffic and transit policy, although I realize that could be another book but this is an important story told well. If this somewhat narrow topic is within your interests, highly recommended. Rating: 8 out of 10

13 December 2013

Gerfried Fuchs: [dunkelbunt]

Tuesday was a really nice evening. A few weeks ago I found a poster about the concert of [dunkelbunt], and got my ticket only on monday. I was told by the ticket sellers that they still have plenty left. In the end when I turned up at the event at tuesday though the concert hall was fully packed with people and I was told that it actually was sold out. There wasn't much place inside the hall left, so I mostly stood in the doorway to the bar area and enjoyed the music from there. If you listen to their songs you might get an idea why the music catched me and I started to let the music move my body, literally. It's a great feeling after a tough day, and there were some other nice people around which let the same happen to them so it did feel less awkward for me. Anyway, if you want to find out if their music can do the same to you, here are some songs to listen to: Enjoy!

/music permanent link Comments: 1 Flattr this

1 November 2011

Vincent Bernat: SSL computational DoS mitigation

Some days ago, a hacker group, THC, released a denial of service tool for SSL web servers. As stated in its description, the problem is not really new: a complete SSL handshake implies costly cryptographic computations. There are two different aspects in the presented attack:

Mitigation techniques There is no definitive solution to this attack but there exists some workarounds. Since the DoS tool from THC relies heavily on renegotiation, the most obvious one is to disable this mechanism on the server side but we will explore other possibilities.

Disabling SSL renegotiation Tackling the second problem seems easy: just disable SSL renegotiation. It is hardly needed: a server can trigger a renegotiation to ask a client to present a certificate but a client usually does not have any reason to trigger one. Because of a past vulnerability in SSL renegotiation, recent version of Apache and nginx just forbid it, even when the non-vulnerable version is available. openssl s_client can be used to test if SSL renegotiation is really disabled. Sending R on an empty line trigger renegotiation. Here is an example where renegotiation is disabled (despite being advertised as supported):
$ openssl s_client -connect www.luffy.cx:443 -tls1
[...]
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
[...]
R
RENEGOTIATING
140675659794088:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591:
Disabling renegotation is not trivial with OpenSSL. As an example, I have pushed a patch to disable renegotiation in stud, the scalable TLS unwrapping daemon.

Rate limiting SSL handshakes Disabling SSL renegotiation on the client side is not always possible. For example, your web server may be too old to propose such an option. Since those renegotiations should not happen often, a workaround is to limit them. When the flaw was first advertised, F5 Networks provided a way to configure such a limitation with an iRule on their load-balancers. We can do something similar with just Netfilter. We can spot most TCP packets triggering such a renegotiation by looking for encrypted TLS handshake record. They may happen in a regular handshake but in this case, they usually are not at the beginning of the TCP payload. There is no field saying if a TLS record is encrypted or not (TLS is stateful for this purpose). Therefore, we have to use some heuristics. If the handshake type is unknown, we assume that this is an encrypted record. Moreover, renegotiation requests are usually encapsulated in a TCP packet flagged with push .
# Access to TCP payload (if not fragmented)
payload="0 >> 22 & 0x3C @ 12 >> 26 & 0x3C @"
iptables -A LIMIT_RENEGOCIATION \
    -p tcp --dport 443 \
    --tcp-flags SYN,FIN,RST,PSH PSH \
    -m u32 \
    --u32 "$payload 0 >> 8 = 0x160300:0x160303 && $payload 2 & 0xFF = 3:10,17:19,21:255" \
    -m hashlimit \
    --hashlimit-above 5/minute --hashlimit-burst 3 \
    --hashlimit-mode srcip --hashlimit-name ssl-reneg \
    -j DROP
The use of u32 match is a bit difficult to read. The manual page gives some insightful examples. $payload allows to seek for the TCP payload. It only works if there is no fragmentation. Then, we check if we have a handshake (0x16) and if we recognise TLS version (0x0300, 0x0301, 0x0302 or 0x0303). At least, we check if the handshake type is not a known value. There is a risk of false positives but since we use hashlimit, we should be safe. This is not a bullet proof solution: TCP fragmentation would allow an attacker to evade detection. Another equivalent solution would be to use CONNMARK to record the fact the initial handshake has been done and forbid any subsequent handshakes. If you happen to disable SSL renegociation, you can still use some Netfilter rule to limit the number of SSL handshakes by limiting the number of TCP connections from one IP:
iptables -A LIMIT_SSL \
    -p tcp --dport 443 \
    --syn -m state --state NEW \
    -m hashlimit \
    --hashlimit-above 120/minute --hashlimit-burst 20 \
    --hashlimit-mode srcip --hashlimit-name ssl-conn \
    -j DROP
Your servers will still be vulnerable to a large botnet but if there is only a handful of source IP, this rule will work just fine1. I have made all those solutions available in a single file.

