I originally wrote this piece for a pentesting magazine, but after some unprofessional behavior by their editor I lost my cool and decided not too publish it there. It’d be a shame to let it go to waste though, so I after almost three month I finally decided to put it up on my blog.

Whether you are working as a security professional or a network administrator, chances are that Nmap (“Network Mapper”) is part of your regular toolkit. For many people this project, which was started by Gordon “Fyodor” Lyon in 1997, is the first choice when it comes to host and service discovery. But thanks to the Nmap Scripting Engine (NSE), it can do much more than that, allowing users to easily develop and share their own scripts, thus turning it into a versatile security scanner.

What you will learn…

• basics of the Lua programming language,
• walkthrough of a simple NSE script,
• where to find more information on scripting Nmap and Lua in general.

What you should know…

• basic Nmap usage,
• an imperative programming language.

The Nmap Scripting Engine (NSE)

Scripting has been part of Nmap for a while, but version 6 includes a dramatically improved implementation of the NSE infrastructure. This also led to an enormous increase in available scripts, from 59 in version 5, to 347 in the latest release and more than 430 in the current SVN repository. The core of NSE is an embedded Lua interpreter. Before NSE’s implementation started, the Nmap developers considered various programming languages for inclusion, but finally settled on Lua because it’s small, liberally licensed (MIT), fast, actively developed and designed with embeddability in mind. It’s also used in other popular FOSS security tools like Wireshark and Snort, as well as in popular projects such as World of Warcraft or the window manager Awesome.

The Lua Programming Language

Development of Lua started in 1993 at the Pontifical Catholic University of Rio de Janeiro, Brazil. It was designed by Roberto Ierusalimschy, Waldemar Celes and Luiz Henrique de Figueiredo, with the primary goals of being lightweight, cross-platform and easy to embed in other projects. These goals were achieved by writing the language in portable ISO C and giving it a comparatively simple C API. Also Lua’s interpreter only takes up about 180 kB in compiled form, so embedding it does not incur a huge cost. Over the years it became a popular scripting and extension language, used in a wide variety of projects. The syntax of Lua should be familiar to anyone who has experience in Modula or C style languages (control structures like if, while, for), but the designers borrowed liberally from other languages as well: the semantics of Lua are heavily influenced by Scheme, and even though the different syntax obscures this a bit, it becomes rather clear the longer you use the language. In some ways it feels like a cleaner and better designed JavaScript, so it’s normally easy to understand a given snippet of Lua code even with little or no previous exposure to the language.

Key features

Lua features first-class functions, thus allowing the developer to treat functions like any other data type. It also doesn’t impose a certain programming paradigm, but instead provides meta-features to extend the language as needed. This for example makes it possible to implement things like inheritance in a rather simple and straightforward way without explicit language support. Lua is also garbage collected, features closures and proper tails calls and provides an infrastructure for cooperative multitasking in the form of coroutines. While most of this goes beyond the scope of this article (and NSE), interested readers can find more information in the excellent book “Programming in Lua”, an older version of which is available for free on the project’s web site.

Tables

There’s is however one more feature of Lua that’s worth discussing in a bit more detail, namely its reliance on a single compound data structure, the table. Tables are in essence what other languages commonly refer to as associative arrays or dictionaries, or key-value pairs. This is how you create a simple table:

1

table = { x = 10, y = "foo" }

The values can be accessed like this: t[“x”] and t[“y”]. For string keys Lua supports a nice shorthand though, so t.x and t.y will produce the same result.

One special feature of Lua’s tables is that they are also optimized for use as arrays, which can be created like this:

1

array = { "citizen", "428", "blog" }

Indices are assigned automatically and unlike in other languages start from 1, not 0 (although it is possible to explicitly assign to array[0]). So to get the string “428” out of our array, we have to use array[2].

With this comparatively simple data structure (and the powerful metatable feature) Lua not only implements arrays and dictionaries, but also records/structs, namespaces, classes, objects and much more.

Examples

Enough theory, let’s look at some example Lua code. First the customary “Hello world” program:

1

print “Hello world”

This will just output Hello world. Now for a function definition:

1
2
3

function sayHello(name)
  print ("Hello " .. name .. "!")
end

To generate the same output as above, we would have to call the function with the appropriate argument: sayHello(“world”). Alternatively, the same function could be defined like this:

1
2
3

sayHello = function(name)
  print ("Hello " .. name .. "!")
end

Last but not least a small loop that iterates over an array and prints out each element (ipairs returns the index-value pairs of an array):

1
2
3

for i, str in ipairs(array) do
  print (i..": "..str)
end

Assuming the variable array contains the elements “citizen”, “428”, and “blog”, this will generate the following output:

1: citizen
2: 428
3: blog

NSE example script

The Nmap web site contains some excellent documentation regarding NSE (short intro, full book chapter, tutorial, so instead of repeating all of what’s written there, we’ll look at a practical example instead. The script shown here is http_generator.nse, which looks for the presence of an HTTP generator meta tag to determine which CMS the scanned hosts run (if any). This information can be useful, since outdated versions of such systems are common attack vectors.

Library imports

1
2
3
4

local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"

It’s customary to start Nmap scripts by importing all the needed libraries. In the process they are assigned to local variables, so if you wanted to access them under a different (presumably shorter) name you could do so (for example local s = require “string”). There’s a wide variety of available libraries, from protocols (afp, dns, http, bitcoin, openssl etc.) over encoding/decoding (base32, base64, json) and utility libraries (nmap, packet, pcre) to a framework for brute-force attacks against services (brute). The script we are looking at uses the http library for communication, shortport for an easier way to define portrules (more on that later), and stdnse, a collection of utility functions provided by NSE. The string library is a standard Lua library and used for string matching in this example.

Metadata

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

description = [[ Displays the contents of the "generator" meta tag of a web page(default: /) if there is one.
]]

author = "Michael Kohl"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}

---
-- @usage
-- nmap --script http-generator [--script-args http-generator.path=<path>,http-generator.redirects=<number>,...] <host>
--
-- @output
-- PORT    STATE SERVICE
-- 80/tcp  open  http
-- |_http-generator: TYPO3 4.2 CMS
-- 443/tcp open  https
-- |_http-generator: TYPO3 4.2 CMS
--
-- @args http-generator.path Specify the path you want to check for a generator meta tag (default to '/').
-- @args http-generator.redirects Specify the maximum number of redirects to follow (defaults to 3).

-- Changelog:
-- 2011-12-23 Michael Kohl <citizen428@gmail.com>:
--   + Initial version
...

After the library imports, scripts contain some metadata that is used for documentation and internal purposes. The description and author variables are self-explanatory, the syntax used for the former is Lua’s way of creating so-called “heredocs”, string literals that preserve white space and line breaks. In regard to the license script authors have two choices, the GPL-like Nmap license, as well as a simplified (2-clause) BSD license. Last but not least there’s documentation in the NSEDoc format. It’s customary to include usage documentation, example output, descriptions of all the available arguments (if any) as well as a changelog.

