A Welcome Suicide in the Uncanny Valley

I love the world of computer graphics and gaming. I recently started fooling around with drawing sprites and backgrounds for my creating my own games.Then, I saw this tweet https://goo.gl/6Vux1Z. Basically, computer vision was being used to gauge fashion trends. They were taking the human out of the equation. At this point, my wheels started cranking. I wondered how easy it would be to take George Clooney, I mean, an anonymous actor and replace them with a 3D model? How long would it take me to understand the modelling process.

Here is another attempt after having some creases I couldn't understand how to get rid of.

I think this is pretty damn fine progress for a grand total of eight hours. Someone with some skill or significantly more experience probably could have done an almost perfect CG render of the actor above. By the way, this is Blender. It is FREE. With absolutely no training aside from a tutorial - http://goo.gl/OPpmgn - I was able to outline both George Clooney's, I mean, anonymous actor's face and some stupid drawing from The-Blueprints.com (not really stupid; I mean, I couldn't have drawn that). 

The brilliance of this program and field begs the question; what happens when the CG world overtakes the movie world? I don't mean Lord of the Rings style. I mean FULL replacement. Take Archer for example. Several of the fans know the titular character is voiced by H Jon Benjamin. Who knows the model for Archer though? Some may, but do you give a shit about his political opinions? Do you care who he marries, and the shitastic name some rag has given them. No, you don't. The dude is just a symmetrical face that looks good to a computer animation system. What happens when all of these actors and actresses are no longer necessary to the process? What happens when we get over that Uncanny Gap (Google it, I'm not your search engine). Let's do a quick exercise!

Name some of the top voice actors
1. Frank Welker
2. Bob Bergen
3. Billy West
4. Tara Strong
5. Johnny Yong Bosch

Now some of the top actors
1. George Clooney
2. Matt Damon
3. Susan Serandon
4. Ben Affleck
5. Tim Robbins

And then name the top CGI models

1. ?????

2. Ummmm

3  Whats-his-name?

4. That model who played Angelina Jolie's tits Beowulf, god who was she?

5. Failed actor #5

Cross the top two lists with the number of asinine appearances before congress or attendance at political fundraisers.Do you see the difference? One is a group of talented people who voice some of your favorite characters. No one cares how they vote  or who they bang. The other is a group of similarly talented individuals who you have to see every other week going in front of some congressional beg-a-thon with an inflated sense of self-worth and recommendations that are taken seriously for Christ's sake. Large swaths of citizens and political heavies actually formulate opinions around what the second group thinks. Take them out of the equation with rendering software. Now, you tell me if we aren't solving some problems with tech.These voice actors may have an opinion or two that has made its way to the halls of our nation's capitol, but I can't find any instances.

Walk through a world with me. A world where actual writing talent rules the day. No more US Weekly. Goodbye the last thralls of Scientology. Goodbye to an entire segment of Americana that is best sent to the farthest dustbin history can provide. So long having to listen to some vapid, empty actress begging for our tax dollars to entertain her cause du jour. 

I can't wait - CAN'T WAIT - for the day when no one gives a shit about what a celebrity has to say. Get ready for your opinions to matter about as much as any other waiter in LA hoping to break into the acting scene. Get ready for no one to care what you think about whales or the environment, or tax policy as if you are some authority on the subjects simply because you pretended to be a marine biologist one time. Not a soul is going to care. What do you do then? Are you ready to pick up a pen and create some art of your own instead of leeching off the truly talented?

Everybody who even has a remote interest, go learn this 3D animation skill. Help push the lemmings over the cliff. Make them as obsolete as an Apple Pippin, a NeoGeo, or George Lopez's act. It took me ONE day to get this far. For anyone that ever worked with 3D Studio Max in the late 90's, this is an impressive turnaround. Imagine what a year with Blender and some grid paper will yield? We could eliminate the need for Ben Affleck in a heartbeat. Don't we all want Batman from the Arkham Games to be the next Batman anyways? Why wait, let's get this shit done now.