Increasing server-side power processing SSL can easily be scaled up and out. Since SSL performance increases linearly with the number of cores, scaling up can be done by throwing in more CPU or more cores per CPU. Adding expensive SSL accelerators would also do the trick. Scaling out is also relatively easy but you should care about SSL session resume.

Putting more work on the client side In their presentation of the denial of service tool, THC explains:
Establishing a secure SSL connection requires 15 more processing power on the server than on the client.
I don t know where this figure comes from. To check it, I built a small tool to measure CPU time of a client and a server doing 1000 handshakes with various parameters (cipher suites and key sizes). The results are summarized on the following plot: Plot to compare computational power required by servers and clients For example, with 2048bit RSA certificates and a cipher suite like AES256-SHA, the server needs 6 times more CPU power than the client. However, if we use DHE-RSA-AES256-SHA instead, the server needs 34% less CPU power. The most efficient cipher suite from the server point of view seems to be something like DHE-DSS-AES256-SHA where the server needs half the power of the client. However, you can t really uses those shiny cipher suites:
  1. Some browsers do not support them: they are limited to RSA cipher suites2.
  2. Using them will increase your regular load a lot. Your servers may collapse with just legitimate traffic.
  3. They are expensive for some mobile clients: they need more memory, more processing power and will drain battery faster.
Let s dig a bit more on why the server needs more computational power in the case of RSA. Here is a SSL handshake when using a cipher suite like AES256-SHA: SSL full handshake When sending the Client Key Exchange message, the client will encrypt TLS version and 46 random bytes with the public key of the certificate sent by the server in its Certificate message. The server will have to decrypt this message with her private key. Those are the two most expensive operations in the handshake. Encryption and decryption are done with RSA (because of the selected cipher suite). To understand why decryption is more expensive than encryption, let me explain how RSA works. First, the server needs a public and a private key. Here are the main steps to generate them:
  1. Pick two random distinct prime numbers p and q , each roughly the same size.
  2. Compute n=pq . It is the modulus.
  3. Compute \varphi(n)=(p-1)(q-1) .
  4. Choose an integer e such that 1<e<\varphi(n) and \gcd(\varphi(n),e) = 1 (i.e. e and \varphi(n) are coprime). It is the public exponent.
  5. Compute d=e^ -1 \mod\varphi(n) . It is the private key exponent.
The public key is (n,e) while the private key is (n,d) . A message to be encrypted is first turned into an integer m<n (with some appropriate padding). It is then encrypted to a ciphered message c with the public key and should only be decrypted with the private key:
  • c=m^e\mod n (encryption)
  • m=c^d\mod n (decryption)
So, why is decryption more expensive? In fact, the key pair is not really generated like I said above. Usually, e is a small fixed prime number with a lot of 0, like 17 (0x11) or 65537 (0x10001) and p and q are choosen such that \varphi(n) is coprime with e . This allows encryption to be fast using exponentiation by squaring. On the other hand, its inverse d is a big number with no special property and therefore, exponentiation is more costly and slow. Instead of computing d from e , it is possible to choose d and compute e . We could choose d to be small and coprime with \varphi(n) and then compute e=d^ -1 \mod\varphi(n) and get blazingly fast decryption. Unfortunately, there are two problems with this: Therefore, we cannot use a small private exponent. The best we can do is to choose the public exponent to be e =4294967291 (the biggest prime 32bit number and it contains only one 0). However, there is no change as you can see on our comparative plot. To summarize, no real solution here. You need to allow RSA cipher suites and there is no way to improve the computational ratio between the server and the client with such a cipher suite.

