Author Archives: elkement (Elke Stangl)

About elkement (Elke Stangl)

Physicist, engineer, geek, dilettante science blogger, IT security consultant, search term poet, Subversive El(k)ement.

A Color Box. Lost in Translation

Posted on by
Reply

It was that time again.

The Chief Engineer had rebuilt the technical room from scratch. Each piece of heavy equipment had a new place, each pipe and wire was reborn in a new incarnation (German stories here.)

The control system was turned upset down as well, and thus the Data Kraken was looking at its entangled tentacles, utterly confused. The fabric of spacetime was broken again – the Kraken was painfully reminded of its last mutation in 2016.

Back then a firmware update had changed the structure of log files exported by Winsol. Now these changes were home-made. Sensors have been added. Sensor values have been added to the logging setup. Known values are written to different places in the log file. The log has more columns. The electrical input power of the heat pump has now a positive value, finally. Energy meters have been reset during the rebuild. More than once. And on and on.

But Data Kraken had provided for such disruptions! In a classical end-of-calendar-year death march project its software architecture had been overturned 2016. Here is a highly illustrative ‘executive level’ diagram:

The powerful SQL Server Kraken got a little companion – the Proto Kraken. Proto Kraken proudly runs on Microsoft Access. It comprises the blueprint of Big Kraken – its DNA: a documentation of all measured values, and their eternal history: When was the sensor installed, at which position in the log file do you find its values from day X to day Y, when was it retired, do the values need corrections …

A Powershell-powered tentacle crafts the Big Kraken from this proto version. It’s like scientists growing a mammoth from fossils: The database can be rebuilt from the original log files, no matter how the file structure mutates over time.

A different tentacle embraces the actual functions needed for data analysis – which is Data Kraken’s true calling. Kraken consolidates data from different loggers, and it has to do more than just calculating max / min / totals / averages. For example, the calculation of the heat pump’s performance factor had to mutate over time. Originally energy values had been read off manually from displays, but then the related meters were automated. Different tentacles need to reach out into different tables at different points of time.

Most ‘averages’ only make sense under certain conditions: The temperature at different points in the brine circuits should only contribute to an average temperature when the brine circulation pump is active. If you calculate the performance factor from heat source and target temperature (using a fit function), only time intervals may contribute when the heat pump did actually run.

I live in fear of Kraken’s artificial intelligence – will it ever gain consciousness? Will I wake up once in a science fiction dystopia? Fortunately, there is one remaining stumbling block: We have not yet fully automated genetic engineering. How could that ever work? A robot or a drone trying to follow the Chief Engineer’s tinkering with sensor wiring … and converting this video stream into standardized change alerts sent to Data Kraken?

After several paragraphs laden with silly metaphors, I finally come to the actual metaphor in the title of this post. The

Color Box

Once you came up with a code name for your project, you cannot get it out of your head. That also happened to the Color Box (Farbenkastl).

Here, tacky tasteless multi-colored things are called a color box. Clothes and interior design for example. Or the mixture of political parties in parliament. That’s probably rather boring, but the Austrian-German term Farbenkastl has a colorful history: It had been used in times of the monarchy to mock the overly complex system of color codes applied to the uniforms of the military.

What a metaphor for a truly imperial tool: As a precursor to the precursor to the Kraken Database … I use the Color Box! Brought to me by Microsoft Excel! I can combine my artistic streak, coloring categories of sensors and their mutations. Excel formulas spawn SQL code.

The antediluvian 2016 color box was boring:

But trying to display the 2018 color box I am hitting the limit of Excel’s zooming abilities:

I am now waiting now for the usual surprise nomination for an Science & Arts award. In the meantime, my Kraken enjoys its new toys. Again, the metaphoric power of this video is lost in translation as in German ‘Krake’ means octopus.

(We are still working at automating PVC piping via the Data Kraken, using 3D printing.)

Cyber Something

Posted on by
2

You know you have become a dinosaur when you keep using outdated terminology. Everybody else uses the new buzz word, but you just find it odd. But someday it will creep also into your active vocabulary. Then I will use the tag cyber something, like stating that I work with cyber-physical systems.

But am I even right about the emergence of new terms? I am going to ask Google Trends!

I have always called it IT Security, now it is Cyber Security. I know there are articles written about the difference between Cyber Security and IT Security. However, when I read about Those 10 Important Things in Cyber Security, I see that the term is often used as a 1:1 replacement of what had been called IT Security. And even if you insist on them being different fields, the following Google Trends result would at least show that one has become more interesting to internet users.