There’s another important field that this specific script doesn’t use, dependencies. This defines the order in which scripts should be run and is used for the case where one script works on the results of another script. It’s important to keep in mind that scripts listed here will not be automatically run, they still have to be selected via –script scriptname or in another way (for example –script=default).

The categories variable is a bit more interesting, it defines which groups of scripts our current program belongs to. Scripts marked as default will be run automatically when Nmap is started with the -sC or -A options.To qualify for inclusion in this category, scripts have to adhere to some criteria: they need to be fast, reliable, non-obstrusive and generally useful. There are no clear definitions for these criteria, it’s up to the Nmap developers to add a script to this category. The discovery category collects all scripts that actively try to gather more information about the scan targets, in our case the “generator” HTML meta tag. If a script is marked as safe, that means that it was not written with the intent of crashing services or exploiting vulnerabilities and that it’s unlikely to consume large amounts of resources. There are many more categories Nmap uses, for example auth (scripts dealing with authentication credentials), brute (tools for brute force attacks) or vuln (checking for specific vulnerabilities). For a full list, please consult Nmap’s excellent documentation.

Now that we know a bit more about categories, let’s see how we can use that knowledge for more interesting Nmap runs. Let’s start by running all the default scripts:

1

nmap -sC example.com

or

1

nmap --script=default example.com

The invocation nmap -A example.com (“Aggressive/advanced scan options”) enables OS and version detection, script scanning (equivalent to nmap -sC), and traceroute.

If you just want to run a single script, you can do so by specifying the –script argument, for example nmap –script http-generator example.com.

It’s also possible to run scripts from several categories, by using something like nmap –script “default,safe” example.com or nmap –script “default or safe” example.com. There is an analogous and operator, so nmap –script “default AND safe” example.com will only run scripts that are in all the listed categories.

As an example for a rather complex invocation, the following command will run all scripts from the three specified categories, except for the ones whose name starts with “http-”.

1

nmap --script "(default or safe or intrusive) and not http-*" example.com

Last but not least it’s also possible to run user scripts which are not part of the standard Nmap distribution, as show in the following example:

1

nmap --script default,banner,/home/user/customscripts example.com

The above invocation will run all default scripts, the script named “banner” and all scripts which can be found in the directory /home/user/customscripts.

Rule

The rule definition is an important part of every NSE script, it determines when the script should run. A rule is a Lua function that returns true or false to decide whether or not the script’s action function will be executed. There are several different rule types, depending on when the script is supposed to run (before or after hosts are scanned, prerule and postrule) or if the trigger is a specific host or port (hostrule and portrule).

The rule definition in our example script is very simple since it uses the very handy shortport library, which has several predefined rules for common scenarios:

1

rule = shortport.http

This will match and return true when a given port is likely to be an HTTP port.

Action

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

action = function(host, port)
    local path = stdnse.get_script_args('http-generator.path') or '/'
    local redirects = tonumber(stdnse.get_script_args('http-generator.redirects')) or 3

    -- Worst case: <meta name=Generator content="Microsoft Word 11">
    local pattern = '<meta name="?generator"? content="([^\"]*)" ?/?>'

    -- make pattern case-insensitive
    pattern = pattern:gsub("%a", function (c)
                  return string.format("[%s%s]", c, string.upper(c))
              end)

    local response = follow_redirects(host, port, path, redirects)
    if ( response and response.body ) then
        return response.body:match(pattern)
    end
end

The action function is the heart of every NSE script, it contains the code that will be performed when the rule matches. Basically action is just another Lua function that accepts the same arguments as the rule function (which is not as obvious in our example because of the use of the shortport.http rule).

The function starts with checking for the presence of two arguments and specifies defaults in case the user didn’t provide any values for them. Arguments can be passed to the script in the following way:

1

nmap --script http-generator --script-args http-generator.path=/cms,http-generator.redirects=2 example.com

They get stored in the table nmap.registry.args, but instead of using them directly you should use the function stdnse.get_script_args to access them.

After the argument handling, a pattern matching the HTTP “meta” tag is specified. Standard Lua does not include a regular expression library, but uses its own patterns instead. While there is a library providing Perl-compatible regular expressions (PCRE) for Nmap, it seemed like overkill to drag it in for a single expression, so I relied on plain Lua for this, which explains the little workaround used in the next line to make the pattern case insensitive by replacing every letter (the pattern %a) with its lower and upper case version. After that the follow_redirects helper function is used to get an HTTP response, and if there is one, its body will be scanned for our pattern.

If there is a match, the function will return the matching string and Nmap will automatically include it in its output as shown here:

PORT   STATE SERVICE
80/tcp open  http
| _http-generator: WordPress.com |

Instead of a string the action can also return tables consisting of name-value pairs which are then formatted in a structured fashion, whereas the return value nil generates no output at all.

As you may have noticed I didn’t yet show you the helper function mentioned above, so while it’s not very interesting in itself, I’ll include it for completeness’ sake:

1
2
3
4
5
6
7
8
9
10
11

local follow_redirects = function(host, port, path, n)
    local loc
    local pattern = "^[hH][tT][tT][pP]/1.[01] 30[12]"
    local response = http.get(host, port, path)
    while (response['status-line'] or ""):match(pattern) and n > 0 do
        n = n - 1
        loc = response.header['location']
        response = http.get_url(loc)
    end
    return response
end

This helper function is a simple way to follow HTTP redirects. It first defines a pattern for recognizing the relevant HTTP status codes (301 and 302) before making a request to the specified host, port and path combination. It then checks for the presence of a redirect and if there is one, follows it to retrieve the location information from the new location. When there are no more redirects or the redirect limit (specified in the argument n) has been reached, the function returns the full HTTP response to the caller.

Digging deeper

And that’s all there is to it! Thanks to the excellent infrastructure provided by NSE and all its libraries, writing custom Nmap scripts is a pretty easy and straightforward task. Anybody with a bit of scripting experience should be able to pick up the basics in a very short time and then learn about the finer points while developing scripts. The Nmap development team has assembled some excellent documentation which can be found online at http://nmap.org/book/nse.html. There’s also a great presentation by Fyodor and Nmap co-maintainer David Fifield available online which gets you started on developing your own NSE scripts in less than an hour.

Summary

Nmap is a popular tool for security and network professionals around the world, and its excellent scripting capabilities make it very versatile. The Nmap Scripting Engine relies on the popular and easy to learn Lua programming language, and provides useful libraries for quickly and efficiently developing your own custom scripts, which can then be shared with the wider Nmap user community.