Things get worse Shortly after the release the denial of service tool, Eric Rescorla3 published a good analysis on the impact of such a tool. He asks himself about the efficiency to use renegotiation for such an attack:
What you should be asking at this point is whether a computational DoS attack based on renegotiation is any better for the attacker than a computational DoS attack based on multiple connections. The way we measure this is by the ratio of the work the attacker has to do to the work that the server has to do. I ve never seen any actual measurements here (and the THC guys don t present any), but some back of the envelope calculations suggest that the difference is small. If I want to mount the old, multiple connection attack, I need to incur the following costs:
  1. Do the TCP handshake (3 packets)
  2. Send the SSL/TLS ClientHello (1 packet). This can be a canned message.
  3. Send the SSL/TLS ClientKeyExchange, ChangeCipherSpec, Finished messages (1 packet). These can also be canned.
Note that I don t need to parse any SSL/TLS messages from the server, and I don t need to do any cryptography. I m just going to send the server junk anyway, so I can (for instance) send the same bogus ClientKeyExchange and Finished every time. The server can t find out that they are bogus until it s done the expensive part. So, roughly speaking, this attack consists of sending a bunch of canned packets in order to force the server to do one RSA decryption.
I have written a quick proof of concept of such a tool. To avoid any abuse, it will only work if the server supports NULL-MD5 cipher suite. No sane server in the wild will support such a cipher. You need to configure your web server to support it before using this tool. While Eric explains that there is no need to parse any SSL/TLS messages, I have found that if the key exchange message is sent before the server send the answer, the connection will be aborted. Therefore, I quickly parse the server s answer to check if I can continue. Eric also says a bogus key exchange message can be sent since the server will have to decrypt it before discovering it is bogus. I have choosen to build a valid key exchange message during the first handshake (using the certificate presented by the server) and replay it on subsequent handshakes because I think the server may dismiss the message before the computation is complete (for example, if the size does not match the size of the certificate). With such a tool and 2048bit RSA certificate, a server is using 100 times more processing power than the client. Unfortunately, this means that most solutions, except rate limiting, exposed on this page may just be ineffective.

  1. However, since this rule relies on source IP to identify the attacker, the risk of false positive is real. You can slow down legitimate proxies, networks NATed behind a single IP, mobile users sharing an IP address or people behind a CGN.
  2. Cipher suites supported by all browsers are RC4-MD5, RC4-SHA and 3DES-SHA. Support for DHE-DSS-AES256-SHA requires TLS 1.2 (not supported by any browser).
  3. Eric is one of the author of several RFC related to TLS. He knows his stuff.

5 March 2011

John Goerzen: Visiting Purdue

Terah went to college at Purdue University, and always enjoyed basketball games there. I ve not been much of a sports fan, but have enjoyed watching Purdue games with her on TV. Terah has been wanting to see a game in person for awhile, so a couple of weeks ago, we went. It was a really fun weekend! When we planed the trip, we had no idea that the Purdue-Ohio State game was going to be such a big one. We walked over from the Union Club Hotel where we were staying on the Purdue campus. People were streaming towards Mackey Arena from all directions. Once inside, it was already loud and buzzing people cheering, the band playing. I ve never experienced anything quite so loud. The game started out badly for Purdue; they were down a few points up front. The entire game was a close one, and the crowd sometimes got so loud that nothing else could be heard not even the band or the announcer. When it became clear at the end that Purdue won the game, the people behind me and apparently 12,000 others began screaming at the top of their lungs. My hearing did eventually return to normal. So did my throat, which had gotten rather sore from from cheering myself. This was our first road trip since I got my amateur radio license. I had a lot of fun visiting with people as we drove. I talked to a retired railroad engineer that used to take an amateur radio with him in his locomotive. As he went through a certain town where he had friends he liked to talk with on the radio, he d get their attention by blowing CQ in Morse code with the train s whistle. Some people in Kansas City had us laughing as we passed through. In Missouri, I talked with some farmers and a World War II vet. In Champaign, IL, I visited with a retired Unix systems administrator that had spent decades working with Unix operating systems. Our hotel was connected to the Purdue Memorial Union, a large and historic building. Besides having some ice cream at the Sweet Shop one evening, we also spent a bit of time exploring it. I noticed that the Purdue Amateur Radio Club was having a testing session in there. We walked past once it was underway, and one of the students was not very busy. I introduced myself and asked if we could see their shack. It was neat to see all the equipment some of it quite old in the room that they must have been using for decades. Terah, of course, had ideas for visiting a number of her favorite places while we were there. We visited Arni s and Bruno s, both pizza places. Bruno s happens to be a Swiss pizza place, so much to my surprise, I had Wienerschnitzel there, which was excellent. We ate a (week late) Valentine s dinner at Bistro 501. On our way back, we also chatted with various people on the radio, though not quite as much. We got helpful suggestions for which route to take, and stopped at the excellent Bobby D s Merchant St. BBQ in Emporia, KS for supper. The boys had also enjoyed their weekend with grandparents, but were glad to see us back. They were particularly interested to see a lot of train videos from Youtube with me the next day.