I am also adding Infosec which I feel is also more ‘modern’ – or maybe only used specifically by community insiders.

cyber-security-it-security-infosec

Link: https://trends.google.com/trends/explore?date=today%205-y&q=Cyber%20Security,IT%20Security,Infosec

So Cyber Security is on the rise, but IT Security does is not yet on a decline. Infosec is less popular – and what about these spikes?

infosec

Link: https://trends.google.com/trends/explore?date=today 5-y&q=Infosec

This not what I expected – a sharp peak at the beginning of every June! This pattern rather reminds of searching for terms related to heating systems: Searches for heat pump peak in New Zealand every July – for obvious reasons. (Although it is interesting why only in NZ – I only zoomed in on NZ as it was the top region in the worldwide search on heat pump… But I digress!)

So I guess the spike is caused by one of the famous big IT Security Infosec conferences? Which one? I could not track it down unambiguously!

What about the non-abbreviated term – Information Security. Does it exhibit the same pattern?

information-security-infosec.png

Link: https://trends.google.at/trends/explore?date=today%205-y&q=Infosec,Information%20Security

Not at all. There is one negative spike in week 51 every year, and this pattern rather reminds me of the ‘holiday pattern’ I see in our websites’ statistics. Maybe that’s the one week in a year when also IT security Infosec people are on vacation?

Finally I want to cross-check the Cyber Physical and The Cyber in general:

Cyber Physical is not mainstream enough to show a trend…

cyber-physical

Link: https://trends.google.com/trends/explore?date=today%205-y&q=Cyber%20Physical

… and Cyber itself is again not at all what I expected!

cyber.png

Link: https://trends.google.com/trends/explore?date=today%205-y&q=Cyber

Mid of December every year we all search the The Cyber! Do the hackers attack every year when we are busy with shopping for presents or getting That Important Project done before End of Calendar Year?

Again I fail to google that one and only Cyber event in December – or maybe these spikes are all about Google bugs!

Epilogue / user manual: Don’t click on these links too often!

Heat Conduction Cheat Sheet

Posted on by
3

I am dumping some equations here I need now and then! The sections about 3-dimensional temperature waves summarize what is described at length in the second part of this post.

Temperature waves are interesting for simulating yearly and daily oscillations in the temperature below the surface of the earth or near wall/floor of our ice/water tank. Stationary solutions are interesting to assess the heat transport between pipes and the medium they are immersed in, like the tubes making up the heat exchanger in the tank or the solar/air collector.

Contents

~

Heat equation – conservation of energy [Top]

Energy is conserved locally. It cannot be destroyed or created, but it it is also not possible to remove energy in one spot and make it reappear in a different spot. The energy density η in a volume element can only change because energy flows out of this volume, at a flow density j (energy per area and time).

\frac{\partial \eta}{\partial t} + \frac{\partial \vec{j}}{\partial\vec{r}} = 0

In case of heat energy, the sensible heat energy ‘contained’ in a volume element is the volume times mass density ρ [kg/m3] times specific heat c [J/kgK] times the temperature difference in K (from a ‘zero point’). The flow of heat energy is proportional to the temperature gradient (with constant λ – heat conductivity [J/mK], and heat flows from hot to colder spots.

\rho c \frac{\partial T}{\partial t} + \frac{\partial}{\partial\vec{r}} (- \lambda \frac{\partial T}{\partial\vec{r}}) = 0

Re-arranging and assuming that the three properties ρ, c, and λ are constant in space and time, they can be combined into a single property called thermal diffusivity D

D = \frac{\lambda}{\rho c}

\frac{\partial T}{\partial t} = D \frac{\partial}{\partial\vec{r}} \frac{\partial T}{\partial\vec{r}} = D \Delta T

In one dimensions – e.g. heat conduction to/from an infinite plane –  the equation is

\frac{\partial T}{\partial t} = D \frac{d^{2} T}{d x^{2}}

~

1D solution – temperature waves in one dimension [Top]

I covered it already here in detail. I’m using complex solutions as some manipulations are easier to do with the exponential functions than with trigonometric functions, keeping in mind we are finally interested in the real part.

Boundary condition – oscillating temperature at the surface; e.g. surface temperature of the earth in a year. Angular frequency ω is 2π over period T (e.g.: one year)

T(t,0) = T_0 e^{i \omega t}

Ansatz: Temperature wave, temperature oscillating with ω in time and with to-be-determined complex β in space.

T(t,x) = T_0 e^{i \omega t + \beta x}

Plugging into 1D heat equation, you get β as a function of ω and the properties of the material:

i \omega = D \beta^2
\beta = \pm \sqrt{\frac{i \omega}{D}} = \pm \sqrt{i} \sqrt{\frac{\omega}{D}} = \pm (1 + i){\sqrt 2} \sqrt{\frac{\omega}{D}} = \pm (1 + i) \sqrt{\frac{\omega}{2D}}

The temperature should better decay with increasing x – only the solution with a negative sense makes sense, then T(\infty) = T_0 . The temperature well below the surface, e.g. deep in the earth, is the same as the yearly average of the air temperature (neglecting the true geothermal energy and related energy flow and linear temperature gradient).