Oh man, this is one overdue post. I wanted to write about Mexico forever, but then we were traveling in Taiwan, and suddenly the whole Latin America experience just seemed so far away already… Anyway, we are now in Vietnam (Hanoi to be more specific), so I thought I’d finally sit down and write up my impressions.

Mexico was one of the places I wanted to visit for a long time, so before we went, I was a bit nervous that it may not live up to my expectations. But not only did it do that, it actually far exceeded them! There are fantastic things to see, the food is exceptionally good (also for vegetarians) and the people amazingly friendly. Also it felt like a really safe and easy place to travel: as opposed to big parts of South America the security situation in Mexico is pretty relaxed, even though stuff does of course happen. On top of that there are good roads everywhere and ADO is a very nice bus company, so we generally didn’t dread moving from A to B. With that said it’s quite unfortunate we only had 4 weeks there, but we had booked the flight to Taiwan beforehand in order to avoid getting stuck in the Americas for all of our trip. Turns out that was a good idea, because Mexico alone could easily have kept me entertained for several more month.

Our trip started in Tulum, which features a beautiful beach and a cute little set of ruins. Unfortunately Chaak (the Mayan rain god) wasn’t on our side, so we only managed to get one and a half proper beach days. On the upside we got to taste tons of good food and also explore the nearby ruins of Coba. We then went to lovely Valladolid and the ruins of Ek Balam, both of which are a bit overlooked by tourists (or just crammed in on day tours). I’m glad we stayed there, a super relaxed little town, and the ruins were among my favorites in Mexico. Next stop was Merida, which is a decent place in itself, but also the gateway to the ruins of Uxmal. A decent place, but slightly tainted by the memory of annoyingly obnoxious hostel neighbors. If you’ve been to Mexico before and wonder, yes, we did in fact skip Chichen Itza. Based on the feedback of people we met, it really did not seem worth the effort in time and money. Instead we decided to give another little and often overlooked town a chance, and I’m definitely happy that we went to Campeche. Quiet, with a small but pretty old town and very down to earth, this is the sort of place I really came to enjoy on this journey, and not only for the lack of a specific type of backpacker I detest. After this brief stop we went on to Palenque, a set of ruins I had heard lots about, and which I found to be a bit disappointing. Letting vendors onto the premises really doesn’t add to the atmosphere, even if they don’t hassle you… At least the setting of our hostel was very scenic, in that small cluster of hostels right at the beginning of the national park. The next stop was one of my absolute favorites, San Cristobal de las Casas where we ended up staying almost twice as long as we originally planned. True, it’s small, but thanks to several cultural centers there’s a surprising lot to do in town. It’s also Zapatista heartland, so if you have any interest in the EZLN, this is THE place to be. Our trip to the coast around Puerto Escondido got canceled due to a hurricane, so we went straight to Oaxaca instead, which was also quite nice. Unfortunately P. got sick, so I mostly explored it by myself including a Mezcal factory, a petrified waterfall, and of course more ruins. Last but certainly not least was the D.F. (Distrito Federal), more commonly know as Mexico City outside of the country. You have to understand that I wanted to visit this city since my elementary school days, when I first heard that it’s the biggest in the world. It may not be anymore, but it’s still one of the most interesting places I ever visited. It’s hard to put the city into words, but it has everything: the old, the new, the very poor, the super rich. It’s a giant, it’s a moloch, and yet, it’s lovely. While not all of it is pretty, the parts that are, really are. When you walk into Coyoacan or San Angel for the first time, it’s hard to believe that they are part of Mexico City at all. And given the size of the place, it’s incredibly how friendly and helpful most of the people still are. BTW, thanks again for dinner and a great chat Hector! It’s hard to put Mexico City into words, you better go there yourself!

No post about Mexico could be complete without a separate mention of the food. I always considered Mexican cuisine to be one of my favorites, but I wasn’t sure how authentic it was. Turns out that the things we know like tacos, burritos, quesadillas, enchilladas, fajitas, and guacamole traveled rather well to Europe, although unfortunately we can’t find them at tasty little street stalls where they are almost ridiculously cheap at times. But there’s just so much more: sope, gorditas, molletes, tortas, papadzules, brazo de reina, tlayudas, and a ton of delicious things I can’t remember the name of. Just writing about it now makes we want to go back right away…

Mexico definitely was one of the highlights of this trip for me (actually of all my travels so far), I’d instantly go back.

Back in October I broke my trusty old Kindle Keyboard, a rather annoying thing to happen at the beginning of a long trip. As a workaround I started to use the Kindle app on my iPod Touch, and while I did manage to finish several books on it, it’s a bit annoying to read on such a small screen. So I decided to get a new device, but which one? Either the new Kindle Paperwhite, a Kindle Fire or maybe just an iPad or an Android tablet with the Kindle app?

Tablet or Kindle?

Lately I got a lot more serious about my chess playing, so I own several books on the topic in digital form. Needless to say, they don’t do too well on a “classical” Kindle, so I started considering a Fire or other tablet. Once I started thinking along those lines, another group of publications came to mind, comics and graphic novels. I used to love and collect them, but eventually stopped because they just take up way too much space. Nowadays a lot of publishers do have digital editions though, so this became the point where the Paperwhite got thrown out of the race.

The decision process

So I knew I wanted a tablet, and I knew I wanted something small. This left me with four contestants, the Kindle Fire HD 7”, the iPad Mini, the Nexus 7 and the Galaxy Tab 2 7”.

I like Apple products, but I wasn’t really willing to shell out the money for an iPad Mini (although you can get them for as little as 300 bucks at Wallmart at the moment). One down, three to go. Now for the Nexus 7. It’s a powerful Android device and also caters to the “power user”, whatever that’s worth in the tablet world. Alas I found a ton of comments and posts about quality issues (DOA, glass coming off the screens, devices having to be RMA’d after only two weeks etc.) so I was hesitant to get one, because the last thing I need while traveling is carrying around a dead device while trying to get it replaced. Also at $250 it was only $50 cheaper than an iPad Mini.

That left the Kindle Fire HD and the Galaxy Tab 2, the latter of which is ridiculously cheap by now (the cheapest I saw was $150 with a cover), but it’s also not exactly the newest piece of hardware. I still was leaning in the direction of the more general device though… Until I walked into a Radioshack during our layover in Florida, saw the Kindle Fire HD and bought it. Damn you, instant gratification!

First impressions

When I turned it on for the first time, I was amazed. The display is good, and I mean really good! As are the Dolby speakers. In short, I find the audio and video quality to be pretty amazing for a 7 inch device. Reading with the Kindle app is a pleasure, as is watching movies and listening to music. I actually really enjoy watching stuff on the Kindle Fire, much more than I expected on such a small screen.

