Pi-Eye: A Tiny WiFi Traffic Visualizer
You wouldn't have a sensitive conversation in a public space much less at a volume loud enough to be heard 100ft away. Yet, that's exactly what our phones and laptops do all day.
To make it easy to see these non-audible (but quite public) conversations, I created Pi-Eye, a little sniffer/visualizer combo designed to run on a stand-alone Raspberry Pi. It listens in on all the wi-fi traffic it can and shows a simple visualization of all the conversations in earshot (well, radioshot).
Everything Pi-Eye shows is visible to anyone on a plane or in a coffee shop or library.
Here's a snapshot showing my phone refreshing my list of podcasts. Some I'm proud of, some... less so. The point is, my phone exposes what I listen to and read to anyone nearby. Actually, it exposes much, much more.
If that sounds unsettling, just imagine what your ISP can see -- every connection between every single subscriber and every site they talk to. And, remember, ISPs can now sell your browsing history to advertisers and other data brokers.
I gave a talk at Boston Django about Django security. As part of the talk, attendees perpetrated a handful of attacks against a few vulnerable applications (built for this purpose). Writing exploits is a fun way to really wrap your head around sometimes tricky concepts.
After seeing the carnage an attacker can unleash, we look at how to do the same things securely in Django. Then, we talk about a few remaining failure modes.
The talk covers Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF).
You can check out the slides, the vulnerable apps, and get links to all the source code at veryveryvulnerable.com.
Software Techniques Academics Should Steal from Industry
I gave a talk at MIT about how academics can:
- make their code more correct (think: Reinhart/Rogoff),
- make their code-powered research replicable,
- collaborate better with one another, and
- reach a broader audience with their ideas
Automated testing, version control, publishing source code, and hosting simple web applications are easy enough for anyone already developing code, and they can really move the needle on those bullet points.
Sadly, virtually every new graduate student gets thrown into the deep end and left to fend for themselves. Knowing where to look is half the battle, and so in a few short demos, we worked though how to get big dividends from those practices.
I don't have a video, but I'd be happy to talk to you or your lab about how to do these things better, and my materials are all up on github. Seriously, shoot me an email. I love this stuff.
How Pickles can Bite
I gave a Lightning Talk at Boston Python about the danger of taking pickles from strangers.
In Python, pickling is storing a Python object as text (so you can use it later or send it to another computer, etc.). In order to be able to save pretty much any Python object as a pickle, the pickle library allows that magical text to execute arbitrary code when it's later turned back into a Python object (it's a Very Bad Thing (TM) when strangers can do this to your computer).
Slides here. Oh, and Ned is right. Anyone can give a Lightning Talk.
I gave a short talk on a failure of mine -- how I (fail to) market Maven. An awesome group of folks at the Boston chapter of the world-famous and colorfully named F.U.N. hosted an event dedicated to talking about, learning from, and celebrating our failures.
Being a human, I fail much more often than I succeed at anything, so I've got a lot of fodder for this sort of stuff. You probably do, too. Attend. Give a talk! Get in contact if you want to talk about it.
Ever sat at home wishing there was something to do? Do the headaches and hassles of event planning keep you from spending more time with your friends?
Yeah, me too. So I made a robot to do my bidding. It's called Maven and it's the easiest way to plan events.
Just tell Maven what events you want it to plan (like Happy Hour every Thursday or Dinner Tonight at The Burro) and who you want to invite. It sends the invitations by SMS, handles RSVPs and connects confirmed attendees by group text message.