Solution – temperature as function of space and time:

T(t,x) = T_0 e^{i \omega t - (1 + i) \sqrt{\frac{\omega}{2D}} x} = T_0 e^{i (\omega t - \sqrt{\frac{\omega}{2D}} x)} e^{-\sqrt{\frac{\omega}{2D}} x}

Introducing parameter k:

\sqrt{\frac{\omega}{2D}} = k

Concise version of the solution function:

T(t,x) = T_0 e^{i (\omega t - kx)} e^{-kx}

Strip off the real part:

Re(T(t,x)) = T_0 cos(\omega t - kx) e^{-kx}

Relations connecting the important wave parameters:

\tau = \frac {2 \pi}{\omega}
\lambda = \frac {2 \pi}{k}

~

‘Helpers’ for the 3D case (spherical) [Top]

Basic stuff

r = \sqrt{x^2 + y^2 + z^2}
\frac{\partial r}{\partial \vec{r}} = (\frac{\partial}{\partial x},\frac{\partial}{\partial y},\frac{\partial}{\partial z})\sqrt{x^2 + y^2 + z^2} = \frac{\vec{r}}{r}
\frac{\partial \vec{r}}{\partial \vec{r}} = (\frac{\partial}{\partial x},\frac{\partial}{\partial y},\frac{\partial z}{\partial z})(x,y,z) = 3
\Delta T = (\frac{\partial^2}{\partial x^2} + \frac{\partial^2}{\partial y^2} + \frac{\partial^2}{\partial z^2})T(r)

Inserting, to obtain a nicely looking Laplacian in spherical symmetry

\Delta T = \frac{\partial}{\partial\vec{r}} \frac{\partial}{\partial\vec{r}} T(\sqrt{x^2 + y^2 + z^2}) = \frac{\partial}{\partial\vec{r}} \frac{\partial r}{\partial\vec{r}} (\frac{dT}{dr}) = \frac{\partial}{\partial\vec{r}} (\frac{\vec{r}}{r} \frac{dT}{dr})
= \frac{3}{r} \frac{dT}{dr} - \frac{1}{r^2} \frac{\partial r}{\partial\vec{r}} \vec{r} \frac{dT}{dr} + \frac{\vec{r}}{r} \frac{\vec{r}}{r} \frac{d^2 T}{dr^2}
= \frac{3}{r} \frac{dT}{dr} - \frac{1}{r} \frac{dT}{dr}+ \frac{d^2 T}{dr^2} = \frac{2}{r} \frac{dT}{dr} + \frac{d^2 T}{dr^2}
= \frac{1}{r}(\frac{dT}{dr} + \frac{dT}{dr} + r \frac{d^2T}{dr^2}) = \frac{1}{r} \frac{d}{dr} (T + r \frac{dT}{dr}) = \frac{1}{r} \frac{d^2}{dr^2}(rT)

~

‘Helpers’ for the 2D case (cylindrical) [Top]

Basic stuff

r = \sqrt{x^2 + y^2}
\frac{\partial r}{\partial \vec{r}} = (\frac{\partial}{\partial x}
latex \frac{\partial}{\partial y})\sqrt{x^2 + y^2 } = \frac{\vec{r}}{r}$
\frac{\partial \vec{r}}{\partial \vec{r}} = (\frac{\partial}{\partial x}
\frac{\partial}{\partial y})(x,y) = 2
\Delta T = (\frac{\partial^2}{\partial x^2} + \frac{\partial^2}{\partial y^2})T(r)

Inserting, to obtain a nicely looking Laplacian in cylindrical symmetry

\Delta T = \frac{\partial}{\partial\vec{r}} \frac{\partial}{\partial\vec{r}} T(\sqrt{x^2 + y^2}) = \frac{\partial}{\partial\vec{r}} \frac{\partial r}{\partial\vec{r}} (\frac{dT}{dr})
= \frac{\partial}{\partial\vec{r}} (\frac{\vec{r}}{r} \frac{dT}{dr}) = \frac{2}{r} \frac{dT}{dr} - \frac{1}{r^2} \frac{\partial r}{\partial\vec{r}} \vec{r} \frac{dT}{dr} + \frac{\vec{r}}{r} \frac{\vec{r}}{r} \frac{d^2 T}{dr^2}
= \frac{2}{r} \frac{dT}{dr} - \frac{1}{r} \frac{dT}{dr}+ \frac{d^2 T}{dr^2} = \frac{1}{r} \frac{dT}{dr} + \frac{d^2 T}{dr^2} = \frac{1}{r} \frac{d}{dr} (r \frac{dT}{dr})

~

3D solution – temperature waves in three dimensions [Top]

Boundary condition – oscillating temperature at the surface of a sphere with radius R

T(t,R) = T_R e^{i \omega t}

Ansatz – a wave with amplitude decrease as 1/r. Why try 1/r? Because energy flow density is the gradient of temperature, and energy flow density would better decrease as 1/m2 .

