Interests: Computer security, Computer programming, Web application/site design and development, and Photography
Work at Security PS
I am currently a Security Consultant with Security PS. We do security assessments for applications (web and native), networks, and systems. I will write more here about what I am doing later. In the mean time visit our site.
I maintain the eCare build system, which is written with ANT. I also help write JUnit tests, that are ran with continuous integration builds as well as nightly. eCare's state chart and event system allows us to inject events into the system to drive the interaction of users. In this way we run tests on the functionality of the system with actual browsers on a nightly basis.
I have several pet projects that I go back and forth working on. Some of which include greasemonkey scripts for sites like jango.com. Another project I am working on has to do with generic pattern recognition using dot plots. Dot plots where first designed for looking at genetic code, but has also been adapted to computers by people like Dan Kaminsky. For more information about dot plots start here: Dotplot Patterns: A Literal Look at Pattern Languages . If you are interested in this subject and what more information please email me; I am always looking for people to discuss / work with on this topic.
More Recently I have have been working with Android. I have developed an Android app to get the unlock and unfreeze codes from the Samsung Galaxy variant phones. See my blog post for more information. The app can also be obtained from the Android market. I have also been playing with Dalvik assembly and the security implications of ad supported and trial based Android application.
Another part of what I do is web site design and development, for which I use the Drupal content management system. For its themes and modules Drupal uses PHP for server side site generation. I have designed the graphics and theme for Melody Gabrielle at Numinous Dance, a wonderful middle eastern dancer. I also administrate her site, which has include debugging and modifying some Drupal modules to work for her site including the Google Analytics, and XML Site Map modules. I am also working on my own photography web site, Numinous Photography.
My experience with Linux and other Unix and Unix like operating systems is pretty extensive. I started using Linux in high school, on a 486 running slackware installed via floppy discs. Since then I have ran Mandrake, SuSe, Redhat, (I'm sure I am forgetting a few); more recently Gentoo, and Ubuntu / KUbuntu. For my home network I run a FreeBsd file server using ZFS. I also have experience using Solaris, OpenBsd, and Mac OS X.
More to come:
-CVS, SVN, GIT
-Flash / FLEX 3, haxe, Flasm
I also have an interested in computer security. I do research into the security of web application vulnerabilities including, XSS, SQL injection, XSRF, and others, along with evaluating the viability of new ways web vulnerabilities could be used. This research is meant to help myself and potentially others to recognize the real threats that security vulnerabilities can pose in software development. It is my belief that every programmer should know at least the basics about computer security and how to exploit common vulnerabilities; otherwise there is no way we can make more secure applications. It is the programmers job to know and code security for two reasons. One, security is often hard to tack on to an application if it is not considered from the beginning. Secondly, in the development process no one else is going to do it. QA is often mostly concerned with the product working in ways it should work, not if the product also works in ways it should not. While management is often mostly concerned with the product working so it can be sold. Security is often an after thought that is sometimes evaluated after the product is ready to go to market; often by a third party, and usually not very often as a third party assessment is expensive. In an age of web applications where the application is accessible by anyone on the network/Internet, security is tremendously important. If the programmers do not, and are not taught to, think about security, who will?
Please see my blog for security related articles.
"The best photographs, I think, are the ones that were not taken by a photographer but the photographer was taken by the subject."
. -- Vincent Versace (VersacePhotography)
From an early age I have been taken by the visual arts. When I was young I tried my hand at drawing, however when I soon realized how prominent a place computers would hold in my life I was hooked, and started creating computer art on my C64. I dabbled in film photography a bit growing up, but it was not till I got a digital camera that I was able to fully realize and come into the visual expression of my creativity. The crossing of the photograph and the bit enabled me reach new levels of expression. Another quote from Vincent Verace labels a photograph as a "visual poem":
"Poetry is the language of hightend emotion. And what is a photograph, the most compelling photographs, if not hightened emotion, or a visual poem?"
-- Vincent Versace (VersacePhotography)
Please visit my photography website: NuminousPhotography.net
More to come.