✨Azure✨

As part of some coursework to host a website and set up a VPN server on a VM I ended up getting to use Azure a little bit and figured it's a good opportunity to talk about first impressions. 

Perhaps the most annoying thing I had to deal with was from the settings of the Azure for students subscription that I use—It only allows deployment in certain data centre regions and gives you a fairly generic error message if you try to deploy in another. So how do you find out what are the allowed regions? Uh, good luck navigating the few dozen submenus that Azure has for everything. I spent a good hour looking for the right settings menu before I just gave up and went for an audience of redress with an AI overlord (it found it for me on the 2nd prompt).

And speaking of menus and submenus, there's quite a few. On only the VM setup there are 6 menus and 11 submenus with an additional 46 settings menus. I can appreciate the level of control and monitoring provided on a theoretical level at least, even if I can't actually find anything I'm looking for 😅. 

I think that if I had known from the start about the limitations of deployment regions (or if Azure actually told me an actually useful error when trying to deploy in other regions) I would have a more positive opinion of it as that was really my main source of frustration with it. Oh and setting up the VPN VM was quite a pain because the VM would run out of RAM while installing the VPN manager (I had the cheapest possible option with 0.5GiB of RAM) and simply stop responding without any other indication of error or if there was one it was probably hidden in one of Azure's few dozen menus. I ended up migrating the VM to a service with double the RAM and it worked almost instantly.

"It just works" - Todd Howard

 

- Stern Kittel 

Robots in Classrooms

One of my courses has recently started using a robot helper during lab practice sessions (part of a PhD research into how viable robot classroom helpers are for technical fields). 

I can't say it's flawless but it is definitely interesting to interact with it. There's quite a lot of relatively minor hiccups especially in regard to how it translates voice input to answers for questions. I think it's mainly to do with parsing longer answers and how its bank of acceptable answers is built. To mitigate this there is also an option for answering based on text, where the robot gives multiple-choice questions on it's display (a tablet).

One interesting result of this is that quite a few people prefer to present their work/answers to the robot instead of the instructor because multiple-choice is a lot easier to answer when compared to open-ended questions and answers. It results in this odd outcome where the robot has a queue of people while the instructor was free. 

 

- Stern Kittel 

Book Review - "Social Engineering: The Science of Human Hacking" by Christopher Hadnagy

Hadnagy’s “Social Engineering: The Science of Human Hacking” (henceforth referred to as “the book”) was a vivid overview of social engineering that handled the topic with an abundance of examples and plenty of warning regarding social engineering’s potential for misuse in the wrong hands and with the wrong intentions.

The book was relatively easy to follow and had good structure, starting with an introduction to what social engineering even is, how one prepares for a social engineering attack, and then introduces various techniques related to social engineering with examples from Hadnagy’s own experiences as a professional social engineering penetration tester. This allowed for a good flow to the book and the variety of examples, of both successes and failures, gave a more thorough understanding of the described social engineering techniques than mere descriptions would have given.

What I didn’t particularly like was parts of the book’s formatting—thinking about it in hindsight it felt like an odd mixture of web and book formatting where at times there would be bordered boxes separated from the main text with a so called “FUN FACT” or other type of external reference, which I found distracting as they were more often than not unrelated to the main body of the text; it felt like an attempt to seem casual or prove they are knowledgeable.

In general, the book was very informative about the topic of social engineering and had references to other people’s (and Hadnagy’s own) work, which lent an extra level of credibility to the book. One of the main conclusions I took from the book is that social engineering is essentially a field that takes advantage of human psychology and of the way humans communicate and interact with each other. In this regard, while I find social engineering to be fascinating, I also think it an insidious field, a perversion of the best in humanity—the willingness to trust and help others. A field that must be practiced in order to better defend against those who would use it to do harm and sow chaos.

To sum up my thoughts on this book and social engineering itself: what a shame, that people do not have the luxury of being naïve.

 

- Stern Kittel 

XR vol.2 Electric Boogaloo

As a follow-up to yesterdays XR lecture; today I had the change to get a bit more hands-on and design (or rather make small changes to) a VR template world and actually put on a VR headset to take a look at it personally.

Unreal engine was used to design and simulate the VR environment and I was able to see what different materials, meshes, shapes, etc do and how they can be interacted with in a VR world (changing color based on movement or camera position etc).

Overall it was a fun experience and I'm quite exited about the future of XR but I don't think I'm ready to step into that world myself, at least from a developer point of view. My PC is capable of handling VR games so perhaps I should get myself a VR headset though...

 

 - Stern Kittel 

Extended Reality

XR (extended reality)—what even is it?

Today I had the opportunity to attend a lecture about XR, really just a general outline of the technology, it's past, and it's future. Previously the only experience I've had with XR were simple VR (virtual reality) games like Beat Saber (which is great) so it was interesting to see some extras of how this technology is being used in fields like medicine, education, and of course military. 

One of the main takeaways I took was how a mobile phone with LiDAR can be used to make a quick and dirty 3D model of a person in a matter of seconds. As someone who has always limited my phone to be a device for phone calls and internet browsing, it was an interesting change of perspective to see what a proper modern phone can do.

XR technology has advanced by leaps and bounds in this decade alone and I for one am definitely looking forward to what shape XR will take in the years to come.

 

- Stern Kittel 

Writing and Editing of a First Paper (in uni at least)

 This is part 2 of a two part collaborative blog with my friend and course mate. Check out part 1 here.

 

As part of a course at uni we have had the pleasure of diving into the fires of uni paper writing and I am happy to announce a great success, for my pretty little words (3394 of them in fact) set in the right order I managed to get full points for the assignment—a result I am obviously happy with. (I did lose two points for the slides I used in my presentation for too much text 😭)

Sharing this news (definitely not to brag) with my friend we got to talking about our papers and long-story-short I got to provide some editing help (let's be honest it was 90% just telling him to follow formatting guidelines) and I enjoyed it, as I am quite good at the nuances of language when I care to try. But another reason I read his paper was for peer review, another method of gaining points for our course. I won't be going into details here but he wrote an interesting paper on RATs (remote access tools), which I will be reviewing; my favourite part was a case study he included of himself being a victim of a malicious RAT malware.

 

I myself wrote a paper on social engineering and how it highlights how humans will, for now at least, remain an incredibly unpredictable part of any process (though I focused on the cybersecurity aspect of it). And if by any chance someone has read my 12.09 post from this year where I teased a book review of Hadnagy's "Social Engineering: The Science of Human Hacking"—I haven't forgotten, in fact I originally picked it up for this paper. To sum up what I learned—social engineering is the use and abuse of human communication. Now what does that mean, because as a stand-alone sentence it doesn't really make sense. What I mean is that social engineering uses various techniques to take advantage of communicate psychology, trust, and peoples tendency to help others. Quite an insidious field really, one that I love for it's intricacies and hate for how it's used to take advantage of people. While writing the paper I thought quite a lot about the ethical aspects of social engineering and came to this conclusion: "What a shame, that people do not have the luxury of being naïve." 

 

P.S. Is it a conflict of interest to review a paper you helped edit? 😓

 

- Stern Kittel (alias Sasha if you came from Dima's blog)