But then I started to explore a bit more, and I got disappointed rather fast. Amazon’s user interface clearly was only built for two purposes: shopping and consuming content. The Kindle Fire is not meant to be a full-fledged Android tablet, it’s a portable frontend to the Amazon store and cloud. Starting from the ads which get displayed when you wake up the device (I know, you can pay to have them removed), over the unavailability of many apps in Amazon’s app store (for example all Google apps like GMail or Google Maps) to the extremely content focused UI, everything screams “Consume!” in a rather shrill and annoying voice.

Making it work for me

Luckily, there are lots of things you can do to make the Kindle Fire a lot more interesting, even without rooting it (something I really can’t be bothered to do while on the road).

First off, you will need an alternative app store. After some research I settled on SlideME, mostly because they actually check the applications they are offering, thus alleviating some of the security concerns I had about other offerings. Next I got myself a decent file manager in the form of ES File Explorer, before setting out to find a decent browser. Yes, a browser, because somehow Amazon’s own offering, called Silk, doesn’t really cut it for me. It has good features, but I found it to be rather sluggish. And I had some privacy concerns about the cloud rendering, euphemistically called “Accelerate Page Loading” in the settings. Sure, you can choose to encrypt the data or disable this “feature” completely, but it did leave a somewhat bitter aftertaste. Most people seem to prefer Dolphin or similar offerings for their Android devices, but I settled for the good old Firefox (or rather Aurora) in its mobile incarnation. It’s a solid app and so far provides everything I need, including a direct download from the website. This is how I interact with Google apps for the time being, I just use their mobile versions in the browser.

App store fixed, file manager acquired, browser fixed, on to the horrible UI. Unfortunately there’s not really too much you can do in this regard, but I found Smart Taskbar to be a huge improvement. It has a small icon for triggering the app from everywhere and features quick launch for up to five apps, configurable labels and much more. Not as good as having a “normal” Android interface, but definitely much better than the standard Kindle Fire offering.

Last but not least I installed Dropbox for easier file exchange, which is super easy because there’s a direct download link on the web site. I wish more developers would do this…

More content

Once I was done with the basics, it was time to add more content sources/viewers. ComiCat is an exzellent CBR/CBZ reader and I highly recommend it for managing and reading your digital comics. ComiXology (and its app Comics) also is a good addition, especially since they have a rather well stocked online store and a decent read-by-panel feature. Both of these apps are available in Amazon’s app store ($3 for ComiCat, Comics is for free).

For access to more books I added the Gutenberg eReader app, a frontend to the well-known Project Gutenberg, as well as the NOOK software. Yes, NOOK, on a Kindle. As you can imagine this did not come from the official app store but from SlideME instead. Since I’m usually really happy with Amazon’s offerings I’m not even sure I’ll use it, but it’s nice to have a choice and apparently the NOOK store has a dedicated comic section, so who knows…

On to movies. While Amazon’s streaming service is great (or so I’ve heard), it’s of no use to me while traveling. I do however have quite a few films and documentaries on my netbook (go check out VODO, there’s some great free stuff on there), but I don’t want to convert all of them to a format the Kindle understands. Enter MoboPlayer, a great free movie player that can deal with a ton of formats and even has a windowed mode. Yes, on a tablet!

With comics, books and movies covered, what’s left? Games! The guys over at Humble Bundle don’t only compile great game bundles, they also have a nifty Android app, that let’s you manage all your purchases. Since they offered several Android bundles in the past I actually have a ton of games, and the Kindle Fire is an excellent device to play them on.

Of course I have a lot more apps than that (Instapaper, Twitter, Flipboard, LinkedIn etc.) but they all come from the official app store and don’t really need any explanation here.

Final verdict

After I got over my initial frustrations, I REALLY like my Kindle Fire. I guess it’s all about expectation management. This is not a productivity device, it’s a gadget for consuming media in all its forms. I especially love reading comics and graphic novels on it, the colors are great, and the resolution is high enough to actually be able to enjoy them, even on a rather small screen. It’s also great for watching movies or listening to music and audiobooks, and since it’s a Kindle, reading eBooks is a pleasure too once you configured the app to your liking.

The hardware is fantastic (especially for $200) and the battery life (around 10-11h) is great. I don’t exclude the possibility of rooting it in the future and maybe even flashing a different ROM, but for now I take the Kindle Fire for what it is and thoroughly enjoy it that way: during a bus ride the other day I read a book, watched a video, and read some comics, all on the same device.

After a three day layover in the U.S., Mexico seems like the perfect place to write up my thoughts and the roughly 7.5 months we spent in South America. I’m sure there are plenty of omissions, but it should be enough to give you an idea.

Paraguay
A good place for easing into South America. The strong Guarani influence is very interesting and the Jesuit ruins in Trinidad were one of the more memorable sights of this trip, especially since we had them almost completely to ourselves. The people were more reserved than in other countries, but generally friendly and helpful. We met some amazing young people (thanks for everything Chalo, Javier and Cesar!), which give you lots of hope for the future of this country.

Memorable foods and drinks: Chipa, sopa paraguaya, mbeju, chipa guazu, terere.

Spanish: Our introduction to Rioplatense dialect, my favorite Spanish dialect so far.

Argentina
Probably the South American country I wanted to visit for the longest time. Buenos Aires was all that I expected and probably more. Iguazu was amazing, Mendoza was chilled out and very relaxing, the Andean part offered some breath-taking views and some of the best food in the country. People were friendly and chatty (and loud), but have a tendency of making everything about Argentina, which can get a bit tiring at times. Also the food wasn’t always that great, since vegetarianism roughly equals treason. They may well have the best ice cream outside of Italy though and there were other great sweets too. I’d love to live in Buenos Aires, but as one of our friends once said: “In this city everything that can be easy is hard, and everything that can be hard is super-hard…” Oh btw, a special thanks to Eze for hosting us for 10 days or so at his place in Buenos Aires and to all the great teachers at El Pasaje Spanish School!

Memorable foods and drinks: Quinoa empanadas, quinoa risotto and goat cheese in Jujuy, empanadas in Buenos Aires, provoleta, vegetarian BBQ at Mate Hostel in Cordoba, chocotorta, alfajores, ice cream. Mate. Red wine.

Spanish: ¡Che, boludo! Different pronunciation, different vocabulary and a rather Italian melody.

Uruguay
Ah, Uruguay, hobbit land. Rolling green hills, cows, mate, more cows, more mate. And another hill or two. Plus lovely little villages on the Atlantic coast and some of the most chilled out people I’ve ever met. Montevideo may not be a beauty, but it has its charms (like 22km of coast line, colorful colonial houses, a great weekly flea market) and we stayed much longer than most other travelers. I think I may actually want to live there for a year or so at one point. I can’t say too much about the food (which is essentially the same as in Argentina) since we mostly self-catered, but for that there were some excellent fruits and vegetables around.

