Book Review - “Neuromancer” by William Gibson

Going into Neuromancer all I knew about it was rumours about it’s influence on the development of cyberpunk as a genre, which quickly became apparent as Gibson introduced (and thus popularized) concepts that are now considered cornerstones of the genre, the most ubiquitous of which is the idea of cyberspace—the matrix. In this regard it was a very interesting read, as if seeing the pouring of a foundation after you’ve already been inside the completed building. As a fan of cyberpunk, I’m a bit surprised I hadn’t read Neuromancer before and while reading I could quite viscerally recognize the building blocks of what became such a beloved genre.

From the first lines of the book Gibson draws you into the drab underworld of Night City, with hints to the glamourous possibilities for those willing to risk it all. The world of Case, a cyber cowboy from the Sprawl of the Eastern Seaboard, who has lost his ability to interface with cyberspace—a disaster for Case, a true believer of the ghost in the machine, seeing his own body as a prison from which he can’t escape. Being offered a solution to his cyber-disfunction, Case embarks on a heist to set free an AI known as Wintermute—a true AI as known in fiction, not an LLM as we know them today. The concept of AI in fiction, while always framed with existential dread, has perhaps become even more interesting in recent years as real advancements in “AI” technology have made the concept more topical.

During the first few chapters of the book, I felt that there was some needlessly gratuitous sexual content that wasn’t properly built up and distracted from the plot, however this was clearly toned down as the book progressed and similar themes became more naturally embedded. I loved Gibson’s prose and storytelling where he “throws you in the deep end” instead of trying to explain the world to the reader. The use of what became cyberpunk slang (which, as I understand it, was born from Gibson’s incorporation of counterculture slang in Vancouver, where he wrote this book) also brings a great sense of immersion in this sad and magnificent world. All in all, a wonderful book and one I would thoroughly recommend to anyone even mildly interested in fiction and sci-fi.

 

- Stern Kittel 

Personal Data as a Commodity

Some musings on how personal data is gathered and sold, prompted by a discussion about this topic in a lecture. 

I usually don't really question personal data gathering that much because I'm pretty sure I already had all of it leaked when I was a naïve child 😅 but it does raise the question of why most of this information is being gathered. An example was brought with signing up for a store loyalty card and telephone nr was asked for; I would probably provide it without much thought but the question is why would a store ever need to know your phone number like this? And this is perhaps a relatively innocent case of unnecessary data gathering. A nice "gateway drug" into a cyberpunk dystopia.

The most interesting method of database acquisition discussed was where selling the database itself was difficult so the entire company was bought instead and the database was just an "extra". Creative if nothing else. 

As a side-step one interesting opinion about OSINT of public social media being unethical—you are the one who put your own personal data out into public, you can't expect only the people you want to look at it if you don't set these settings to private??

- Stern Kittel 

Exam Crunch

With exams starting there's a lot to do and not nearly enough time to do them. I can't really say I'm worried about failing anything and have enough points in some courses to pass already but as I mentioned all the way back in my first blog—I want to go on exchange to Singapore (and a stipend wouldn't hurt) which means I'm aiming for a 5.0 GPA. 

With some of the exams being in January there's perhaps more time than I think to prepare but certain courses have all of the exams next week and the week after so I got some prioritizing to do. Thinking back on this semester the courses have all been quite different from each other, both in organization and how much I feel like I learned—ranging from "what was this supposed to be?" to courses where I learned something new on a weekly basis. Overall I must say I've enjoyed my time in university so far—learned new things, met interesting people, and feel I feel that it's a worthwhile investment of my time. I do have a powerful tendency to procrastinate but so far I've managed to more or less keep on track. 

Here's hoping for good exam results.

 

- Stern Kittel 

✨Azure✨

As part of some coursework to host a website and set up a VPN server on a VM I ended up getting to use Azure a little bit and figured it's a good opportunity to talk about first impressions. 

Perhaps the most annoying thing I had to deal with was from the settings of the Azure for students subscription that I use—It only allows deployment in certain data centre regions and gives you a fairly generic error message if you try to deploy in another. So how do you find out what are the allowed regions? Uh, good luck navigating the few dozen submenus that Azure has for everything. I spent a good hour looking for the right settings menu before I just gave up and went for an audience of redress with an AI overlord (it found it for me on the 2nd prompt).

And speaking of menus and submenus, there's quite a few. On only the VM setup there are 6 menus and 11 submenus with an additional 46 settings menus. I can appreciate the level of control and monitoring provided on a theoretical level at least, even if I can't actually find anything I'm looking for 😅. 

I think that if I had known from the start about the limitations of deployment regions (or if Azure actually told me an actually useful error when trying to deploy in other regions) I would have a more positive opinion of it as that was really my main source of frustration with it. Oh and setting up the VPN VM was quite a pain because the VM would run out of RAM while installing the VPN manager (I had the cheapest possible option with 0.5GiB of RAM) and simply stop responding without any other indication of error or if there was one it was probably hidden in one of Azure's few dozen menus. I ended up migrating the VM to a service with double the RAM and it worked almost instantly.

