http://max.computer/projects/ Recent content on Max.Computer Hugo -- gohugo.io en-US Copyright © 2012-2017 Max Veytsman http://max.computer/projects/appcanary/ Mon, 01 Jan 0001 00:00:00 +0000 http://max.computer/projects/appcanary/ In 2015, we transitioned our consultancy into a product company and I switched my title from the ambiguous “partner” to the equally ambiguous but more startupy “founder.” Appcanary tracks vulnerabilities in open source software, and notifies you if one of your dependencies needs to be upgraded. We were part of Y Combinator in the summer of 2015, and I’ve been writing code and talking to users ever since. http://max.computer/projects/dilettante/ Mon, 01 Jan 0001 00:00:00 +0000 http://max.computer/projects/dilettante/ The main public repository for Java-ecosystem packages is Maven Central. I discovered that when you installed Java packages using a tool like maven or ant, they were served unencrypted over HTTP, without any sort of cryptographic verification of their contents. Anyone who has control over a wifi router could trick Java developers into downloading compromised Jars and run arbitrary code on their systems. I tried asking the company that runs Maven Central nicely to change this, but they didn’t budge. http://max.computer/projects/piratebay/ Mon, 01 Jan 0001 00:00:00 +0000 http://max.computer/projects/piratebay/ http://max.computer/projects/stateio/ Mon, 01 Jan 0001 00:00:00 +0000 http://max.computer/projects/stateio/ For two and a half years, I ran a boutique consultancy. We provided a mix of security and development services, meaning that on any given day I could be developing and MVP, hacking into someone’s network, or debugging legacy software. http://max.computer/projects/tinder/ Mon, 01 Jan 0001 00:00:00 +0000 http://max.computer/projects/tinder/ I discovered that Tinder would return distances between users with extremely high precision. This is a problem because it allows you to deduce the exact location of a Tinder user by measuring their distance to three known points (this is called trilateration). I made a demo application to geolocate Tinder users in order to demonstrate to Tinder how serious of an issue this was. They fixed the problem, and afterwards I disclosed it publicly. http://max.computer/projects/gemcanary/ Mon, 01 Jan 0001 00:00:00 +0000 http://max.computer/projects/gemcanary/ After the Ruby security apocalypse, we had to figure out if any of our projects at State Machinery were vulnerable and patch them. We realized that manually checking Gemfiles for vulnerable versions was tedious and prone to error, so we built Gemcanary to monitor your Gemfiles and email you if any vulnerabilities came out. Gemcanary was designed as a free service to drive traffic to our consultancy, but after a few years we realized that focusing on commercializing the product was the right move and wound down the consultancy to focus on our current canary-themed venture, Appcanary.