John Hess

  • Home
  • Projects & Talks
  • Blog

Semaphore

Along with a great team, I created Semaphore, which is a system for collectively flagging and analyzing harmful information on Social Media.

Academics, journalists, activists, and citizens see all sorts of problematic things online. Usually, the only affordance platforms provide is to flag the content to them. Alas, when we do, the platforms keep that information for themselves.

I was delighted to see that Twitter -- the first platform we targeted with Semaphore -- picked up on some of the benefits of a community approach when they launched Bird Watch some months later.

Pi-Eye: A Tiny WiFi Traffic Visualizer

You wouldn't have a sensitive conversation in a public space much less at a volume loud enough to be heard 100ft away. Yet, that's exactly what our phones and laptops do all day.

To make it easy to see these non-audible (but quite public) conversations, I created Pi-Eye, a little sniffer/visualizer combo designed to run on a stand-alone Raspberry Pi. It listens in on all the wi-fi traffic it can and shows a simple visualization of all the conversations in earshot (well, radioshot).

Everything Pi-Eye shows is visible to anyone on a plane or in a coffee shop or library.

Here's a snapshot showing my phone refreshing my list of podcasts. Some I'm proud of, some... less so. The point is, my phone exposes what I listen to and read to anyone nearby. Actually, it exposes much, much more.




If that sounds unsettling, just imagine what your ISP can see -- every connection between every single subscriber and every site they talk to. And, remember, ISPs can now sell your browsing history to advertisers and other data brokers.

Django Security: Live Fire Exercises

I gave a talk at Boston Django about Django security. As part of the talk, attendees perpetrated a handful of attacks against a few vulnerable applications (built for this purpose). Writing exploits is a fun way to really wrap your head around sometimes tricky concepts.

After seeing the carnage an attacker can unleash, we look at how to do the same things securely in Django. Then, we talk about a few remaining failure modes.

The talk covers Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF).

You can check out the slides, the vulnerable apps, and get links to all the source code at veryveryvulnerable.com.

Software Techniques Academics Should Steal from Industry

I gave a talk at MIT about how academics can:

  • make their code more correct (think: Reinhart/Rogoff),
  • make their code-powered research replicable,
  • collaborate better with one another, and
  • reach a broader audience with their ideas
by using a few simple software engineering practices.

Automated testing, version control, publishing source code, and hosting simple web applications are easy enough for anyone already developing code, and they can really move the needle on those bullet points.

Sadly, virtually every new graduate student gets thrown into the deep end and left to fend for themselves. Knowing where to look is half the battle, and so in a few short demos, we worked though how to get big dividends from those practices.

I don't have a video, but I'd be happy to talk to you or your lab about how to do these things better, and my materials are all up on github. Seriously, shoot me an email. I love this stuff.


How Pickles can Bite

I gave a Lightning Talk at Boston Python about the danger of taking pickles from strangers.

In Python, pickling is storing a Python object as text (so you can use it later or send it to another computer, etc.). In order to be able to save pretty much any Python object as a pickle, the pickle library allows that magical text to execute arbitrary code when it's later turned back into a Python object (it's a Very Bad Thing (TM) when strangers can do this to your computer).

Slides here. Oh, and Ned is right. Anyone can give a Lightning Talk.


F.U.N. Boston

I gave a short talk on a failure of mine -- how I (fail to) market Maven. An awesome group of folks at the Boston chapter of the world-famous and colorfully named F.U.N. hosted an event dedicated to talking about, learning from, and celebrating our failures.

Being a human, I fail much more often than I succeed at anything, so I've got a lot of fodder for this sort of stuff. You probably do, too. Attend. Give a talk! Get in contact if you want to talk about it.


Maven, an Event Planner

Ever sat at home wishing there was something to do? Do the headaches and hassles of event planning keep you from spending more time with your friends?

Yeah, me too. So I made a robot to do my bidding. It's called Maven and it's the easiest way to plan events.

Just tell Maven what events you want it to plan (like Happy Hour every Thursday or Dinner Tonight at The Burro) and who you want to invite. It sends the invitations by SMS, handles RSVPs and connects confirmed attendees by group text message.

Update: I've mothballed Maven.

Other Selected Projects

Military Mental Health Care Demand Modeling

Scientific Research

Digester Time-Series Analysis Platform

Product Design & Distributed Systems


Artificial Intelligence Medical Record Analysis

Data Science

Google Search History Explorer

Personal Analytics

Mental Health Care Demand Modeling

  • Type Scientific Research
  • Team MIT Lean Advancement Initiative

Working with a team at MIT with whom I directly advised the Chairman of the Joint Chiefs of Staff, I interviewed dozens of servicemembers, practitioners, and leaders in the military's mental health care system. From those interviews, we saw a clear theme: surges in demand from returning Army units were overwhelming local mental health care teams.

To verify the qualitative findings, I analyzed millions of medical and deployment records to see how servicemembers used the mental health system right after they returned from deployments to Iraq and Afghanistan.

I conclusively verified the huge spikes demand and using a simulation, showed that a particular policy choice would alleviate these particular types of spikes and get urgent care to servicemembers faster.

Digester Time-Series Analysis Platform

  • Type Analytics Platform

Working side-by-side with traders, I created a cloud-based system to perform custom analyses on real-time market data. Traditional analysis systems couldn't track nuanced events in the market, but digester can. Digester shares these insights with the entire trading team right in their web browsers.

Artificial Intelligence Medical Record Analysis

  • Type Data Science

With hundreds of thousands of Emergency Department medical records to sort through and plain-text search not getting the job done, a Boston Children's Hospital physician turned to more advanced techniques to mine their medical records.

To find records describing patients with a rare condition, Febrile Status Epilepticus, I created an artificial intelligence classifier to analyze the entire corpus of records at Children's Hospital in Boston and flag the most relevant records.

A team of physicians and researchers at Children's hand-reviewed each of the flagged records and examined the test results for each patient to determine whether or not painful lumbar punctures are a worthwhile test for hospitalized children.

Google Search History Explorer

  • Type Personal Analytics

To visualize my own personal google search history, I created a custom script to analyze the tens of thousands of searches I've made over the last 8 years.

Using the visualizations, I was able to see changes in my habits and what I was learning each day over the years. I can see when I stayed up late my first year in grad school and woke up early for my first job with the Air Force. The time I spent working in a classified vault shows up as mostly blank. I can see the big bursts of searches all on the same topic late into the night when I was working on a research project and I can see sparse weeks when I went on vacation.

I've had so much fun working on it that I've started building a web application to let anyone visualize their own history. When it's done, I'll post it here.

Email: john@jthess.com | github: johnhess | twitter: @johnhess

Most of the projects linked here are CC-BY. If in doubt, just ask :-)

In 2022, I upgraded jthess.com to use Clean Insights, a privacy-preserving web analytics system instead of Google Analytics. That's what that little popup was all about. If you're cool with it, it let's me know someone visited a particular page on this site, but doesn't store or share any other information about you. Not even an IP address. If you're interested in putting Clean Insights in your next project, ask me about it.