T(t,r) = \frac{A}{r} e^{i \omega t + \beta r}

Plugging in, getting β

i\omega \frac{A}{r} e^{i \omega t + \beta r} = D \Delta T = \frac{D}{r} \frac{d^2}{dr^2}(rT)
= \frac{D}{r} \frac{d^2}{dr^2}(Ae^{i \omega t + \beta r}) = \frac{AD}{r} \beta^2 e^{i \omega t + \beta r}
i\omega = D \beta^2

Same β as in 1D case, using the decaying solution

T(t,r) = \frac{A}{r} e^{i \omega t + \beta r} = \frac{A}{r} e^{i (\omega t - kr)} e^{-kr}

Inserting boundary condition

T(t,R) = \frac{A}{R} e^{i \omega t + \beta R} = T_R e^{i \omega t}
\frac{A}{R} e^{\beta R} = T_R \Rightarrow A = T_R R e^{-\beta R}
T(t,r) = \frac{T_R R}{r} e^{-\beta R} e^{i\omega t + \beta r)} = \frac{T_R R}{r} e^{i\omega t + \beta(r-R)}
= \frac{T_R R}{r} e^{i(\omega t - k (r-R))}e^{-k(r-R))}

The ‘amplitude’ A is complex as β is complex. Getting the real part – this is what you would compare with measurements:

Re (T(t,r)) = \frac{T_R R}{r} cos(\omega t - k (r-R))e^{-k(r-R))}

~

Comparison of surface energy densities: 1D versus 3D temperature waves [Top]

This is to estimate the magnitude of the error you introduce when solving an actually 3D problem in only one dimension; replacing the curved (spherical) surface by a plane.

One dimension – energy flow density is just a number:

(t,x) = - \kappa \frac{dT}{dx} = - \kappa \beta T_0 e^{i \omega t + \beta x}

Real part of this, at the surface (x=0)

Re(j(t,0)) = - \kappa T_0 Re(\beta e^{i \omega t}) = - Re((-k -ik) \kappa T_0 e^{i \omega t})
= \kappa T_0 k (cos(\omega t) - sin(\omega t)) = \kappa T_0 k \sqrt{2} (cos(\omega t)\frac{1}{\sqrt{2}} - sin(\omega t))\frac{1}{\sqrt{2}})
= \kappa T_0 k \sqrt{2} (cos(\omega t)\cos(\frac{\pi}{4} - sin(\omega t))\sin(\frac{\pi}{4}) = \kappa T_0 k \sqrt{2} cos(\omega t + \frac{\pi}{4})

How should this be compared to the 3D case? The time average (e.g. yearly) average is zero, to one could compare the average value for half period, when the cosine is positive or negative (‘summer’ or ‘winter’ average). But then, you can as well compare the amplitudes.

Introducing new parameters

l = \frac{1}{k}
j_{amp} = \frac{\kappa T_0}{l}

3D case: Energy flow density is a vector

\vec{j}(t,\vec{r}) = -\kappa \frac{\partial T}{\partial \vec{r}} = -\kappa \frac{\partial}{\partial \vec{r}} \frac{T_R R}{r} e^{i\omega t + \beta(r-R)}
= -\kappa T_R R e^{i\omega t} [-\frac{1}{r^2} \frac{\vec{r}}{r} e^{\beta(r-R)} + \frac{1}{r} \beta \frac{\vec{r}}{r} e^{\beta(r-R)} ]
= \kappa T_R R e^{i\omega t} e^{\beta(r-R)} \frac{\vec{r}}{r} [\frac{1}{r^2} - \frac{\beta}{r} ]
= \frac{\vec{r}}{r} \kappa \frac{T_R R}{r} e^{-k(r-R)} e^{i(\omega t - k(r-R))} [\frac{1}{r} + k + ik]

The vector points radially of course, its absolute value is

j(t,r)= \kappa \frac{T_R R}{r} e^{-k(r-R)} e^{i(\omega t - k(r-R))} [\frac{1}{r} + k + ik]

At the surface of the sphere the ‘ugly part’ is zero as

\vec{r} = \vec{R}
r = R
k(r-R) = 0

Real part:

Re(j(t,r)) = \kappa T_R Re (e^{i(\omega t} [\frac{1}{R} + k + ik] )
= \kappa T_R [(\frac{1}{R} + k) cos(\omega t) - k sin(\omega t) ]
= \kappa T_R [k \sqrt{2} cos(\omega t + \frac{\pi}{4}) + \frac{1}{R} cos(\omega t)]

Here, I was playing with somewhat realistic parameters for the properties of the conducting material. If the sphere has a radius of a few meters, you can ‘compensate for the curvature’ by tweaking parameters and obtain a 1D solution in the same order of magnitude.