4 July 2010

Bernd Zeimetz: gimp-plugin-registry 3.5-1

During the last three months and since my last blog-post about gimp-plugin-registry a lot happened: Mainly a large number of new plugins was added, but also various enhancements and bugfixes went into the package, together with updates for various already included plugins. The GIMP screenshot with open FX-Foundry menu For those who don't know gimp-plugin-registry yet, it is a collection of scripts and plugins for The GIMP. The name is based on the webpage GIMP Plugin Registry, where most (new) plugins and scripts are listed. So far the package ships with 170 scripts/plugins. Most of the scripts are written in TinyScheme, but there are also several plugins in C or Python. Probably most noticeable is the inclusion of the GIMP FX Foundry, which is an awesome collection of 124 scripts. Below follows a list of all scripts and plugins as shown in the long description of the Debian package. New plugins are marked with a bold fontface. If there is any interest from other distributions to include the package, I'd be happy to help out to make an integration as easy as possible. The few interesting parts could be ripped out of debian/rules and shipped as a normal Makefile, so they could be used easily. More complicated is the generation of the package description and copyright information, but I guess instead of writing debian/coyright and debian/control, it should be possible to integrate the information into a rpm spec file template or similar files. So in case you're interested to port the package to Fedora, OpenSuSE or some other distribution, don't hesitate to contact me! The sources are available via git, see git.recluse.de for details. For wishes, suggestions and bug reports either use the Debian BTS or Launchpad. While I prefer bugs via the BTS, it might be easier for non-Debian users to file bugs in the Ubuntu Launchpad.