-vesh

You down with OTP? You know me (how to fail at encryption by M$)

In their relentless pursuit of the Holy Fail, Microsoft has managed to screw up one of the best message encryption techniques; the One-Time Pad (OTP). The way OTP traditionally works is you give the user either the encrypted message itself or some manner of access token where the key is a one-time, single use, preferably randomly-generated item. Your implementation may vary, but that's a very ground-level explanation.

This all works very well together because the recipient gets an encrypted message in his inbox, and the key to unlock it via some other channel. VIA SOME OTHER CHANNEL!!! Those are the key words in this whole scheme. Microsoft has forgotten this seemingly important part of the idea. You be the judge. I will give you the link. You read around the marketing and cyber-dust to get to the meat of the concept they outline here: https://technet.microsoft.com/en-us/library/Dn569285.aspx and their OTP idea here: https://technet.microsoft.com/en-us/library/use-a-one-time-passcode-to-view-an-encrypted-message.aspx

Did you spot the problem? Good, I knew you could do it. In case it is not obvious, Microsoft is sending the message AND the key through the same channel with a few layers of indirection. Admittedly it took a trip to Scriptjunkie town (@scriptjunkie1) for me to really dig into what they were actually trying to do. At first, it sounded pretty good. Then Scriptjunkie asked "So, what attack vector is taken out of the picture by using this?" The answer was, of course, none.

If the message with the super-special-encrypted link goes across the non-enciphered transom, they only need to grab the link to get their OTP and finally their message. I'm sure there's some fancy client-side tricks they employ to try to make sure you are who you say you are, but how well has that ever worked? If the connection the email passed over was encrypted all the way (meaning in-transit, and at rest at all links), you wouldn't need the OTP in the first place.

With just a touch of the Kafkaesque, the name of the offering is Azure Rights Management Service. The literature is not very forthcoming with how they do key management, they just say they do the key management FOR you. Considering the cozy relationship between US companies, the cloud, and certain three-letter agencies, I don't know how much I would put stock in something that is not end-to-end. I'm sure this pricey add-on will check a few boxes on the CISO checklist, though...maybe that's all anyone really wants. Sigh.

TLDR;
Azure Rights Management IRL: I walk up to you and give you a bag containing a lockbox, then tell you the key is taped to the bottom.

Thanks to Scriptjunkie for the sanity check at the beginning.

Comparison of MSVC Compilers and IDA Signatures

Here is a short slide deck on one of my SAHA! quickhit presentations. Tweet me questions since this is a very abbreviated deck.

Cyber...warfare?

Did you ever notice a politician will never say "war" when it's an actual war. They like "police action", "reconnaissance in force", "interdiction", etc. They use it all the time though for items they want you to rally behind like the War on Drugs, the War on Poverty, and the War on Obesity. Why are they so keen on calling that which is, anything but? However for that which isn't, they stop just short of naming it genocide? It's the same reason a car dealer uses "certified pre-owned" instead of "used". One conjures thoughts of an almost-new vehicle. The other is makes us feel like we are going to spend the next 6 months just getting the smell of farts out of there. I wish the government had as much zeal in naming laws and departments honestly as they do in food labeling.

This same nonsense is true with the term "cyber warfare". I am still trying to remember the last time someone was cyber'ed to death. Was there ever a time where we had to drape a flag over a Dell Optiplex and bury it at Arlington? Are we giving out Silver Stars to the guys pushing "Enter" in the Metasploit-console window? They are on the cyber-front, using cyber-arms. Should they be denied their due commendations and VA benefits? Surely not, if we are being at all consistent between our words and actions.

What we have here is a new dynamic in the field of salesmanship. We can gin up a scare with no casualties, and get millions of dollars in return. We can receive accolades and promotions with absolutely no risk of battlefield losses outside of the occasional ESX server running too hot. This is a win-win solution for the politically inclined and the cyber-salesman. One convinces the other more money is needed, they both get to reap the rewards sans a crying widow(er).

I am not saying we shouldn't take threats in the cyber domain seriously. I am also not saying it should be absent from an intelligence operation. I simply don't think we ought to treat it even remotely the same as we do a bomber or an AK-47. Ask a serviceman sometime if they ever lost someone close due to a malicious email attachment or PDF. And yes, there are different levels of service to your country. Being a linguist at Fort Meade your whole career is not the same as being an asset in-country. Piloting a drone is not the same thing as flying an F-16, but is something a 16-year old can probably do. (I don't allow comments, so whine to your Facebook or the Twitter-verse) Finally, being a "cyber warrior" is not the same as being front-line infantry; no matter how many air-conditioned Commander's Calls pats on the back there are. (Please see my previous comments on whining).

