I’ve spammed this particular link everwhere else I can think of, but still neglected to post it here on my blog.

Basically, I was approached a few months ago by a senior editor of Symantec’s online magazine “Norton Today” because they were interested in doing a piece on Art and Security. I was approached because of my old work in security data visualization and the fact that’d I’d started to rework and hang the pieces in art shows like Artomatic and My Space on 7th.

Anyway, the interview went really well (in addition to being a lot of fun) and it’s now online at:

http://nortontoday.symantec.com/features/articles/art_of_security.php

(Edit: This link now appears down after a few months. Symantec has republished the article here: http://www.thegeekweekly.com/feature/turning_computer_vis_into_art/index.html )

They used a few older images in their Flash slideshow (My fault – I didnt get them newer images in time).  These were the originals we used at NetSec to do analysis and which have been in a number of presentations (and were in the batch I sent to ArcSight as examples when they were still developing Interactive Discovery, iirc).

You can find the “art” versions that I’ve hung up in galleries at the following link:

http://sintixerr.wordpress.com/art-versions-of-data-visualizations/

I’m still interested in working more of these, but have been moving from graphing – which was a necessity of the business at the time – into a broader field of ontological information/concept representation in art.

(This is in addition to my media experimentation with / interest in projection. I think Id like to merge these two tracks together in the future, but havent gotten there yet.)

Hey all!

I’m going to be showing some data visualizations at the My Space on 7th art show in Washington, DC starting Friday, July 11 at the Touchstone Gallery! Everyone should come out. I took a look at the space and there’s some interesting work hanging already. (And I have to thank Paige, here, who unintentionally helped me decide what to show…but more on that in a later post.)

Oh. And there will be wine tasting opening night.

There will be three old, but reworked images and one new one created just for this show.  Only one has ever been printed before and they all look pretty fantastic.

The new one consists of two superimposed graphs (a paraplot and a scatterplot) of illegitimate traffic going to/from “jackwhitsitt.com” (that would be, uh, most of it).

The three older ones are:

Destination Port Traffic Volume (global sample)

(Test Data from custom developed SEM correlation  modules)

(Pcap data from 10,000 spam emails)

I will be at Meet the Artists Night May 16th all evening from 6 or 7 until close. If you’d like to come say hi, that would be the best time to do it. Reminder: IM IN SPACE 8 SE D6. It’s just next to the “M” of the Artomatic sign outside.

In the last post I alluded to the fact that what I was creating for Artomatic was going to be a little bit more holistic and effect focused than in the recent past. This year, I’d like to get into blending media, rather than focusing on it.

I’m still mulling over what I want to say about the whole thing, but tonight I’d like to offer a prelude by way of a small technical glimpse into the core of the piece.

Essentially, I’ve been wanting to work on the idea of self for some time. The Second Life work had addressed some of that, but -primarily- from a perspective that was fairly extreme and lacked a lot of emotional resonance (not least with me).

So this year, I’m going to be mixing up my newfound interest in photography with some traditional sketching technique, adding a dash of emotional investment, and finally tying it together with some custom computer scripting.

It’s this last component I want to talk about. There are a lot of “themes” Im starting to address with this piece (later post) which made me feel like I needed to use some sort of mosaic. Initially, I thought I was going to do a self-portrait of myself….composed the very same self portrait. This would constitute the anchor concept of the piece.

The image was originally supposed to look something like this (right image is zoomed in on the left eye where you can see the main image is composed of many copies of itself)

But how does one go about creating this kind of mosaic? Doing it by hand would take so long I’d never finish!!!

Maybe there are programs “on the internet” that will do it? Maybe (it turns out there -sortof- are), but what’s the fun in that?

Instead, I decided to write my own program to do it. This has a lot to do with the fact that computers are a huge part of who I am and writing code to help me generate a self-portrait struck a chord with me

I had played around with the Python scripting language back in my NetSec days (for rapidly setting up data analysis) and while I had never been particularly proficient in Python and it had been some years since I’d worked with it, I -had- enjoyed it’s way of dealing with the world of bits and bytes. it seemed like a great language to try this out in.

So, I grabbed my new Macbook (heh. Microsoft forced me into -that- with Vista) – which had python already on it – and sat down to write a self-referential mosaic generator. Away we go!
Hrm. Or not. How does one actually go about editing images with a scripting language often used in web pages? It beat me! I’d never done it before. In any language.

More Hrm’s. Google kindly suggested I give the Python Imaging Library a try, so I checked out the tutorial online. “Wow. This might be doable”, I thought to myself. This looks like a really simple library.

And it was….the code below took about 3 days to write starting from “Uh, how do for/next loops work in Python again?”. So while it’s not a LONG program and it’s NOT elegant, and it CAN be done a lot better, it does the trick.

In fact, not only does it do the trick, but the code now lets you specify which image to use to recreate the base image of the mosaic. (And the concept of the art piece has followed with that, Im now using two self-portraits.)

The program I wrote is a little different from web-clients for Mosaic creation I’ve seen. Those go and grab images (often at random) from a repository and create a mosaic of another image out of them based on which filler-images already best-fit which piece of the base image. The filler images, themselves, arent altered.