Memorable foods and drinks: Pizza and faina at Subte, Montevideo. Empanadas in the Ciudad Vieja, Montevideo. Alfajores. Mate (everyone, everywhere, all the time). Red wine (surprisingly).

Spanish: Basically like in Argentina.

Chile
Stunning. Due to its unique shape, you are never too far from the Andes AND the Pacific. Yes, both, at the same time. It’s totally feasible to start a day with a hike in the mountains, take a bus and still fall asleep to the sound of the ocean. The food was good, with more vegetarian options available. Plus the markets feature some of the nicest fruits and vegetables I ever saw. Also you can buy a kilo of avocados for less money than 2 avocados cost in Vienna. The people were lovely too! I was especially fond of Santiago, which has some great neighborhoods (Bella Vista, Barrio Brasil) and a very active cultural life. Another city I would give a try for living!

Memorable foods and drinks: Pizza at Fabrica de Pizza, Santiago. Avocado. A surprising amount of food in San Pedro de Atacama. Red wine. Pisco (Pisco Sour and Piscola).

Spanish: Fast, faster, Chilean. ¿Cachai, huevon?

Bolivia
Quite likely my least favorite country of the ones I saw in South America. While it features absolutely stunning landscapes (especially around Tupiza and in the Lipez region), I never warmed to the people. I also expected much more of Sucre after meeting so many people who loved it, but at least La Paz was a rather interesting place. Interesting mind you, not pretty or anything. I absolutely loved the area around Lake Titicaca though, even the people were friendlier. After we talked to so many enthusiastic people, I found Bolivia rather disappointing and wouldn’t need to go back anytime soon.

Memorable foods and drinks: Vegetarian saltenas in La Paz. Lentil and quinoa burgers in LP. Everything from Tierra Sana in LP. Fries with peanut sauce and mayonnaise at Florin, Sucre. Chicha morada.

Spanish: The first country where the Spanish sounded more like what one is used to from Spain.

Peru
Before we got there, we heard mixed reviews of Peru. It seems to be a place you either love or hate, with us definitely being in the former category. There are some absolutely stunning historical sites (yes, that includes Machu Picchu, although I find it’s way overpriced), great food, and incredibly friendly people. Cusco was super touristy yet very nice and relaxed, Lima surprisingly pleasant (not least because of Christian, our amazing CouchSurfing host) and we also had a really good time on the coast and in Huacachina, a little desert oasis (thanks Birgit for the tip!). Chiclayo is quite the shithole but has one of the best museums we saw on this trip and if I had to get stuck somewhere for Easter weekend, worse places than pleasant little Piura come to mind. And let’s not forget Arequipa and the amazing Monasterio de Santa Catalina, a sight definitely worth seeing.

Memorable foods and drinks: Arroz a la cubana, food stalls at the Mercado Central in Cusco, pizza at “La Pizza de Carlo” in Cusco, rocoto, palta rellena, queso andino, chocolate cake with dulce de leche. Chicha.

Spanish: Lots, because if you kill a Peruvian, you probably have to kill the mouth separately. Also the perfect tense made a reappearance in spoken language.

Ecuador
Ecuador, how much I like you! From the moment we got into Vilcabamba, I was certain we’d have a good time there and that we did. We met some great people, saw some amazing places, lived and worked at a Hare Krishna farm, visited a friend of P.’s who lives in Guayaquil, went to the Isla de la plata (aka “the poor man’s Galapagos”), kicked back on the beach in Canoa (where I also won some money in a small poker tournament) and generally just felt very relaxed.

Memorable foods and drinks: Everything at the Hare Krishna farm, where for an entire week everything was vegetarian and I didn’t have to hunt around for food for once. Arepas and patacones in Puerto Lopez (admittedly Colombian, but they were good), arepas in Quito. Chocolate, oh delicious chocolate that we stocked up on (eating some as I write this).

Spanish: Standard, pleasant, easy to understand.

Colombia
Another place many people love and that has a lot of hype surrounding it. Coming in from Ecuador we drove through some rather heavily militarized zones and had our buses and luggage searched by the army twice, which does leave you with a bit of a strange feeling. I never quite got why everybody seems to like Medellin so much. I liked both Cali and Bogota more. And then there’s Cartagena: super touristy, expensive, but still rather relaxed and relaxing and VERY pretty. One of my favorite parts was Santa Marta though (kinda like a more “real” Cartagena), where we stayed in a hotel that used to be owned by a drug cartel and which was rather incredible. It also was full of nice people and featured a cool swimming pool, so we got stuck there for a bit but at least managed to go to lovely Minca close by.

Memorable foods and drinks: Pizza at “Los Bohemios” in Bogota. Arepas, patacones, fruits and vegetables you’ve never heard of. Juices made of the same. Coffee (OMG the coffee).

Spanish: Lots of people love Colombian Spanish, and I can understand why. It’s rather standard, easy to understand and some Colombians (e.g. in Antioquia) speak with a great melody. ¡Que bacano, marica!

Regrets

• Not going to Patagonia in either Argentina or Chile. There were reasons, some better than others. While I’m sure Argentinian Patagonia is awesome too, I’m especially sorry about Torres del Paine, but at least it’s a good excuse for going back to one of my favorite countries of this trip.
• Not having more time for Bogota. It seems to be a super interesting city, full of life and (free) culture.
• Skipping Brazil. We wanted to go, but it’s really quite expensive, so for a long trip we considered it to be outside our budget. Also it’s huge, you can easily spend several months just there.

Links

• If you are interested in the Spanish language, you’ll find this hilarious: Que dificil es hablar es Español
• The map of our trip so far: Tripline

I know there’s lots of other things I could tell you about (like Peru), but we spent last week at a Hare Krishna temple/farm in the Ecuadorian jungle at that’s gonna be today’s story.

First off, if you want to know more about the Hare Krishna, head of to Wikipedia and read about Vaishnavism. How did we come up with the idea of staying there? Well, P. read a blog post by a Canadian woman who stayed for a while at the Eco Truly Park close to Lima, Peru. What she wrote sounded interesting, so we considered going there. For various reasons we didn’t though, so we decided to go to a place that’s part of the same network, namely the Finca Vrindavan close to Rio Negro in Ecuador.

I have to admit, before we got there I was rather skeptical. I’m not exactly a religious person (actually far from it), and I have a strong dislike for pseudo-hippies who spend too much time talking about “energy”. But I was willing to give it a try, and I’m glad I did. The few permanent residents of the place were believers from various countries (Ecuador, Colombia, the Dominican Republic and Chile to be precise) and generally were extremely friendly and welcoming. Also, and that was important to me, they never tried to convert any of us volunteers, but were always up for answering questions about their believes if one cared to ask, which I did a lot. They did impose a few rules on us though, but they were easy to follow, especially for only a week:

• All the food was lacto-vegetarian (basically only sweets) or vegan (most other food), no meat or eggs allowed on the premises.