Let's leave the computer security field as what it is; an exercise in risk-mitigation and intelligence gathering. This way we can talk in a non-hyperbolic manner about the subject. We can discuss flaws and methods openly without fear of Wassenaar or other hastily put together Federal dictum. There's nothing wrong with a firm selling services that reduce their odds of revealing user information. It is a mutually beneficial transaction. We get money, they get some assurance their business isn't flying blind against potential theft. If we are terrible at our jobs, we lose them to a better competitor or have to compensate the client for negligence on our part. This is a business, not a war with winners and losers. Those who wish to label it so seek to increase profits on the back of a lie. Their time would be better spent on improving security products instead of practicing pomp and political posturing.

Yes, I did delete my LinkedIn Account and here is sort of why

Maybe one day I will entertain you all with the tale of the final profile deletion decision. Long story made somewhat shorter, though not as short as it could be considering the length of this run-on sentence, it was too much work for too little gain and ZERO enjoyment.

While we are on the subject of popularity and visibility on the web, let me share with you a story from a gaming convention I attended. It was a great time, with several speakers of some renown. There was one illustration of the ethereal nature of online fandom which stuck. It gave me pause for pondering upon the nature of social media. One of the individuals at the conference was a person who had a following so vast, the line was full an hour before the talk just to get in! Once we were inside, I could see why. The fellow had a gimmick. He had charisma. He surrounded himself with a team that made each of them more interesting. I had no regard for what they did; little desire to watch their show, but damn it all I respected the clear ability to pull an audience. I could see why the audience liked him immediately. One person asked for a hug, and another cried while telling the presenters how they had pulled her from a deep depression. These were devotees. They had a trust and admiration for these guys that warranted the million or so followers in their thrall. I said as a matter of study, "man, what are they doing right?". Was it polished public speaking which garnered this much enthusiasm? Does the very personable presence of this panel demand adulation and attention?

Whispers in the wind tell us of the ability Reagan had to draw folks into his sphere of thinking. Books have been written on the way Lombardi and Hank Stram inspired their teams to victory. Millions followed and cherished their leadership. Their faces were enshrined in buildings and on trophies. Here we had a man, who thousands watched day-in and day-out. Surely this man would be readily identified by his fans. THIS man would never know a moments peace from those he touched; no respite from the rooms he roamed with recurrence. His face was all over the Internet, a far greater expanse than the largest library, or stadium in any era.

Here we enter an event party, held off-site. The place was not terribly crowded. It held plenty of spots to spy even the smallest subject from across the space. I was in attendance along with my comrades smart enough to follow a Twitter link, when I saw something I could not believe. I found that beloved Internet sensation. I saw his face. I saw his attire. I knew it was him, yet at the same time I thought I may be mistaken. Alone. He was alone. Alone? Not possible. I double-checked my conclusion with a colleague who confirmed my eyes were not in conflict with my brain. Not only was this person solo, but he was CONSISTENTLY solo. Six or seven times that night I recall wanting to extend a hand or buy a drink. I simply couldn't do it. I felt odd. It felt wrong. This should not be. After all of that fanfare and all of the accolades...nothing. There was no effort at disguise, I only met the guy that afternoon and could ascertain that was indeed him with a glance. Surely a fan or two could be seen in tow?

There was not a soul, however. Neither groupie nor follower to be had. A social media masterpiece was right in front of us without so much as a munificent man with a mojito waiting? The line was out-the-door to even hear him speak only a few hours ago. A perfect opportunity had presented itself to probe his profundities. That is when the whole concept of second life started to form for me. The fame is more fleeting than ever. It is a contradiction. There is a much greater spread of viewership, but you are forgotten at thrice the speed. It's almost as if the virtual world, and all it encompasses, is just that. Virtual. The applause is abbreviate. No one cares once the show is over, even if it will resume the next day. You have to be there everyday, every minute, and on every screen. Anything less, is pointless. A single slip results in online oblivion.

