Wednesday, December 9, 2009

Das Problem ist kleiner als man annehmen moechte.

Es hat sich gezeigt, dass die Vernunft der im Raum anwesenden ausreicht, einen groeberen Fehler zu verhindern. Dass nur Anwesende ein Stimmrecht im Plenum haben halte ich fuer in Ordnung, solange der externe Prozess im Laufen gehalten wird: dadurch werden die Ideen des 'Publikums' ins Plenum getragen.

Momentan sieht es leider so aus, als waere die Anteilnahme einerseits, die Publikationstaetigkeit andererseits ein wenig eingeschlafen. Diesen Prozess wieder in Schwung zu bringen und den 'Smart Mob'-Mechanismus nuetzen zu koennen ist wahrscheinlich fuer den Erfolg des Protests unabdinglich.

in reference to:

"Eine lähmende Situation: zuzuhören, wie debattiert wird, einem die externe Anteilnahme am Protest zu verweigern, während man eben gerade Anteil nimmt."
- AUDIMAX und MORITZ, Führungen durch den Protest, das drohende Ende des Livestreams «                digiom. ein studienblog über           das leben in und mit digitalen online medien. (view on Google Sidewiki)

naechster termin

Friday, October 23, 2009

reBlog from Wolf hesse: massive self reference

Concept map of Canvas (HTML element)Image by beaw via Flickr

I found this fascinating quote today:

Auszuege aus hesse, massive self reference, Feb 2004

You should read the whole article.

Reblog this post [with Zemanta]




Presentation Knowledge

Auszuege aus

(1) Embrace economy of materials and means.

(2) Repeat design elements.

(3) Keep things clean and clutter-free.

(4) Avoid symmetry.

(5) Avoid the obvious in favor of the subtle.

(6) Think not only of yourself, but of the other (e.g., the viewer).

(7) Remain humble and modest.

Reblog this post [with Zemanta]

Monday, October 12, 2009

Wolf Hesse has shared an item with you


Wolf Hesse shared this with you using Twine...

Official Google Blog: Teaching computers to read: Google acquires reCAPTCHA
Google buys reCaptcha from Techmeme View


See you on Twine,

Wolf Hesse

This email was sent by:

If you would prefer to not receive further emails from one-click unsubscribe

[reddit] wolfhesse has shared a link with you

wolfhesse from has shared a link with you.

"Senator Al "The Hammer" Franken tears the living shit out of a Halliburton/KBR lawyer over imprisonment after gang-rape coverup. [Repost from /politics for a reason]"

There are currently 9 comments on this link. You can view them here:

If you would not like to receive emails from in the future, visit

Sunday, October 11, 2009


From Eric ...
From my ma...

Ident Engine: A JavaScript Library To Fetch Social Network Profiles/Activities


Sent to you by wolfhesse via Google Reader:


via WebResourcesDepot by Umut M. on 10/7/09

Ident Engine is an open source JavaScript library that can bring together the footprints every user leaves on various social networks.

The library supports more than 70 sites, including all the popular ones like Twitter, Flickr, Facebook or Youtube.

Ident Engine

From Glenn Jones, the creator of the library:

Wouldn't it be a little magical if, when you signed up for a new site, the site said something like, "We notice you have a profile photo on Flickr and Twitter, would you like to use one of those or upload a new one?"

Ident Engine makes this totally possible.

It analyzes the relations between various networks using the rel="me" tags & Social Graph API's "lookup" method.

And, to parse the profiles Yahoo's YQL or a .Net parser, UfXtract is used.

More technical details can be found at "Discovering Magic", an article by Glenn Jones, and you can always check the demos to see the power of Ident Engine.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag'n Drop

SSLmatic – Cheap SSL Certificates (from $19.99/year)
Dreamhost $50 Discount Code: WRD
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: ,

Related posts


Things you can do from here:


T-Mobile: All Your Sidekick Data Has Been Lost Forever



Sent to you by wolfhesse via Google Reader:


via Mashable! by Pete Cashmore on 10/10/09

There's bad news for Sidekick users today: T-Mobile has announced that it was unable to recover Sidekick data after a server failure at Microsoft subsidiary Danger. This means any data not stored on your Sidekick but residing in the "cloud" has been lost.