• No smoking, alcohol, drugs or intoxicants of any type, including caffeine.

As a vegetarian, this was great, for an entire week I could eat every single meal, without embarking on an epic hunt beforehand and knowing that there wouldn’t be any nasty surprises (“It’s not meat, only chicken…”). Also, everybody in the place, residents and volunteers alike, was so nice, open and welcoming, that we never really felt like we had to watch our belongings or lock our room (most people didn’t).

A typical day at the Finca looked like this:

• 6:30am: Morning prayers. I don’t know of anyone who attended them, but I’m sure some of the more devout Hare Krishnas went there, although one guy explicitly said that he prefers sleeping in instead.

• 7am: Yoga classes. Since I don’t practice Yoga I didn’t bother waking up that early, but a lot of the other volunteers really enjoyed the Hatha and Kundalini Yoga classes.

• Around 8:30am: Breakfast. This consisted of cereals with fruit (no milk) and herbal teas.

• Until lunch (around 1-2pm): Work. Depending on the day, we did between 3 and 4.5h of work every day (except Sunday, which is the free day). I ended up cleaning quite a lot, which isn’t my favorite task, but needed to be done. I also did a day of construction work, where we built new lanterns for one of the forest walking paths and cooked lunch on another. Besides that I generally did more than was asked of us (like help with preparing breakfast or washing dishes) because there was a strong community feeling that really made me feel like contributing. In the process I also learned to make my own gluten, which was rather cool. P. spent most of her time working in the garden and the greenhouse, while others worked on installing new showers in the second house or similar tasks.

• Afternoons: Free time. Most people spent that time studying or chatting to other volunteers or the Hare Krishna. Some also gave impromptu classes on topics they know something about, so I ended up doing one on Qi Gong and Chinese philosophy. I loved the afternoons at the Finca! I read a lot, but also had some great conversations with the many interesting people there, which was rather inspiring.

• 6:30pm: The evening ceremony. While we were never pushed to attend, the ceremony was open to everyone, and I did attend most of the days. As you’d imagine the Hare Krishna spend a lot of their prayer time with singing and chanting mantras, but they also set aside time for a discussion on more philosophical matters, which were also interesting for the non-religious folk.

• Dinner (around 8pm): Another communal vegetarian meal, usually followed by a movie in the library/home cinema (yes, it was a rather modern place). Most of the time I didn’t bother with the films but chatted to people or read instead, but occasionally it was nice to just drop in a beanbag and watch something.

And this is basically how we spent the entire week, in a kind of soothing regularity that had a good mix of meaningful work and idle/study time. I’m not sure I could live like this forever, but I certainly could do it for a lot longer than 1 week. It definitely wasn’t easy going back to a city after our farm life, and I still miss the calm that permeated the entire place.

As should be clear by now, I’m not overly good at writing these things regularly, so I won’t even pretend to be sorry it’s been over a month since the last one, and I also won’t promise that the next one will come any sooner. I also kinda gave up hope on ever properly filling you in on Argentina part 2 and 3 and Chile, so a very short summary will have to do:

Argentina

• Buenos Aires - a collective Stockholm syndrome and one of the most interesting cities I’ve ever visited (see, Stockholm syndrome).
• Cordoba - A nice enough city, surrounded by a very pretty province.
• Mendoza - Lovely city, nice surroundings, spent Christmas in a great little hostel and had an amazing bus ride to Santiage de Chile from there.
• Salta - One of my favorite places in Argentina, a pretty, relaxed little town with some great architecture and a very nice and quirky museum.
• Huamahuaca - While I’m not as enamored by it as other people, it’s a nice place, with an amazing location in the Quebrada de Humahuaca and some of Argentina’s best food. The nearby Hornacal mountain range is one of the most amazing things I’ve seen on this trip.

Chile

• Santiago - While many people don’t seem to like it, I do. Good food, good nightlife, an active cultural life and very friendly people.
• Valparaiso - While it didn’t live up to my expectations (there’s too much hype around it), I did get to like it in the end, since it’s really a haven for street arts.
• Pichilemu - We didn’t even stay in the city proper, but at the “Surf Farm” 15 minutes out of town by car, in the middle of nowhere. A great place, hard to leave.
• La Serena/Coquimbo - Two nice little beaches at the coast, where we stayed with an amazing CouchSurfing host.
• San Pedro de Atacama - Surreal landscapes and the world’s driest desert.

The rest of Bolivia and all of Peru (where we got end of February) will have to wait for the next time, whenever that will be. For the time being you can look at some pictures. although a suicidal SD-card took most of our Bolivia pictures with it :-(

• Bolivia (or more precisely the Isla del Sol)
• Peru

I know I didn’t write in way too long (and I still didn’t talk about Argentina and Chile), but that just happens when you are traveling. Especially when that takes you to Bolivia, where Internet connection speeds are still stuck in the 1990s.

Anyway, we made it to our 5th South American country now, and after 3.5 month in the Cono Sur, this feels distinctly more “foreign”. That’s probably related to the fact that 60% of the population are indigenous, so there are a lot less European looking people than in Argentina or Chile. Many of the women still wear traditional dress, and coca is quite omnipresent, be it in the form of tea (mate de coca), sweets or as leaves. All of them are supposed to help with altitude sickness, and considering that we never really went below 2500m since we got here (and up to 5000m maximum) we’ve consumed our fair share too. And I strongly deny all rumors that I actually enjoy chewing coca, it’s purely for medical purposes… ;-)

But let’s go back to the beginning: on February 2nd we crossed into Bolivia at the La Quiaca/Villazon border, and after having heard terrible stories of hour long waits, we considered ourselves lucky to have made it across in roughly 45 minutes. Alas we later realized that the border guards on the Bolivian side had only changed the day on their stamps but not the month, so our entry stamp actually said January 2nd and you only get 30 days when entering overland. We managed to get this fixed in an immigration office afterwards, the guys working there were pretty amused about what the “idiotas” (quote) at the border did.

From Villazon we took a shared cab to Tupiza, where we spoiled ourselves with a stay in a rather nice hotel. Bolivia is cheap though, so we spent less money for it than we did for dorm beds in Argentina, Uruguay or Chile. The landscape around Tupiza is absolutely stunning, and exploring it on horseback definitely made me feel like Butch Cassady or the Sundance Kid, who by the way weren’t shot too far from there. After a couple of relaxed days we embarked on a 4 day tour of the so-called South West Circuit, which ended at the Salar de Uyuni, the world’s biggest salt flat. It’s hard to put what we saw into words, when we get to a place with a faster Internet connection again I’ll try to upload some pictures. One really remarkable thing about the tour was Silvia the cook though, who managed to prepare awesome meals with very limited time, space and equipment. She also made some of the best vegetarian food I’ve had in South America so far, which is why I still kinda regret not having kidnapped her. I definitely could do with my own personal cook who knows how to prepare veggie meals… After the tour we made our way via Potosi to beautiful Sucre, where we have been kicking back since last Saturday. And by “kicking back” I actually mean hiding in our guest house like most gringos, since the local carnival tradition involves water bombs, buckets of water, shaving foam and an utter lack of sympathy for people who have barely any clothes to begin with. Luckily this is over now, so we can actually fully enjoy the city before heading to La Paz.