"It just works" - Todd Howard

 

- Stern Kittel 

Robots in Classrooms

One of my courses has recently started using a robot helper during lab practice sessions (part of a PhD research into how viable robot classroom helpers are for technical fields). 

I can't say it's flawless but it is definitely interesting to interact with it. There's quite a lot of relatively minor hiccups especially in regard to how it translates voice input to answers for questions. I think it's mainly to do with parsing longer answers and how its bank of acceptable answers is built. To mitigate this there is also an option for answering based on text, where the robot gives multiple-choice questions on it's display (a tablet).

One interesting result of this is that quite a few people prefer to present their work/answers to the robot instead of the instructor because multiple-choice is a lot easier to answer when compared to open-ended questions and answers. It results in this odd outcome where the robot has a queue of people while the instructor was free. 

 

- Stern Kittel 

Book Review - "Social Engineering: The Science of Human Hacking" by Christopher Hadnagy

Hadnagy’s “Social Engineering: The Science of Human Hacking” (henceforth referred to as “the book”) was a vivid overview of social engineering that handled the topic with an abundance of examples and plenty of warning regarding social engineering’s potential for misuse in the wrong hands and with the wrong intentions.

The book was relatively easy to follow and had good structure, starting with an introduction to what social engineering even is, how one prepares for a social engineering attack, and then introduces various techniques related to social engineering with examples from Hadnagy’s own experiences as a professional social engineering penetration tester. This allowed for a good flow to the book and the variety of examples, of both successes and failures, gave a more thorough understanding of the described social engineering techniques than mere descriptions would have given.

What I didn’t particularly like was parts of the book’s formatting—thinking about it in hindsight it felt like an odd mixture of web and book formatting where at times there would be bordered boxes separated from the main text with a so called “FUN FACT” or other type of external reference, which I found distracting as they were more often than not unrelated to the main body of the text; it felt like an attempt to seem casual or prove they are knowledgeable.

In general, the book was very informative about the topic of social engineering and had references to other people’s (and Hadnagy’s own) work, which lent an extra level of credibility to the book. One of the main conclusions I took from the book is that social engineering is essentially a field that takes advantage of human psychology and of the way humans communicate and interact with each other. In this regard, while I find social engineering to be fascinating, I also think it an insidious field, a perversion of the best in humanity—the willingness to trust and help others. A field that must be practiced in order to better defend against those who would use it to do harm and sow chaos.

To sum up my thoughts on this book and social engineering itself: what a shame, that people do not have the luxury of being naïve.

 

- Stern Kittel 

XR vol.2 Electric Boogaloo

As a follow-up to yesterdays XR lecture; today I had the change to get a bit more hands-on and design (or rather make small changes to) a VR template world and actually put on a VR headset to take a look at it personally.

Unreal engine was used to design and simulate the VR environment and I was able to see what different materials, meshes, shapes, etc do and how they can be interacted with in a VR world (changing color based on movement or camera position etc).

Overall it was a fun experience and I'm quite exited about the future of XR but I don't think I'm ready to step into that world myself, at least from a developer point of view. My PC is capable of handling VR games so perhaps I should get myself a VR headset though...

 

 - Stern Kittel 

Extended Reality

XR (extended reality)—what even is it?

Today I had the opportunity to attend a lecture about XR, really just a general outline of the technology, it's past, and it's future. Previously the only experience I've had with XR were simple VR (virtual reality) games like Beat Saber (which is great) so it was interesting to see some extras of how this technology is being used in fields like medicine, education, and of course military. 

One of the main takeaways I took was how a mobile phone with LiDAR can be used to make a quick and dirty 3D model of a person in a matter of seconds. As someone who has always limited my phone to be a device for phone calls and internet browsing, it was an interesting change of perspective to see what a proper modern phone can do.

XR technology has advanced by leaps and bounds in this decade alone and I for one am definitely looking forward to what shape XR will take in the years to come.

 

- Stern Kittel 

Writing and Editing of a First Paper (in uni at least)

 This is part 2 of a two part collaborative blog with my friend and course mate. Check out part 1 here.

 

As part of a course at uni we have had the pleasure of diving into the fires of uni paper writing and I am happy to announce a great success, for my pretty little words (3394 of them in fact) set in the right order I managed to get full points for the assignment—a result I am obviously happy with. (I did lose two points for the slides I used in my presentation for too much text 😭)

Sharing this news (definitely not to brag) with my friend we got to talking about our papers and long-story-short I got to provide some editing help (let's be honest it was 90% just telling him to follow formatting guidelines) and I enjoyed it, as I am quite good at the nuances of language when I care to try. But another reason I read his paper was for peer review, another method of gaining points for our course. I won't be going into details here but he wrote an interesting paper on RATs (remote access tools), which I will be reviewing; my favourite part was a case study he included of himself being a victim of a malicious RAT malware.