Here I was, looking at my LinkedIn profile and its sub-par performance I hated having the account almost as much as my long-forgotten Facebook phase. I received nothing from the reams of data and insights I had supplied to the business beast regarding my profession. Insights, by the way, for which I have someone eagerly paying an hourly wage to supply. I was giving recruiters a one-stop-shop for similarly qualified persons without deriving any monetary benefit from the transaction. I was forced to acknowledge that the whole exercise was a benefit to everyone but those who matter most; myself along with those I wished to help with my advice. It was actually sort of an insult, to be frank. I was a piker in terms of visibility compared to the virtual-virtuoso I encountered at that party, yet I was spitting in the wind here. Why participate in this network if someone so celebrated in cyberdom could be forgotten in less than a couple blocks from the conference?

This blog is a recording of my thoughts and research which I wish to share with you all without feeling like it is a professional obligation. I have fun posting here...mostly because I can say "Fuck" ad infinitum just like I do at SAHA!. The preceding tale isn't one of sour grapes, only an acknowledgement of the necessity to live in reality. Do what you enjoy because you enjoy it. If you do it for an increase in views, why are you doing it? You will be virtually vacated, nothing but data dust in the end. Instead of that, switch it up. Be the fine fragments people will look upon fondly before discarding you in the digital dumpster.

Next blog post will be another feast for the sarcastic eye about our chosen field. The one after that will probably be a return to computer vision with a new-and-improved method I showed at SAHA!

XOXO
-vesh

UnlinkedIn and Jobs' Quotes

My only social network is LinkedIn. I am not a fan of Facebook and I fail at Twitter. LinkedIn, though, has a different purpose. It's a near necessity for the "I may want a job/client/investment in the future" crowd. By and large, I have fun with it. I post technical material too - you look at my blog from LinkedIn; I have the data. I get a nice pretty map of all of the countries where your IPs originate. Do you think I want to configure that crap myself? Hell no. I have fake Steve Jobs quotes to post. Ain't nobody got time for that. However, I like to be funny from time to time. If I were a pretentious butthole, I would say I am trying to contribute to the Zeitgeist.

Steve Jobs image macros, complete with inspirational quotes, are the adult equivalent of when you would put a phrase or vague allusion on your AIM away message or profile. Do you honestly think someone is going to see "your" Jobs quote and go, "Holy shit. Apparently everyone is innovating. I better start doing that." This is an update that requires absolutely no thought at all other than purloining someone else's idiotic sentiment via Google Image Search. You may as well go find a picture of Artie Lange and plaster on it some spew from your Marketing 101 course. Since I am a huge Artie Lange fan, I will support your efforts in spite of my previous statements. My blog, so I get to be a hypocrite when I want to.

The macro-calypse (trademark, vesh's Shenanigans Inc.) is just barely better than the "Like" deluge. I make a post which requires feedback, and then oodles of you only hit the "Like" button!?! I want your opinion, dammit! This is the one point in my life I am taking time out to care what you actually think and all I get is a bunch of "I like that you asked" BS? If you do not care, just ignore the post. Move, along. Nothing to see here. It is a very simple process. At least hit the Dislike button to tell me to go screw. The Dislike button is a stance against something. It runs the risk of confrontation, which can also be awesome.

Taking the thoughts of someone else, quotes or otherwise, is some Facebook-type garbage. I wouldn't support it there either though. There are times that a FB repost of something hilarious is called for. I have yet to see a need for inspirational-business quote reposts. There are infinite combinations of things which make a good joke, but there are about 5 decent re-phrasings of "Think Different" in the world.

If you feel the urge to post the quotes of someone else, using a macro that you didn't make, just remember the following. The morons who use Meme Generator are wittier and more original than you. Yes, the guy who takes a "Scumbag Steve" picture and puts on it remarks about his mooching neighbor is more clever than you. So, the next time you decide to post, please "Think Different". Make your own contribution. Put your own flavor to it. Be a Louis CK, not a Carlos Mencia.

JNI Fuzzing

These are slides from my SAHA! (satxhackers.org) JNI Presentation. I'll post source once I find it and a github link...I swear.