27 March 2010

John Goerzen: Trip part 4: Berlin

Note: this post was written on March 16 and posted after our return home. Also, I took no photos in Berlin, reasoning that I could leave my camera at the hotel so as to not worry about it, since I m sure there are enough photos of the Brandenburg Gate in the world already. Photos on this story only are from others. We ve had a good time in Berlin it s been adventurous to be out on our own in an unfamiliar city with an unfamiliar language, but has gone well. I feel that I m finally getting used to it a bit, and now tomorrow we move on to Leipzig. Stepping off the train at the Berlin Hauptbahnhof, and seeing all those people connecting to all those trains, I had a feeling of excitement: here is a grand train station that is actively used by so many people. I got a sense of what the beautiful and enormous Kansas City Union Station once felt like, I think; that station at its peak served almost the same number of people in a day at Berlin Hbf does.
(photo by eliotc) Stepping outside in the cold and snow to wait for our bus, I got the first sense that Berlin felt a bit more like an American city than did L beck: a beggar with a suspicious story was working the crowd with Speak English? (We saw many dressed similarly using the exact same tactic during our stay in Berlin.) Our bus ride to the hotel showed us some graffiti a fact of life in many cities in the USA too. Our hotel, the Circus, most definitely did not feel American. The staff was very friendly (I think I ve only seen that level of friendliness and helpfulness at one hotel in the USA: the Portland Doubletree). The room was small (which we expected) but very nice. There was a fresh flower waiting, and a whole printout of information with my name on it waiting in the room: info about the hotel, restaurant, and a multi-page history of this part of the city. They are very energy-conscious there. The hall lights automatically turn off, but you can touch your (apparently RFID-enabled) room card to any switch to turn them on for a few minutes. When in your room, you put your key card in a little holder that keeps it safe and enables the use of the lights. They don t put shampoo in the rooms, but have a selection free for the taking at the front desk: the rationale being that it generates waste when they have to replace it for people that don t need it replaced. They are very environmentally conscious with everything except the showerhead, which appears to use so much water that it would be illegal in the USA. Here s the obligatory surprising to an American comment about Germany: the complete lack of water drinking fountains. In the US, you can get a drink of water at any building of any size airports, train stations, museums, shopping centers, and also in many public places such as parks. I may have seen exactly one water fountain in the Hamburg airport, but that was it. It is odd given the general sense of environmentalism here that so much energy is being wasted on bottling water, not to mention the expense of having to pay for it all over the place. The bus ride to the hotel was interesting. I needed to buy two tickets from the bus driver. I didn t know the German word for ticket, so I just guessed and went with Zwei Ticket, bitte. Wohin? Rosenthaler Str. Then the price came up. I believe that was my first completely successful German-only conversation. (Most Germans hear a couple of words of mine and quickly switch at least partially to English, which probably gets things done a lot faster, and saves me embarrassment, but doesn t give me much chance to practice my German.) We ate dinner Monday night at the Hackesche H fe at Weihenstephaner, a Bavarian restaurant. It was a fun meal, and the tables were long and seated multiple parties. I tried out their special Bavarian beer, and of course had some Wienerschnitzel. I had noticed apple strudel on their website but not on their menu, so when it was time for dessert, I asked our waitress if they had apple strudel today. They did, and it was delicious. Tuesday began with a walk to the Pergamon Museum. From our hotel, this was a walk of about a mile. We had been introduced to excellent German bakeries during our time in L beck. So, since we hadn t had breakfast, when we spotted a bakery along the road, we went in. Terah got a croissant with chocolate on top, which turned out to also have chocolate inside. I found a couple of smaller rolls with various seeds and flavorings on top. All were excellent, and I believe we spent less than EUR 2 all together. We ate our breakfast of rolls as we walked towards the museum. It was a cold and somewhat windy morning, but it was also fun and exciting to be there. The Pergamon was quite the experience. The Pergamon Altar was the first large artifact we saw, and was particularly interesting given that I have recently read The Iliad and The Odyssey.
(photo by *hoodrat*) The Market Gate of Miletus was also impressive, but the true highlight has to be the Ishtar Gate and processional way. Wow. It was built in 575BC by King Nebuchadnezzar II, and importantly was built out of glazed tiles, so the original artwork, color and all, still survives. You can walk through the processional way and get the feeling of kings and armies proceeding there. Truly spectacular.
(photo by Rictor Norton & David Allen) After the Pergamon, we crossed a bridge to the east taking us off Museumsinsel (Museum Island). We walked down a quiet and somewhat forgotten back street and found a small restaurant for lunch. I had the Berlin Wurst , some excellent sausage with excellent and not-so-sour sauerkraut. Terah had some breakfast-type items with fruit. After that, we walked over to the famous Unter den Linden. It wasn t yet spring, so the scenery wasn t all that spectacular yet, but that and the light snow didn t stop the tourists, or the tacky tourist shops, which appear to be a universal global feature. ( Berlin flip-flops and t-shirts made in China, anyone?) The destination of all this walking was the Brandenburger Tor, the famous Berlin icon. The Brandenburg Gate was immense, and the sense of history of standing there was impressive.
(photo by Andrew Mason) We of course walked through the Brandenburg Gate on our way to the Bundestag, which we intended to tour. We didn t, though, due to the cold and very long line snaking out of the building. We then got on the train to Checkpoint Charlie. We saw the outdoor checkpoint still in the middle of the street. We intended to visit the museum Haus am Checkpoint Charlie, but was so packed that it was difficult to even get in the door. We stood in line to buy tickets for a few minutes, but made absolutely no progress; meanwhile, it appeared that an entire school group came in after us somehow and was also waiting to pay. So we decided to go see Schloss Charlottenburg instead.
(photo by Poom!) The Schloss (palace) was a baroque design, intended to impress visitors with the power and wealth of the owners. Only the old wing was open Tuesday, but we had about an hour and a half available to tour it: enough to see the whole thing, but not enough to linger and read all of the information. It was impressive and interesting. Particularly interesting was the chapel, which was this odd state/religion combination decorated both with sacred symbols as well as symbols of the king. After Charlottenburg, we had dinner at the Prussian Restaurant Marjellchen near the Savignyplatz S-bahn. We started with a smoked herring appetizer. Then I had the K nigsberg meatballs, and Terah had creamed ham. Both of us really enjoyed our meals, and Terah s reminded her of Verenike. Wednesday started with an early rise, then we went to Mauerpark to see a remnant of the Berlin Wall. I am glad to have seen it, and was a bit surprised with how small it was at that point compared to my expectations.
(photo by Eichental) Then we had a few minutes back in our hotel to munch on some rolls for breakfast; after that, it was off to the Hauptbahnhof for our train to Leipzig.