Temporal change –  there is a ‘base’ phase different between temperature and energy flow of (about) π/4 which is also changed by introducing curvature. I varied ρ,c, and λ with the goal to make the j curves overlap as much as possible. It is sufficient and most effective to change specific heat only. If the surface is curved, energy ‘spreads out more’. So to make it ‘as fast as’ the 3D wave you need to compensate by a giving it a higher D.

I did not bother to shift the temperature to, say, 10°C as a yearly average. But this is just a linear shift tat will not change anything else – 0°C is arbitrary.

~

1D stationary solution – plane [Top]

Stationary means, that nothing changes with time. The time derivative is zero, and so is the (spatial) curvature:

\frac{\partial T}{\partial t} = 0 = D \frac{d^{2} T}{d x^{2}}

The solution is a straight line, and you need to know the temperature at two different points. Indicating the surface x=0 again with 0 and the endpoint x_E with E, and using the definition of j in terms of temperature gradient and distance from the surface (x_E – 0 = Δx).

|j(x = 0)| = \lambda |\frac{dT}{dx}| = \lambda \frac{|T_E - T_0|}{x_E} = \lambda \frac{|T_E - T_0|}{\Delta x}$

~

3D stationary solution- sphere [Top]

The time derivative is zero, so the Laplacian is zero:

\frac{\partial T}{\partial t} = 0 = \Delta T(t, r) = \frac{1}{r} \frac{d^2}{dr^2}(rT)

Ansatz, guessing something simple

T(r) = \frac{A + Br}{r} = \frac{A}{r} + B

Boundary conditions, as for the 1D case:

T(R_0) = T_0
T(R_E) = T_E

Plugging in – getting functions for all r:

T(r) = \frac{1}{R_0 - R_E} [R_E T_E(\frac{R_0}{r} - 1) + R_0 T_0 (1 - \frac{R_E}{r}]

|j(r)| = \lambda \frac{1}{R_0 - R_E} \frac{1}{r^2} [R_E T_E R_0 - R_0 T_0 R_E ]

At the surface:

|j(R_0)| = \lambda \frac{1}{R_0 - R_E} \frac{R_E}{R_0} [T_E - T_0 ]

~

2D stationary solution – cylinder, pipe [Top]

Cylindrical Laplacian is zero

\frac{1}{r} \frac{d}{dr} (r \frac{dT}{dr}) = 0

Same boundary conditions, plugging in

r \frac{dT}{dr} = A
dT = A \frac {dr}{r}

\int_{T}^{T_0} dT = A \int_{R_0}^{r} \frac {dr}{r}
T(r) = T_0 + A \ln{(\frac{r}{R_0})} = T_0 + A (\ln{r} - \ln{R_0})
T(R_E) = T_E = T_0 + A \ln{(\frac{R_E}{R_0})}
A = \frac{T_E - T_0}{\ln{(\frac{R_E}{R_0})}}

Solutions for temperature and energy flow at any r:

T(r) = T_0 + (T_E - T_0) \frac{\ln{(\frac{r}{R_0})}}{\ln{(\frac{R_E}{R_0})}}
|\vec{j(r)}| = |\frac {1}{r} \lambda \frac{T_E - T_0}{\ln{(\frac{R_E}{R_0})}}|

Expressing r in terms of distance from the surface, \Delta  r = r - R_0

|\vec{j(r)}| = |\frac {1}{\Delta r + R_0} \lambda \frac{T_E - T_0}{\ln{(\frac{R_1}{R_0})}}|

~

Comparison of overall heat flow: 1D versus 2D [Top]

j is the energy flow per area, and the area traversed by the flow depends on geometry. in the 1D case the area is always the same area, equal to the area of the plane. For a cylinder, the area increases with r.

The integrated energy flow J for a plate with area F is

J_{Plate} = F \lambda \frac{|T_E - T_0|}{\Delta x}

If the two temperatures are given, J decreases linearly with increasing thickness of the cylindrical ‘shell’, e.g. a growing layer of ice.

For a cylinder of length l the energy flow J is…

J_{Cyl} = 2 \pi l r |\frac {1}{r} \lambda \frac{T_E - T_0}{\ln{(\frac{R_E}{R_0})}}|
= 2 \pi l \lambda |\frac{T_E - T_0}{\ln{(\frac{R_E}{R_0})}}| \par

Factor r has been cancelled, and the for given temperatures J is only decreasing linearly with increasing outer radius R_E. That’s why vendors of plate heat exchangers (in vessels with phase change material) worry more about a growing layer of sold material than user for e.g. ‘ice on coil’ I quoted a related research paper on ‘ice storage powered’ heat pump system in this post – they make exactly this point and provide some data. In addition to conduction also convection at both sides of the heat exchanger should be taken into account, too, in a ‘serial connection’ of heat transferring components.