After almost two weeks in Bolivia, my feelings are a bit mixed. Before we came, everyone told us how awesome it is, and from a landscape point of view I can wholeheartedly agree. What I miss though is interacting with the locals, which was a lot easier in the Cono Sur than it is here. First off there are lots of Quechua and Aymara speakers, but also the Spanish speakers are more reserved than they were further South, so we barely ever manage to have interesting conversations with locals. But that’s not the only thing that makes you feel like you are suddenly on the “gringo trail”: the restaurants mostly serve a rather uninspired mix of western “favorites” and even the banana pancake found its way from Southeast Asia to here. There’s also a lot more younger and/or obnoxious backpackers around, which I mostly attribute to the fact that Bolivia is considerably cheaper than the South, while still boasting a well-developed tourist infrastructure.

One thing I really like about this trip is how diverse it is: we stayed in hostels, hotels, B&Bs, rented a room from an old lady, used CouchSurfing and AirBnB and stayed with friends. We crossed borders via plane, private car (thanks Mencho!), bus, boat and by walking. We dipped our feet in both the Atlantic and the Pacific, saw volcanoes, salt flats and the world’s driest desert. I did my first longer trip on horseback, and also took my first surfing lesson. We learned a new language (Spanish) and got to use all the other ones we know, including Turkish, my very limited Swedish and even Mandarin (twice in Buenos Aires). All this variation makes traveling for a long time a lot more interesting and helps with not getting tired of it.

I know I’m far behind on telling you about the places we visited, but I will eventually catch up, or at least I hope so. For now I wanted to reflect a bit on the past 3.5 month, which we spent in the Cono Sur (Southern Cone), which according to Wikipedia “has traditionally comprised Argentina, Chile, Paraguay, and Uruguay”.

So, where to start? Let’s say, I always thought of myself as an Asia person. Considering I studied Chinese at university, that may not be surprising, but whenever I went to Asia, I kinda felt at home. Or more so than in Europe at least. But in the last 10 or so years my interest in traveling Latin America steadily increased, and now that I’m finally here, I’m reconsidering the “Asia person” thing. Sure, I love travelling there, but Latin America (or more specifically the parts we saw so far), are very fascinating for a different reason, mainly that some of them feel a lot like alternative versions of Europe. Maybe that isn’t the best description, but what I mean to say is that there’s a shared cultural heritage between Europe and here, which makes it much easier to actually have meaningful conversations with people. On top of that there’s only one language you need to learn (unless you are going to Brazil or the Guyanas) to be able to travel from almost the Antarctic to the Southern border of the US.

But there are also certain cultural differences that I appreciate: first off, there’s a lot of left-wing politics going on, which makes me quite happy. Sure, the left may not always be in power, but it has a good grassroots presence (trade unions, student groups, squats). I also found that people started to consider Latin America as a global player in its own right, which can compete with the EU and the US in the medium term (at least some countries). Anyway, this is not supposed to turn into a political rant… Another thing I like is how open people are and how much life takes place in the streets. Any random walk to a park can turn into an adventure, full of random conversations and tons of entertainments provided by jugglers and other street performers. I’m sure the better weather plays a role in this, but also the general attitude of people to live parts of their private lives in the open makes a huge difference. You also can see a lot of enterprising people in the streets, from shoe shiners, over food stalls, used book sellers, artesanias and fruit sellers to guys peddling vegan brownies or puppet performances for children. I know a lot of them do this in lack of better options, but for others (especially the artensanias) it’s a way to do what they really like while being able to travel. As one girl selling handmade jewelry (and who has been traveling for almost 10 years) just told us a couple of days ago: “¡No the preocupes, te ocupes!” (freely translated: “Don’t worry, do something!”). I don’t know how to say this exactly, but there’s a certain energy here that I miss back home. Sure, people here complain a lot too (and they have every right to in some cases), but they still seem to believe in being able to change their own destiny. Probably this has to do with one of my pet peeves about Austrian people, who constantly complain without acknowledging enough that they are among the luckiest people on this planet for a lot of things. The bottom line is that i’m rather fond of people here, and while there obviously are big differences between e.g. Paraguayans and Chileans, the things I mentioned above could be recognized in all the places we visited so far to some degree.

Of course not everything is perfect: One of the most disturbing things is the huge inequality found in basically all societies here. While some people are incredibly rich, others literally live off their garbage. Argentina for example is sliding back into a big crisis, and there’s a lot of very visible poverty around, more than in some Asian countries I visited in the past. Also things don’t always run as smoothly as they could, mostly because in quite a lot of cases you can observe a “good enough” attitude. Sure, you don’t always have to strive for perfection, but sometimes it just seems like someone started out with a great idea, but stopped implementing it at about 95% for no apparent reason. Last but not least people here seem to have a difficult time with silence, so you are quite likely to end up in a beautiful spot in the middle of nowhere, just to have a guy turn up with some bad Cumbia blasting from the crappy speakers of his mobile phone. Seriously people, what’s wrong with using headphones?

Anyway, I’m quite in love with this part of our planet now, the combination of beautiful nature, interesting cities and wonderfully open people is rather hard to beat. We are supposed to arrive in Bolivia in about a week, let’s see how/if my perceptions will change there.

That’s it for now, in case you haven’t seen them before, here are the links to the pictures of the Cono Sur part of our trip:

• Paraguay
• Uruguay
• Argentina (pictures of the first and second stay, the third one is still missing)
• Chile

I know it’s a bit late for a 2012 review post, but we spent the last couple of days in a wonderfully isolated place on the Chilean coast without an Internet connection. Anyway, I thought better late than never, so here are some thoughts on the first 3 month of our trip.

Favorite places visited

This is tough, because we visited a lot of very nice places. If I had to choose 3 though, I’d pick Buenos Aires for being an amazing and amazingly chaotic city, the coast around Pichilemu in Chile for being a magical nature paradise (besides one of the world’s best surf spots) and Colonia del Sacramento in Uruguay. Sure, the last one is rather touristy, but it deals with it really well and in the evenings you can have the place almost to yourself. The honorable mention goes to the Iguazu Falls, which are absolutely amazing, but somehow don’t conjure up as fond memories as the other places.

