Five-Year Review

It's been about five years since the switch to working in the medical industry. The problem domain is much more interesting, but the methods are far from scientific. Never trust anyone in a white coat or scrubs.

In any event, the contract is ending, the product is launched, and the company will soon be in the black. That makes it just about time to remember that RE exists, and provide some sort of an update on the state of affairs.

Why ditch RE in the first place? Two reasons, mainly.

The technical reason: RE is just not that interesting in comparison to signal analysis and medical research. Binary RE is really just the translation of a man-made document from one language or representation to another. The original language is well-known, the output language is well-known, and one has full control over and knowledge of the (again, well-documented) execution environment. There are no unknowns, only uncertainties. The only interesting work that remains is in automated RE, and even that is more tedious than difficult.

The personal reason: The security scene pretty much took the fun out of RE. It's become an industry of egomaniacs engaged in constant one-upsmanship, much like the hacking scene has been. There is little-to-no collaboration, constant reinvention of the wheel, and little done of actual technical merit -- most work tends to be the manipulation of known and well-documented protocols, or the debugging of someone else's code. All in all, it has become distasteful.

The open-source scene is not much better: there is a lot of grief for little, if any, reward. Open source users -- not to mention developers -- are more impatient, demanding, rude, and insulting than their counterparts in the commercial world. Why put up with this when people will pay you for your time and effort, and actually thank you for taking the time to read a bug report?

It should come as no surprise, then, to anyone curious about the fate of the open source projects like libdisasm, the bastard, the dude, and such, that they are no longer being maintained. For users of libdisasm, this is due to the unfortunate fact that maintaining a disassembler to keep up with Intel and AMD's constantly-evolving instruction set is simply too time-consuming for a single person with a full time job and active non-disassembler interests. The other projects started off as experiments and proof-of-concept code, and never got beyond that stage.

What lies ahead? A couple of side ventures in RE are on the horizon. These will be commercial projects, produced in private and according to more professional standards than the midnight-session open source projects. The intent of this is to maintain a level of quality both in the code and the user community -- the medical industry pays enough for money to not be an issue. Accommodation will be made for 'researchers' (any non-commercial user that contributes to the community) and for licensing these tools to embed in more targeted end-products.

Additional information will be released through the usual channels.

_m