 

 

Hacking

Posted on by
9

I am joining the ranks of self-proclaimed productivity experts: Do you feel distracted by social media? Do you feel that too much scrolling feeds transforms your mind – in a bad way? Solution: Go find an online platform that will put your mind in a different state. Go hacking on hackthebox.eu.

I have been hacking boxes over there for quite a while – and obsessively. I really wonder why I did not try to attack something much earlier. It’s funny as I have been into IT security for a long time – ‘infosec’ as it seems to be called now – but I was always a member of the Blue Team, a defender: Hardening Windows servers, building Public Key Infrastructures, always learning about attack vectors … but never really testing them extensively myself.

Earlier this year I was investigating the security of some things. They were black-boxes to me, and I figured I need to learn about some offensive tools finally – so I setup a Kali Linux machine. Then I searched for the best way to learn about these tools, I read articles and books about pentesting. But I had no idea if these ‘things’ were vulnerable at all, and where to start. So I figured: Maybe it is better to attack something made vulnerable intentionally? There are vulnerable web applications, and you can download vulnerable virtual machines … but then I remembered I saw posts about hackthebox some months ago:

As an individual, you can complete a simple challenge to prove your skills and then create an account, allowing you neto connect to our private network (HTB Labs) where several machines await for you to hack them.

Back then I had figured I will not pass this entry challenge nor hack any of these machines. It turned out otherwise, and it has been a very interesting experience so far -to learn about pentesting tools and methods on-the-fly. It has all been new, yet familiar in some sense.

Once I had been a so-called expert for certain technologies or products. But very often I became that expert by effectively reverse engineering the product a few days before I showed off that expertise. I had the exact same mindset and methods that are needed to attack the vulnerable applications of these boxes. I believe that in today’s world of interconnected systems, rapid technological change, [more buzz words here] every ‘subject matter expert’ is often actually reverse engineering – rather than applying knowledge acquired by proper training. I had certifications, too – but typically I never attended a course, but just took the exam after I had learned on the job.

On a few boxes I could use in-depth knowledge about protocols and technologies I had  long-term experience with, especially Active Directory and Kerberos. However, I did not find those boxes easier to own than the e.g. Linux boxes where everything was new to me. With Windows boxes I focussed too much on things I knew, and overlooked the obvious. On Linux I was just a humble learner – and it seemed this made me find the vulnerability or misconfiguration faster.

I felt like time-travelling back to when I started ‘in IT’, back in the late 1990s. Now I can hardly believe that I went directly from staff scientist in a national research center to down-to-earth freelance IT consultant – supporting small businesses. With hindsight, I knew so little both about business and about how IT / Windows / computers are actually used in the real world. I tried out things, I reverse engineered, I was humbled by what remains to be learned. But on the other hand, I was delighted by how many real-live problems – for whose solution people were eager to pay – can be solved pragmatically by knowing only 80%. Writing academic papers had felt more like aiming at 130% all of the time – but before you have to beg governmental entities to pay for it. Some academic colleagues were upset by my transition to the dark side, but I never saw this chasm: Experimental physics was about reverse engineering natural black-boxes – and sometimes about reverse engineering your predecessors enigmatic code. IT troubleshooting was about reverse engineering software. Theoretically it is all about logic and just zero’s and one’s, and you should be able to track down the developer who can explain that weird behavior. But in practice, as a freshly minted consultant without any ‘network’ you can hardly track down that developer in Redmond – so you make educated guesses and poke around the system.

I also noted eerie coincidences: In the months before being sucked into hackthebox’ back-hole, I had been catching up on Python, C/C++, and Powershell – for productive purposes, for building something. But all of that is very useful now, for using or modifying exploits. In addition I realize that my typical console applications for simulations and data analysis are quite similar ‘in spirit’ to typical exploitation tools. Last year I also learned about design patterns and best practices in object-oriented software development – and I was about to over-do it. Maybe it’s good to throw in some Cowboy Coding for good measure!

But above all, hacking boxes is simply addictive in a way that cannot be fully explained. It is like reading novels about mysteries and secret passages. Maybe this is what computer games are to some people. Some commentators say that machines on pentesting platforms are are more Capture-the-Flag-like (CTF) rather than real-world pentesting. It is true that some challenges have a ‘story line’ that takes you from one solved puzzle to the next one. To some extent a part of the challenge has to be fabricated as there are no real users to social engineer. But there are very real-world machines on hackthebox, e.g. requiring you to escalate one one object in a Windows domain to another.