Favorite places stayed in

The “Hostal de la Viuda” in Punta del Diablo (Uruguay) was a great place to stay. It’s a bit outside town, run by a lovely couple and incredibly hard to leave, because of the nice garden, great common area and the three cute dogs. We also quite enjoyed the “Mate Hostel” in Cordoba, because it’s a place run by travelers (from Argentina, Colombia and Germany) for travelers. I shared lots of mate and good conversations with the staff, and it’s a very social place where it’s easy to meet other backpackers. Another amazing place was the “Surfarm”, which is located about 15 minutes by car from Pichilemu (Chile). It’s basically a couple of huts right next to the beach in a pretty isolated area. It’s the sort of place where time just has no significance and you fall asleep to the sound of the Pacific after looking at the beautiful night sky. The honorable mention goes to the “Casa Pueblo” in Mendoza (Argentina), which is also slightly out of town (there might be a pattern here) and is owned by a very nice young Russian-Argentinian couple who made our Christmas very enjoyable. There’s also a special mention in this category, the “Casa Amarilla” in Aregua (Paraguay), which is basically an old colonial house which was turned into an art space/hostel by the two brothers who run it. I’m not sure how much I enjoyed staying there because of the David Lynch atmosphere, but it’s fun to wander around the premises and look at the random art pieces that can be found all over the place.

Favorite foods

Paraguay had quite a few nice vegetarian dishes, although they were mostly bread-based, so a bit heavy on the carbs. Nonetheless, chipa definitely was a great food discovery. While Uruguay is a bit bland on the food side, there’s a very old pizza place in Montevideo called “Subte”, which serves delicious pizza and faina. Argentina on the other hand mostly stayed in my mind for its sweets: there’s some of the best ice cream outside of Italy, and alfajores as well as chocotorta were rather dangerous for my blood sugar levels. My favorite country for food so far definitely was Chile though, since there’s more variety than in the other places and it’s full of awesome fresh avocados, which are probably my favorite fruit in the world.

Biggest positive surprise

Definitely Chile, because before we came we hadn’t heard too many good things about the place. People mostly complained about how expensive it is and that the locals are not the most friendly people on the planet. However, we found none of that to be true, Chileans have been incredibly friendly and hospitable so far, and we actually find it easier to stay within our budget here than in Argentina. It’s also an easier place to travel as a vegetarian because of the abundance of great fresh fruits and vegetables, which is a definite plus for me.

Biggest disappointment

Probably Curacao. While I have quite a few good memories related to our two weeks there, it wasn’t the mindless beach holiday we were after, but actually a rather exhausting backpacking experience. I don’t regret that we went, it was very interesting, but it didn’t really live up to our expectations.

Best decision made

Doing a Spanish course early on was definitely the best decision we made on this trip so far! The two weeks at “El Pasaje” in Buenos Aires were great, since we had a very small group (us and a girl from the U.S.) we could progress at a really fast pace, especially since we didn’t start from zero. In only 10 days we managed to cover a lot of grammar and, more importantly, had lots of conversations where we actually could use it. I even started reading a book in Spanish now, and while I’m a bit slow and still miss some vocabulary, I actually manage better than I would have expected. Anyway, being able to have proper conversations in Spanish makes this trip a lot more enjoyable, since we interacted a lot with hostel staff, artesanias, local travelers or random people in the streets.

That’s it for now, maybe I’ll do a similar post in another three month or so.

Once again here’s a list of all the books I read in the past year, in reading order. I’m surprised I made it to 52 again, since there were several periods where I didn’t read much for various reasons.

I also got to work on two books, first as technical reviewer for Ruby and MongoDB Web Development Beginner’s Guide and then as the author of the Metasploit chapter for Informationstechnologie und Sicherheitspolitik.

Mukoma wa Ngugi: Nairobi Heat
Antoinette Bergin: Bedtime Stories for Children You Hate
Margaret Killjoy: Mythmakers and Lawbreakers: Anarchist Writers on Fiction
Roberto Ierusalimschy: Programming in Lua
Tobias Klein: A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security
Salman Rushdie: The Satanic Verses
Banana Yoshimoto: Kitchen
Jens Bjørneboe: Haie: die Geschichte eines Schiffsunterganges
Henry David Thoreau: Civil Disobedience
Terry Pratchett: Reaper Man
Dean Wampler: Programming Scala
Brendan Behan: After the Wake
Bruce Sterling: Black Swan
Lewis Shiner: Slam
Peter Godwin: When a Crocodile Eats the Sun: A Memoir of Africa
Ron Currie Jr.: God Is Dead
Kurt Vonnegut: Cat’s Cradle
Aravind Adiga: Between The Assassinations
Jonathan Safran Foer: Eating Animals
Chuck Palahniuk: Nonfiction
Gautam Rege: Ruby and MongoDB Web Development
Terry Pratchett: The Fifth Elephant
Herbert Rosendorfer: Großes Solo für Anton
Brian P. Hogan: tmux: Productive Mouse-Free Development
Charles Bukowski: Ham on Rye
Thomas Marcinko: Astronauts and Heretics
Avdi Grimm: Exceptional Ruby: Master the Art of Handling Failure in Ruby
Michal Zalewski: The Tangled Web: A Guide to Securing Modern Web Applications
Haruki Murakami: 1Q84
Jesse Storimer: Working with UNIX Processes
Qiu Xiaolong: When Red Is Black
Lao Tzu: Tao Te King
Kim Wright: City of Darkness
Joyce Carol Oates: Rape. A Love Story
Joseph Heller: Catch-22
Hugh Howey: I, Zombie
Nury Vittachi: Mr. Wong Goes West
Douglas Adams: Dirk Gently’s Holistic Detective Agency
p.m.: bolo’ bolo
Kenneth S. Cohen: Qigong. Grundlagen, Methoden, Anwendung
David Wong: John Dies at the End
Terry Pratchett: Lords and Ladies
Julia Alvarez: How The Garcia Girls Lost Their Accents
T. E. Klemm: 100 Chess Problems for the Rest of Us
Robert A. Heinlein: 6xH
Gao Xingjian: Soul Mountain
Junot Díaz: The Brief Wondrous Life of Oscar Wao
Matt Ruff: Bad Monkeys
Richard Wilhelm: The Secret of the Golden Flower: A Chinese Book of Life
Uzodinma Iweala: Beasts of No Nation
James Bracken: ¡Che Boludo!: A gringo’s guide to understanding the Argentines
Terry Pratchett: The Light Fantastic

There also were several programming books I didn’t finish, either because I didn’t have time, didn’t find them interesting enough or because I got all the information I needed before the book was over:

Martin Logan: Erlang and OTP in Action
Leo Brodie: Starting FORTH
Timothy Perrett: Lift in Action
Kees Doets: The Haskell Road to Logic, Maths and Programming
Ivo Balbaert: The Way to Go