In my code, the user specifies one filler image and one base image. The code then goes through and checks tone averages and alters the filler image to fit into a given section of the base image. If the filler’s average tone is higher than the current section of the base image being converted, the program darkens the filler image and then pastes it in.

The ultimate effect resulted in this image created from one base self-portrait and one (different) filler self-portrait (Click it so see the smaller faces):

The code which produces this image  can be found here:

http://sintixerr.wordpress.com/tone-altering-mosaic-generator-tamogen-in-python/#comment-2512

Please be kind…it really isn’t pretty yet and I know it

Finally, a snapshot of what it looked like put together at Artomatic:

New Year’s Eve at Chronic&Shock’sOriginally uploaded by sintixerr

Eep. The year’s over! That might seem old news (God, we’re already a week into 08), but the sad thing is that to remember what I’ve been doing for the last few months I had to go back to my Flickr stream and -look- at the photographic evidence! Kind of cool…but not?

But before I get into what -has- happened, I’d like to talk about what is and -will- happen. I just spent a lovely evening at the soon-to-be-no-more Dr. Dremo’s in Arlington with a bunch of the Art Outlet volunteers, artists, other board members, and friends.

One of the reasons I was there was to talk about digital art shows and the imminent re-opening of my free space for Washington, DC artists and arts events in Second Life – the SintixErr Gallery. (About which Amanda Hess has written a great article: http://www.washingtoncitypaper.com/display.php?id=34394 )

It looks like Art Outlet (the board of which I chair – at least for one more year!) will be, as a 501c(3) non-profit arts organization in DC, will be sponsoring an entire island in Second Life. My high level goals for the island will be to:

• Provide a place for any DC-based artist to exhibit their work to worldwide audience
• Host mixed-reality events in support of Art Outlet shows
• Provide a central Second Life hosting capability for other DC arts organizations, museums, galleries, etc.
• Allow for additional research into interesting ways to use virtual worlds to aid art through technology and technology through art.

There’s still no -monetary- sponsor for this (and it’s not a done deal till it’s done), but I can front the cost initially and hope through grants, donations, shows, and by way of small fees for other organizations to use the space, the area will support itself and break even.

In addition to the pure Second Life announcement, I’ve also been working on putting together (and participating in) one or more digital arts and technology shows in the DC area. These are still in their infancy, but there are a number of great, dedicated, reliable people working on them and I expect some cool event news to show up here in the next few months.

You can find more info here on what some of the participating artists’ thoughts on technology, culture, and art are in this thread:

http://artdc.org/forum/index.php?topic=7860.msg33345#msg33345

I’ll close out this post with my own thoughts from that thread:

I have two perspectives on technology’s role in culture, as it pertains to my art. First, I’ve always struggled with the concept that there is “technology” and “stuff that isn’t technology”. I never really believed that there was an inherent line there. The only thing that really rings true is Douglas Adams’ quote on the subject. He said something to the effect of “Technology means ’stuff that isn’t quite working right yet’”. Pencils, oil paint, paper, cameras – they’re all technology. They’re absolutely the same thing as computers and any other digital mechanisms for interacting with human senses.

So, my first interest in technology, art, and culture is in the process of cultural integration of new technology into the “stuff that works” category. Things we forget about. I’m interested in the creation of and interaction with art that REFUSES to distinguish between itself and any other “old” tools used to create art. I like to see moving images framed behind museum quality glass hanging from a wall. I enjoy the idea of traditional tools being used as part of the creation of what would otherwise be considered “new technology” art.

Along these lines, I’m also fascinated by the artifical lines and boundaries we (humans) create to keep our perception of the universe coherent. Technology has always helped people do more better faster, but until the advent of science allowing long distance communication between people, our boundaries expanded, but tended to retain the same shapes. As people began to communciate over vast distances, however, our sense of “place” began to erode a little bit. TV accelerated that process, cell phones turned the process into an avalanche, and the internet looks like it might eradicate the bond between place and self altogether in our culture. Not only that, but with the variety of identities we are begining to maintain, our most basic sense of “self” is getting fuzzy. Who are we when we can “be” in multiple places at once. Who are we when we can be physically perceived by others in different ways at the same time? We have IM accounts, blog accounts, we exist (well, some of us ) in virtual worlds, etc. Part of how we perceive and understand who we are ourselves is by how we are reflected back by other people. What happens to us as our reflections become fractured and non-contiguous?

Art, over time, has often been used to explore our relationship – as people – to the universe around us. In my mind, these particular technologically-wrought changes in our culture are acute and our exploration of them as humans is well-served by doing so through art.

Someone used this Rod Serling quote today in a post to Bruce Schneier’s blog. It bears repeating.