Sidekick users are advised to keep their devices powered up and not conduct a reset or remove the battery: a power-down would mean any data still on the phone is lost. T-Mobile will provide an update on the situation on Monday, but things are looking very bleak indeed.

In T-Mobile's words: "based on Microsoft/Danger's latest recovery assessment of their systems, we must now inform you that personal information stored on your device – such as contacts, calendar entries, to-do lists or photos – that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger."

The story is a jarring one for those storing increasing amounts of data in the "cloud": as we become more reliant on servers to house our data, such losses can be catastrophic.

The full press release is below (via Engadget).

T-Mobile Press Release on Sidekick Data Loss


Dear valued T-Mobile Sidekick customers:

T-Mobile and the Sidekick data services provider, Danger, a subsidiary of Microsoft, are reaching out to express our apologies regarding the recent Sidekick data service disruption.

We appreciate your patience as Microsoft/Danger continues to work on maintaining platform stability, and restoring all services for our Sidekick customers.

Regrettably, based on Microsoft/Danger's latest recovery assessment of their systems, we must now inform you that personal information stored on your device – such as contacts, calendar entries, to-do lists or photos – that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger. That said, our teams continue to work around-the-clock in hopes of discovering some way to recover this information. However, the likelihood of a successful outcome is extremely low. As such, we wanted to share this news with you and offer some tips and suggestions to help you rebuild your personal content. You can find these tips in our Sidekick Contacts FAQ. We encourage you to visit the Forums on a regular basis to access the latest updates as well as FAQs regarding this service disruption.

In addition, we plan to communicate with you on Monday (Oct. 12) the status of the remaining issues caused by the service disruption, including the data recovery efforts and the Download Catalog restoration which we are continuing to resolve. We also will communicate any additional tips or suggestions that may help in restoring your content.

We recognize the magnitude of this inconvenience. Our primary efforts have been focused on restoring our customers' personal content. We also are considering additional measures for those of you who have lost your content to help reinforce how valuable you are as a T-Mobile customer.

We continue to advise customers to NOT reset their device by removing the battery or letting their battery drain completely, as any personal content that currently resides on your device will be lost.

Once again, T-Mobile and Microsoft/Danger regret any and all inconvenience this matter has caused.

Tags: sidekick, T-Mobile


Things you can do from here:


Google News: Internal Affairs: NASA Ames' moon show is much ado about nada

Google News
San Jose Mercury News - ‎3 hours ago‎
By the Mercury News IA woke up at 3:15 Friday morning to - what else? - watch NASA blast a crater in the moon's tuchus. We even woke our kids for this one, what with the promise of a brilliant plume of lunar detritus visible with a mere ...
all 3,129 news articles »

Browse all of today's headlines on Google News

Friday, October 2, 2009

r20091002: Computer Security


        The Authorization section covers attacks that target a web site's method of determining if a user, service, or application has the necessary permissions to perform a requested action. For example, many web sites should only allow certain users to access specific content or functionality. Other times a user's access to other resources might be restricted. Using various techniques, an attacker can fool a web site into increasing their privileges to protected areas.

    • Credential/Session Prediction

      Credential/Session Prediction is a method of hijacking or impersonating a web site user.

    • Insufficient Authorization

      Insufficient Authorization is when a web site permits access to sensitive content or functionality that should require increased access control restrictions.

    • Insufficient Session Expiration

      Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

    • Session Fixation

      Session Fixation is an attack technique that forces a user's session ID to an explicit value.

          Client-side Attacks

          The Client-side Attacks section focuses on the abuse or exploitation of a web site's users. When a user visits a web site, trust is established between the two parties both technologically and psychologically. A user expects web sites they visit to deliver valid content. A user also expects the web site not to attack them during their stay. By leveraging these trust relationship expectations, an attacker may employ several techniques to exploit the user.

      • Content Spoofing

        Content Spoofing is an attack technique used to trick a user into believing that certain content appearing on a web site is legitimate and not from an external source.

      • Cross-site Scripting

        Cross-site Scripting (XSS) is an attack technique that forces a web site to echo attacker-supplied executable code, which loads in a user's browser.

            Command Execution

            The Command Execution section covers attacks designed to execute remote commands on the web site. All web sites utilize user-supplied input to fulfill requests. Often these user-supplied data are used to create construct commands resulting in dynamic web page content. If this process is done insecurely, an attacker could alter command execution.