 

I myself wrote a paper on social engineering and how it highlights how humans will, for now at least, remain an incredibly unpredictable part of any process (though I focused on the cybersecurity aspect of it). And if by any chance someone has read my 12.09 post from this year where I teased a book review of Hadnagy's "Social Engineering: The Science of Human Hacking"—I haven't forgotten, in fact I originally picked it up for this paper. To sum up what I learned—social engineering is the use and abuse of human communication. Now what does that mean, because as a stand-alone sentence it doesn't really make sense. What I mean is that social engineering uses various techniques to take advantage of communicate psychology, trust, and peoples tendency to help others. Quite an insidious field really, one that I love for it's intricacies and hate for how it's used to take advantage of people. While writing the paper I thought quite a lot about the ethical aspects of social engineering and came to this conclusion: "What a shame, that people do not have the luxury of being naïve." 

 

P.S. Is it a conflict of interest to review a paper you helped edit? 😓

 

- Stern Kittel (alias Sasha if you came from Dima's blog)

OSINT - Modern Day Stalking

 I've recently had the pleasure of doing a short presentation on OSINT aka "Open-Source Intelligence". Mind now, I am no professional in this matter and the following is a (very) simple introduction to the matter from the PoV of an amateur.

 OSINT, to put it simply is the use of publicly available information to find answers to your questions. In this regard I think it's fair to say that everyone has done this at some point in their lives—the basics of it aren't exactly rocket science. However. When it comes to the more advanced, techical parts of OSINT - it starts to appear quite magical indeed, the ability to create intelligence from what the average viewer would consider nothing at all. 

I believe that most people, while aware of what it means to post something online, aren't quite aware of "how deep the rabbit hole goes". Even the simple fact of Internet archives like the Wayback Machine will archive webpages, meaning that even if a site is deleted, it will most likely remain accessible through archives; once something is posted online, it's there forever. Of course this isn't a 100% absolute but should, in my opinion, be taken as a guideline of online interaction. 

To bring a case of Hansel and Gretel's trail of breadcrumbs as it applies to searching through open-source information, I'll use myself as an example. If you were to search for my full name (not exactly a secret in most cases) on Google, you would simply find some other individuals with similar names, a result of Google taking your search input and taking whatever bits and pieces of it that it likes. If however you add quotation marks, Google will search for that exact phrase—in which case you will in fact find a few hits about me - an archived local newspaper article of 1st year primary school students enrolling in and a case of 9th year students graduating the local schools. And while searching for my name doesn't give many results, this search has now provided you with the name of the school I went to and the names of everyone that I went to school with—people who I know and maybe just maybe have a connection with on some social media site. As it turns out, even if looking directly for me doesn't give any results, I can still be found through the social media of others - there I am, added as a friend on the profile of someone I went to school with, not with my full name but enough of it that, with context provided, it can be confirmed to be my profile page - from which you could get additional information a la a username—another piece in the trail of breadcrumbs. Breadcrumbs, which, if followed could lead to even more information: secondary usernames, emails, passwords (through data breach archives), etc. I won't go further with this example as I believe it has illustrated the point I'm trying to make - even someone who has a minimal online presence can have enough of a footprint to be identifiable through publicly available information. 

 OSINT of course goes far far beyond what I've described here, some cases of journalism through OSINT for example really highlight just how much information is available if you know how to look for it. In this case I would highlight Bellingcat and the example of MH17 for further reading.

 

P.S. Do check if your information is out there in data breaches. A few sites to help with that: HaveIBeenPwned & Intelligence X.

And OSINT Framwork as a general set of OSINT tools and websites to play around with, so you can be aware of at least some of the possibilities when it comes to OSINT

 

- Stern Kittel 

 

Musings on C

To preface—I am an absolute beginner when it comes to C, with barely a full day under my belt. I do however have little bit more experience with Python, though that too is limited. 

I miss dynamic typing. Having to specify variable types is, for now, a pain. I can understand why it can be good to have static typing but I still miss it. It's the little things really, like having to specify the end of a line with ";" in C. Other than these minor inconveniences C doesn't seem all that different from Python - just need to separate the correct syntax for each for myself. Honestly it's a bit early to tell, as mentioned, I've barely any experience with C at this point having just recently planning a basic first project. 

 

Next post will most likely be a review Hadnagy's "Social Engineering: The Science of Human Hacking" - been doing some reading for a paper and two presentations regarding social engineering and OSINT.

 

 

- Stern Kittel 

 

Fast and Slow - First Midweek

 Third day into the semester - a good a place as any to begin.

 

I've never experienced the passing of time in quite the same way as I have in these past few days. The hours go by blazingly fast and yet, looking at a calendar, the days go by at a snail's pace. One's perception of time is well and truly a "fickle mistress".

 

On a more technical note - seems this year there are a lot more student in the course groups than expected which is causing headache for both students trying to take courses and for lecturers (twice now I've heard a lecturer say they have no idea what is actually going to happen). At first (which was only a few days ago) I went in intending to take quite a few more ECTS that is strictly necessary but at this point it seems that plan won't work as simply too many people have singed up to a few courses that will remain unnamed. My sympathies to a few Open University student who tried their hardest to get into a few courses and later transfer to a program - I've heard tell of their struggles and I can only say I am doubly glad to have gotten into a program. 

 

Perhaps one of my biggest hopes in the coming months and years is to have an opportunity to go on foreign exchange. I would rather dream big and not make it than not dream at all.

  

 P.S. Finding a parking spot is killer

 - Stern Kittel