“The tools of conquest do not necessarily come with bombs and explosions and fallout. There are weapons that are simply thoughts, attitudes, prejudices, to be found only in the minds of men. For the record: prejudices can kill, and suspicion can destroy, and the thoughtless, frightened search for a scapegoat has a fallout all of its own, for the children and the children yet unborn. And the pity of it is that such things cannot be confined… to The Twilight Zone.”

http://en.wikipedia.org/wiki/The_Monsters_Are_Due_on_Maple_Street

Just comments on a previous coworker’s paper that he’s writing on tuning ArcSight. It’s a bit spewy and unedited (and will go to the other blog as a less stream-of-consciousness bit when I start it shortly), but I thought I’d pass the time until a write another art entry (photography is fun!) with it anyway:

What seems to be missing is commentary on the how and why of acting on the information that goes through the ESM – beyond just how the tools to perform those actions work.

By way of example, look at these specific quotes:
1. Normalization also includes translating the severity scales used by the different devices into ArcSight’s “Agent Severity” scale.

2. ArcSight connectors also assign each event to a set of categories (that is, it assigns a category tuple) using six fields derived from the fields included in the events collected by the connectors. These categories are designed to group like events from unlike devices, from two different IDSs for example, say, from ISS and Cisco.

Why does ArcSight do this? What does it mean to my correlation rules? Can I, algorithmically ahead of time, guarantee that the system will “think” about every event I want it to? With almost every single correlation methodology Ive seen – especially including ArcSight’s default methodology – the answer is a resounding “NO”. This means that you (formally) have no idea where your bits are at any point, whether they’ve been aggregated, why or why not, what transformations or decisions ArcSight has made about them, etc.

This methodology failure means that you cannot go back and do formal analysis on an incident that has passed through ArcSight without the original raw events and significant manual labor except by sheer luck (and thats not formal).

Read that statement above again, it’s important!

Basically, tuning the correlation engine (ArcSight) should never be approached from an “I need to get rid of stuff” – pure data reduction – standpoint. You will, probably, ultimately achieve reduction but thats an effect of the effort, not it’s actual goal. What you are doing, rather, is defining your environment (in a very literal sense).

These definitions (filters in ArcSight) then allow you to programmatically create an ontology within your system which defines your information classes, what their properties are, and how they relate to each other. That ontology exists as a combination of your basic filters and your core rules.

Once you know what your classes are, you can then write rules to define what kind of transformation (comparison, aggregation, filter, pass to another rule, send to active channel) ArcSight performs on your events.

Once these basic rules are written, you can then write higher level rules to express your intentions logically: “Show me when any perimeter firewall exceeds its normal state by a factor thats unusual across the enterprise firewalls”.

In that statement, you have to have “Firewalls” defined, what a Perimeter Firewall is, what your enterprise is, what kind of traffic values and ranges firewalls can expect, what your average enterprise data rate is for firewalls, and a host of other things. Unless you have formally created these things in ArcSight’s rule/filter system and can reuse you cant hope to create a scalable correlation engine – youll lose track of what the system is doing and will have to spend time / effort manually retracing how ArcSight got from point A to B and you lose the precision/accuracy of machine correlation in favor of manual correlation under pressure.

Once all of that is in place, you can use create rule classes: Groups of rules that organize and group events, rules that compare them to each other to say something smart about them, and then rules that either present the new events to analysts, send them back for additional correlation, or drop them completely.

I hope Im making some sense here

I would highly suggest checking out this URL: http://en.wikipedia.org/wiki/Ontology_(computer_science)

and:

http://en.wikipedia.org/wiki/Enterprise_service_bus

Ontologies are excruciatingly important to understand if youre doing ESM correlation (not that theyre commonly understood, but trust me on this)

Enterprise Service Bus’s (in Service Oriented Architectures) have a lot of the same requirements and features as ArcSight/ESM’s and are a good model to look at for what ArcSight’s role is in the context of security devices.

So I feel a bit bad now about completely wiping out my 13,000+ square meters of Second Life territory, but it had to be done. I’m in a groove with work and I’m running a 10k (6 miles) in the Pentagon City area with Angela in 2 months. Those two things alone need all of my concentration. Maybe early next year I’ll get back to virtual worlds – I was really getting to an interesting place by using it as a starting place for 2D art finished in real life – but we’ll see how it goes.

If you’ve been watching my flickr stream, you’ll have noticed that I haven’t abandoned art all together. Rather, the focus for the past several weeks has been on taking local photographs and using them as the base layer for further work. Ive been very much interested in manipulating point of view post-shot. This has manifested itself in a series of photographs where I’ve layered multiple level settings and saturations on top of each other to bring different components of the image into highlight (the raw shapes, primary tones and colors, etc.) all while keeping the shadow of the original image around beneath to hint at what the eyes would see without the manipulations. I don’t kid myself that I’m experienced here, but I’ve enjoyed looking at my own output.

I also opened the new blog (infoage.wordpress.com) but there is nothing there. I had much better names in mind for the blog, but the wordpress site had some short term memory issues at the time and my names got lost in the ether beyond. Oh well.

There is also some camera coolness going on here as well – I’ll be moving into the world of DSLR soon. My wife just ordered herself a new Canon 40D!!!! (should arrive tomorrow), so I’ll be inheriting the Digital Rebel XT. This means we get to share the L series lenses I got her for Christmas last year

Lastly, as if anyone cares, I really made some progress with my architecture modeling efforts at work today. It’s all about Michelangelo’s quote about finding the structure in the stone and not forcing something that’s not there.