And if you ever have seen what stuff is stored in clear text in the real world, or what passwords might be used ‘just for testing’ (and never changed) – then also the artificial guess-the-password challenges do not appear that unrealistic. I want to emphasize that I am not the one to make fun of weak test passwords and the like at all. More often than not I was the one whose job was to get something working / working again, under pressure. Sometimes it is not exactly easy to ‘get it working’ quickly, in an emergency, and at the same time considering all security implications of the ‘fix’ you have just applied – by thinking like an attacker. hackthebox is an excellent platform to learn that, so I cannot recommend it enough!

An article about hacking is not complete if it lacks a clichéd stock photo! I am searching for proper hacker’s attire now – this was my first find!

Sources of Heat, Life, and Everything

Posted on by
4

Same procedure as every summer: Science and tech blogging comes to a halt, and the daring ‘internet artist’ is summoned. But also unorthodox avant-garde art is rooted in down-to-earth engineering.

In summer elkement leaves the programmer’s cave (a bit) and sees the sun. The local elkemental microcosmos is a fully functional biosphere-2-like ecosystem with lots of life-forms. They interact with each other – and they interact with the collector and the ice storage tank. In 2018 it’s time for a retrospective!

As soon as the collctor was built, the flying descendants of the dinosaurs occupied it. As the white spots show, it has an important function:

Latrine seat

This is also a modern, innovative ecosphere: We provide co-working space and meeting rooms, also for the slimiest of life-forms.

The collector has obviously a positive impact on any life-form – not only the faunal:

According to a questionable theory byy crackpot hobby scientists, this can be explained by the collector’s true core: It is made up from life-forms itself – gigantic worms.

Taming the worms

We also had ghastly apparition of a very rare life-form integrated with the collector: The Solar Scorpion:

Solar Scorpion

Let’s not forget the ice storage part of the heat source: It is every bit as interesting as the collector for the technically savvy life-forms:

Expert

Now and then you can spot even human life-forms within the storage tank:

Irgendwer im Eisspeicher

The storage tank is giving something back in an eternal circle of life: Excess water is drained from the tank – and it is said to boost the vegetables!

Belebtes Eisspeicherwasser

This posting is like all the other soporific TV documentaries about animals roaming beautiful landscapes. Nature is cruel. Also the ice storage tank took its death toll.

Suicide or murder?

But life-forms strike back … and they target the heat source. Never underestimate an aggressive tree:

Fallen tree damages collector (in a storm)

Fortunately most living beings come in peace; some are particularly likeable and intelligent. Recently the collector had a surprise audit:

Collektor Inspector

Collektor Inspection

Finally the elkement knows what smart monitoring actually is:

Smart monitoring

Cloudy Troubleshooting (2)

Posted on by
Reply

Unrelated to part 1 – but the same genre.

Actors this time:

  • File Cloud: A cloud service for syncing and sharing files. We won’t drop a brand name, will we?
  • Client: Another user of File Cloud.
  • [Redacted]: Once known for reliability and as The Best Network.
  • Dark Platform: Wannabe hackers’ playground.
  • elkement: Somebody who sometimes just wants to be an end user, but always ends up sniffing and debugging.

There are no dialogues with human life-forms this time, only the elkement’s stream of consciousness, interacting with the others via looking at things at a screen.

elkement: Time for a challenging Sunday hack!

elkement connects to the The Dark Platform. Hardly notices anything in the real world anymore. But suddenly elkement looks at the clock – and at File Cloud’s icon next to it.

elkement: File Cloud, what’s going on?? Seems you have a hard time Connecting… for hours now? You have not even synced my hacker notes from yesterday evening?

elkement tries to avoid to look at File Cloud, but it gets too painful.

elkement: OK – let’s consider the File Cloud problem the real Sunday hacker’s challenge…

elkement walks through the imaginary checklist:

  • File Cloud mentioned on DownDetector website? No.
  • Users tweeting about outage? No.
  • Do the other cloudy apps work fine? Yes.
  • Do other web sites work fine? Yes.
  • Does my router needs its regular reboots because it’s DNS server got stuck? No.
  • Should I perhaps try the usual helpdesk recommendation? Yes. (*)

(*) elkement turns router and firewall off and on again. Does not help.

elkement gets worried about Client using File Cloud, too. Connects to Client’s network – via another cloudy app (that obviously also works).

  • Does Client has the same issues? Yes and No – Yes at one site, No at another site.

elkement: Oh no – do I have to setup a multi-dimensional test matrix again to check for weird dependencies?

Coffee Break. Leaving the hacker’s cave. Gardening.

elkement: OK, let’s try something new!

elkement connects to super shaky mobile internet via USB tethering on the smart phone.