        • Buffer Overflow

          Buffer Overflow exploits are attacks that alter the flow of an application by overwriting parts of memory.

        • Format String Attack

          Format String Attacks alter the flow of an application by using string formatting library features to access other memory space.

        • LDAP Injection

          LDAP Injection is an attack technique used to exploit web sites that construct LDAP statements from user-supplied input.

        • OS Commanding

          OS Commanding is an attack technique used to exploit web sites by executing Operating System commands through manipulation of application input.

        • SQL Injection

          SQL Injection is an attack technique used to exploit web sites that construct SQL statements from user-supplied input.

        • SSI Injection

          SSI Injection (Server-side Include) is a server-side exploit technique that allows an attacker to send code into a web application, which will later be executed locally by the web server.

        • XPath Injection

          XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.

              Information Disclosure

              The Information Disclosure section covers attacks designed to acquire system specific information about a web site. System specific information includes the software distribution, version numbers, and patch levels. Or the information may contain the location of backup files and temporary files. In most cases, divulging this information is not required to fulfill the needs of the user. Most web sites will reveal a certain amount of data, but it's best to limit the amount of data whenever possible. The more information about the web site an attacker learns, the easier the system becomes to compromise.

          • Directory Indexing

            Automatic directory listing/indexing is a web server function that lists all of the files within a requested directory if the normal base file is not present.

          • Information Leakage

            Information Leakage is when a web site reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system.

          • Path Traversal

            The Path Traversal attack technique forces access to files, directories, and commands that potentially reside outside the web document root directory.

          • Predictable Resource Location

            Predictable Resource Location is an attack technique used to uncover hidden web site content and functionality.

                Logical Attacks

                The Logical Attacks section focuses on the abuse or exploitation of a web application's logic flow. Application logic is the expected procedural flow used in order to perform a certain action. Password recovery, account registration, auction bidding, and eCommerce purchases are all examples of application logic. A web site may require a user to correctly perform a specific multi-step process to complete a particular action. An attacker may be able to circumvent or misuse these features to harm a web site and its users.

            • Abuse of Functionality

              Abuse of Functionality is an attack technique that uses a web site's own features and functionality to consume, defraud, or circumvents access controls mechanisms.

            • Denial of Service

              Denial of Service (DoS) is an attack technique with the intent of preventing a web site from serving normal user activity.

            • Insufficient Anti-automation

              Insufficient Anti-automation is when a web site permits an attacker to automate a process that should only be performed manually.

            • Insufficient Process Validation

              Insufficient Process Validation is when a web site permits an attacker to bypass or circumvent the intended flow control of an application.

              Related articles by Zemanta

                  Reblog this post [with Zemanta]

                  Wednesday, September 23, 2009


                  das web ist nur ein lernbehelf. das ziel ist die persoenliche tagcloud und die faehigkeit, damit zu arbeiten.

                  in reference to: rcollector on Facebook (view on Google Sidewiki)


                  what about pages, that get removed?

                  in reference to: Kevina Inman (KevinaInman) on Twitter (view on Google Sidewiki)

                  Sammlung meiner Sidewiki Eintraege

                  ...damit mal kommentiert werden kann.

                  in Bezug auf: massive self reference (auf Google Sidewiki anzeigen)


                  did you try g-toolbar settings 'Layout' @bottom: 'Keep features working with invisible toolbar'?

                  in Bezug auf: Wes Cook - Google Profile (auf Google Sidewiki anzeigen)

                  Deleted Entries

                  All entries of my wordpress blog older than this have been deleted

                  in Bezug auf:

                  "Roger added a blog entry translate"
                  - Roger Andel's Profile - Windows Live (auf Google Sidewiki anzeigen)

                  Sample Entry

                  I am testing Google Sidewiki

                  in Bezug auf:

                  "Roger added the blog post personal finance @170 million on WordPress"
                  - Roger Andel's Profile - Windows Live (auf Google Sidewiki anzeigen)

                  Thursday, August 6, 2009



                  exploit now

                  (dauert ein bisserl...)

                  ddos now

                  (dauert ein bisserl...)

         - Google Search

                  Posted from Diigo. The rest of my favorite links are here.