3 December 2009

Maximilian Attems: Vienna buying Office Licenses

When you just read the following sentence: "usage of a software, that can only be used together with the Internet Explorer". You already know the consequence that several hundreds Wienux boxes are gone.
Heavily disgusted by the waste of community money. The online local newspaper has a comment that seems quite to the point to me: "If as sysadmin you introduce Linux you'll be accounted for eventual failures, while with softies people just accept the shortcomings and won't blame you."
German source: Wiener Inkompetenz in IT Managment. P.S.: Wienux got setup by inexerienced people having no prior exposure to Open Source. The project setup included a calculated failure from the start.

7 December 2008

Biella Coleman: Nerds, Geeks, and Nerd/Geek Grrrls

I have not sat behind the helm of teaching for very long but I already have a few tricks up my sleeve. One of them is that I assign some of my favorite readings at the end of the semester so as to counter the downtrodden and tepid spirit and mood (not to mention attention) of my students, which drops precipitously with each passing day. Let’s face it post Thanksgiving, we are all a little tired and I try to find the readings, which uplift, intrigue, and challenge cherished assumptions about marriage and sex. So far it seems to pay off and I often can tell because the conversational pitch and excitement in class is high and the student writings are good, great, even exceptional, which, again, is hard to produce/induce this late in the semester. Readers of this blog would probably be most interested in one of these lively readings, Ben Nugent’s American Nerd (and it might be interesting to hear how the European Nerd story would diverge or converge with this one). One of my students, an audio geek and Free Culture President/Free Software junkie, by the name of John Randall produced a very nice little response (not research) paper on the Nugent reading as well as a short piece by Sarah Seltzer from Bitch Magazine
The(Girl) Geek Stands Alone (and thanks to Joe> for cluing me into this piece). Seltzer piece basically argues, in her own words, the following:
Imagine this scene from a comedy: a group of female friends sit around smoking a bowl and working on the Wikipedia page for Lord of the Rings. Their fashion sense is decidedly iconoclastic and several sport thick-rimmed glasses. Without a trace of self-consciousness, they have a hilariously ribald discussion on the relative traits of elves and orcs.
Awesome as it is, you’ll never see this scene onscreen. No mainstream movie or TV series would dare group so many female nerds together, or celebrate them so unabashedly
So John’s whole response paper is here and here is the pdf. In the paper, he makes a number of excellent points but what I loved most about it was his very geeky move at the end of the paper to prove Sarah (somewhat wrong) by listing all the girl geeks that do and have appeared in mainstream (and not-so mainstream) entertainment venues/shows, etc. They are as follows and in his own words:
I will now showcase my own geekiness through my knowledge of geeky female characters. Why? Because I can. But also because I want to demonstrate that if you look hard enough for representations of female geekyiness in pop culture, you will find plenty. Moreover, if you pick the right ones, you can make them support your argument about gender relations, whatever that argument might be. Some of these charters and personalities are hardly gendered, some are hyper-sexual. Some are incredibly attractive but completely asexual. Some undergo a transformation into/out of geekiness, while others to not. Some are powerful, while some are powerless. Some (most?) celebrate their geekiness, others are tortured by it. They are all geeks take your pick: Aeon Flux, a sexy geek who’s technological gadgets give her super powers (Comic drawings then Charlize TheronAeon Flux) Wonder Woman, attractive pilot of an invisible plane Lara Croft, a female Indiana Jones in short shorts, wielding guns and cracking computer codes (CGI and then Angelina Jolie in Tomb Raider) She-Ra, who was way smarter than He-Man (Masters of the Universe cartoons) Gadget Hackwrench, beautiful chipmonk technician for Chip and Dale (Rescue Rangers cartoon) Velma, featuring eyeglasses, awkwardness and brains (Scooby Doo), Hermonie Granger, a geek who is temporarily rejected because she is a geek, remains a geek, and finds love and happiness (Harry Potter) Barbarella, who, through comic strips and a 1968 film, helped introduce science fiction and sex to young women (Barbarella) La Femme Nikita, a skillful, savvy, and very feminine girl who doubles as a covert spy Kate Libby, aka ‘Acid Burn’, uber-sexualized hacker (played by Angelina Jolie in Hackers) Kathryn Janeway, smart and powerful captain of the USS Voyager (Star Trek Voyager) Starbuck (Battlestar Galactica), Dana Scully, FBI agent with encyclopedic media knowledge. The bizzare subtex of non-realized sexual tension was part of the magic The X-Files. Willow Rosenberg, geeky sidekick turned geeky supervillian (Alyson Hannigan in buffy the Vampire Slayer) Michelle Flaherty, hyper-sexual band geek (Alyson Hannigan in American Pie series) Dr Ellie Sattler, heroniene scientist (Jurrasic Park) Ellie, scientis hero (played by both Jenna Malone and Jodi Foster in Carl Sagan’s Contact) Dawn Wiener (Heather Matarazzo in Welcome to the Dollhouse Enid and Rebecca (Thora Birch and Scarlett Johanson in Ghost World) just about every charater ever played by Jenna Malone (Donie Darko, The Dangerous Lives of Altar Boys, The United States of Leland, Saved!, etc) half of the charaters played within the last decade by Jodi Foster (Panic Room, The Dangerous Lives of Altar Boys, Flightplan, The Addams Family half of the charaters played by Christina Ricci (Mermaids, The Addams Family, Little Red Riding Hood, The Ice Storm, Buffalo ‘66, Prozac Nation, Pumpkin, Speed Racer) half of the characters played by Natalie Portman (The Professional, Mars Attacks!, Star Wars, V for Vendette, The Darjeeling Limited, Mr. Magorium’s Wonder Emporium, Garden State) Molly Ringwald. characters played by Molly Ringwald. Rock musician Ani DiFranco and geeky Riot Grrls everywhere. Sarah Vowell, NPR commentator celebrating her geeky life. Voiceover for geeky cartoon characters. Rachel Maddow, for being Rachel Maddow.
First, awesome list, though he forgot a few (like one of my favorites, Bionic Woman and a more recent one, Juno) and it is nice to have it in one compact place. But, I have to say, I still agree to some degree with Sarah Setlzer, though I also agree with John. On the one hand there are representations and it is as important just to strut this stuff publicly as it is to claim that there is not enough female geeky representations in mainstream media. This is what John has done quite nicely. One the other hand, as he himself says ” if you look hard enough for representations of female geekyiness in pop culture, you will find plenty.” I think those words, “if you look hard enough” also speaks volumes of the continued disparity that does exist. One should not have to look “hard,” and the only blockbusters, so to speak, which feature a female geek, is Tomb Raider, which for being so hyper-sexualized is not so geeky to me, no matter how good she is with the gadgets. That said, what I find so important, and have emphasized in different contexts, is the need for what I think of simultaneous positive and negative form of critique, the former being about pointing to already exisitng examples to get people jazzed and excited and to put things in perspective. The later form of critique, negative critique, identifies a lack, a void to fill, just the type of excellent commentary in the Seltzer piece… But now for the most important question, who has John overlooked?