  • Does an alternative internet connection fix File Cloud? Yes!!

elkement: Huh!? Will now again somebody explain to me that a protocol (File Cloud) is particularly sensitive to hardly noticeable network disconnects? Is it maybe really a problem with [Redacted] this time?

elkement checks out DownDetector – and there they are the angry users and red spots on the map. They mention that seemingly random websites and applications fail. And that [Redacted] is losing packets.

elkement: Really? Only packets for File Cloud?

elkement starts sniffing. Checks IP addresses.

(elkement: Great, whois does still work, despite the anticipated issues with GDPR!)

elkement spots communication with File Cloud. File Cloud client and server are stuck in a loop of misunderstandings. File Cloud client is rude and says: RST, then starts again. Says Hello. They never shake hands as a previous segment was not captured.

elkement: But why does all the other stuff work??

elkement googles harder. Indeed, some other sites might be slower – not The Dark Platform, fortunately. Now finally Google and duckduckgo stop working, too. 

elkement: I can’t hack without Google.

elkement hacks something without Google though. Managed to ignore File Cloud’s heartbreaking connection attempts.

A few hours later it’s over. File Cloud syncs hacker notes. Red spots on DownDetector start to fade out while the summer sun is setting.

~

FIN, ACK

Infinite Loop: Theory and Practice Revisited.

Posted on by
Reply

I’ve unlocked a new achievement as a blogger, or a new milestone as a life-form. As a dinosaur telling the same old stories over and over again.

I started drafting a blog post, as I always do since a while: I do it in my mind only, twist and turn in for days or weeks – until I am ready to write it down in one go. Today I wanted to release a post called On Learning (2) or the like. I knew I had written an early post with a similar title, so I expected this to be a loosely related update. But then I checked the old On Learning post: I found not only the same general ideas but the same autobiographical anecdotes I wanted to use now – even  in the same order.

2014 I had looked back on being both a teacher and a student for the greater part of my professional life, and the patterns were always the same – be the field physics, engineering, or IT security. I had written this post after a major update of our software for analyzing measurement data. This update had required me to acquire new skills, which was a delightful learning experience. I tried to reconcile very different learning modes: ‘Book learning’ about so-called theory, including learning for the joy of learning, and solving problems hands-on based on the minimum knowledge absolutely required.

It seems I like to talk about the The Joys of Theory a lot – I have meta-posted about theoretical physics in general, more than oncegeneral relativity as an example, and about computer science. I searched for posts about hands-on learning now – there aren’t any. But every post about my own research and work chronicles this hands-on learning in a non-meta explicit way. These are the posts listed on the heat pump / engineering page,  the IT security / control page, and some of the physics posts about the calculations I used in my own simulations.

Now that I am wallowing in nostalgia and scrolling through my old posts I feel there is one possibly new insight: Whenever I used knowledge to achieve a result that I really needed to get some job done, I think about this knowledge as emerging from hands-on tinkering and from self-study. I once read that many seasoned software developers also said that in a survey about their background: They checked self-taught despite having university degrees or professional training.

This holds for the things I had learned theoretically – be it in a class room or via my morning routine of reading textbooks. I learned about differential equations, thermodynamics, numerical methods, heat pumps, and about object-oriented software development. Yet when I actually have to do all that, it is always like re-learning it again in a more pragmatic way, even if the ‘class’ was very ‘applied’, not much time had passed since learning only, and I had taken exams. This is even true for the archetype all self-studied disciplines – hacking. Doing it – like here  – white-hat-style 😉 – is always a self-learning exercise, and reading about pentesting and security happens in an alternate universe.

The difference between these learning modes is maybe not only in ‘the applied’ versus ‘the theoretical’, but it is your personal stake in the outcome that matters – Skin In The Game. A project done by a group of students for the final purpose of passing a grade is not equivalent to running this project for your client or for yourself. The point is not if the student project is done for a real-life client, or the task as such makes sense in the real world. The difference is whether it feels like an exercise in an gamified system, or whether the result will matter financially / ‘existentially’ as you might try to empress your future client or employer or use the project results to build your own business. The major difference is in weighing risks and rewards, efforts and long-term consequences. Even ‘applied hacking’ in Capture-the-Flag-like contests is different from real-life pentesting. It makes all the difference if you just loose ‘points’ and miss the ‘flag’, or if you inadvertently take down a production system and violate your contract.

So I wonder if the Joy of Theoretical Learning is to some extent due to its risk-free nature. As long as you just learn about all those super interesting things just because you want to know – it is innocent play. Only if you finally touch something in the real world and touching things has hard consequences – only then you know if you are truly ‘interested enough’.

Sorry, but I told you I will post stream-of-consciousness-style now and then 🙂

I think it is OK to re-use the image of my beloved pre-1900 physics book I used in the 2014 post: