B-Sides
Unpublished Thoughts
No articles match your search.
-
5-Min Tutorial: Building PyPI Packages
Turning a throwaway image-generation script (Imagenation, built on Google's Imagen API) into a real pip-installable PyPI package — restructuring into a module, wiring up pyproject.toml, and the build/twine upload dance.
Read the post -
Vibecoding an ESP32 Door Monitor
A hands-on write-up of building "Tripwire," my ESP32 door monitor that pairs a magnetic reed switch with a clever Bluetooth SPP trick to tell whether it was me or a stranger who opened the door, sending alerts via ntfy.sh.
Read the post -
Understanding Quantum Cryptography
My educational explainer on quantum cryptography, walking through the BB84 quantum key distribution scheme — how photon polarization and the Heisenberg uncertainty principle secure a key exchange and expose eavesdroppers — and how it contrasts with post-quantum cryptography.
Read the post -
Twitter Sentiment Analysis using combined LSTM-CNN Models
Combining CNNs and LSTMs for tweet sentiment analysis — the intuition behind each network, two stacked architectures (CNN-LSTM vs. LSTM-CNN), and why ordering the LSTM first wins, trained on 1.5M+ labeled tweets.
Read the post -
5-Min Tutorial: Gaining Root via UART
Connecting to a TP-Link WR841N router over UART with the Attify Badge — identifying GND/VCC/TX/RX, scanning for the baud rate with devttys0's baudrate.py, and dropping into a root shell, plus notes on TP-Link weakening hardware security between versions.
Read the post -
5-Min Tutorial: Lifting Firmware with the Bus Pirate
Opening a TP-Link WR841N router, wiring its W25Q32.V EEPROM to a Bus Pirate over SPI, dumping the firmware with flashrom, and extracting the embedded Linux filesystem with binwalk.
Read the post -
Internet Memories #2: Break The Rules
2007 Caracas, a Linux Magazine, and aircrack-ng — the night a kid broke WEP and got "Free. Internet. Everywhere!" Told inside a terminal: run each command to unlock the next beat of the story.
Read the post -
5-Min Tutorial: Prototyping Web-Apps with Flask
Building a small leaderboard web-app with a Flask back-end and a jQuery/AJAX front-end — a brutally simple micro-framework server exposing GET/POST/DELETE API routes, plus the JavaScript that fetches and live-updates the page.
Read the post -
Eagle Eye: Wi-Fi Monitoring
EagleEye, a wireless network monitoring tool built for non-technical users: a 815-person survey on why people need it, then the architecture — libtins/dot11decrypt decrypting live monitor-mode packets, Scapy filtering them, and a Flask server feeding simple graphs to the browser. With git repo, paper, and PDF.
Read the post -
Demystifying Cryptography
A Crypto 101 tour for the curious: what cryptography is, its goals, the anatomy of a secure connection, and the intuition behind Diffie-Hellman key exchange (with a live interactive demo of two parties agreeing on a shared key over an open wire) and the Caesar cipher.
Read the post -
Introduction to Supersingular Isogeny Diffie-Hellman
An approachable introduction to Supersingular Isogeny Diffie-Hellman (SIDH) — one of the few post-quantum key exchanges built on elliptic curves — written for an Elliptic Curve Cryptography course: its motivation, the math you need (isogenies, the j-invariant, supersingular curves), the key exchange itself, and Costello et al.'s recommended parameters. Rebuilt from the original LaTeX, led in by the post's own blurb.
Read the post -
Break Free! - Bypassing Captive Portals
Bypassing hotel/airport/cafe captive portals by tunneling traffic over DNS with Iodine — the escape strategy, server + domain setup, and the iodine/proxychains client side.
Read the post -
5-Min Tutorial: K-Means Clustering In Python
A five-minute tutorial on K-Means clustering in Python — with a live, animated visualizer that shows exactly how the clusters get selected: random centers, assign-to-nearest, recenter, repeat to convergence.
Read the post -
SoundCloud Spam Analysis
Crawling 20 million SoundCloud users with a Docker crawler army (and a "borrowed" public API key), then using K-Means clustering and a Keras neural net to find and predict spam accounts — with dataset, paper, code, and PDF at the end.
Read the post -
Recap #2: End of the Year!
A year-end look back at 2016: graduating from UCSB with Honors, 2-3 posts a month, 4 papers, releasing Pydradis / Duckhunt / Pylogger, DEFCON & CHES, and a turn toward post-quantum crypto and neural nets.
Read the post -
Twitter Sentiment Analysis with Neural Networks
Hand-coding a Feed-Forward Neural Network from scratch to classify tweets as positive or negative, comparing Bayesian probabilities, Keras word embeddings, and a hand-built feature vector (~70% accuracy) against a Keras NN.
Read the post -
Duckhunting - Stopping Automated Keystroke Injection Attacks
How RubberDucky / BadUSB automated keystroke-injection attacks work, and DuckHunt — a small defense that distinguishes a real user from an injected burst by typing speed, with four protection policies (Normal, Paranoid, Sneaky, Logging Only). Includes a playable NES-style Duck Hunt mini-game of the detection problem.
Read the post -
Coding Chrome Extensions Quickly
A fast, practical walkthrough of building a Chrome extension — manifest, background script, pop-up, options, testing and publishing — using the author's Hidden: Auto-Incognito filter as the worked example.
Read the post -
Online Memories #1: 1AM
A childhood memory of sneaking onto the family's old Compaq at 1am — free dial-up ran 1am–6am — to explore the early internet, the Avila and the lights of Caracas out the window. Read it on the screen of the old machine itself.
Read the post -
Capture The Keys - Chapter 2: Pylogger
My Python reimplementation of the earlier C++ keylogger, walking through building an efficient Windows keylogger with PyHook — keystroke capture, window-aware logging, log rotation, and typed-keyword triggers (status, dump, pause, kill) — as an educational security exercise.
Read the post -
11 oddly specific (yet useful) security tips
Eleven weird-but-genuinely-useful security tips for the curious non-expert, from killing WPS to keylogging your own machine — now with a 2026 retraction on the RFID-credit-card advice.
Read the post -
Magstripe tinkering
My hobbyist dive into magnetic stripe card technology: how magstripes encode data, and how I hacked a Square reader by bypassing its encryption chip to read raw card data, with some reflections on real-world magstripe security.
Read the post -
Capture the Keys - Chapter 1: Clogger
A post-mortem of my first keylogger — a ~280-line C++ prototype I built for Windows back in college to monitor my own machine — covering its key-state polling, shift/caps filtering, window tracking, and stealth tricks, plus why I eventually abandoned it for Python.
Read the post -
Survey of Cryptographic Implementations and Vulnerabilities on Passive RFID Devices
A 20-page survey paper (UCSB) on the cryptography of passive RFID tags — system and adversary models, the attack landscape, the famous Mifare and DST breaks, and mitigation strategies — rebuilt from the original LaTeX, led in by the post's own plain-English "quick version."
Read the post -
Calculating Nonlinearity of Boolean Functions with Walsh-Hadamard Transform
A short cryptography paper (UCSB) on what nonlinearity means for boolean functions and how to measure it with the Walsh-Hadamard transform — rebuilt from the original LaTeX with a live calculator: flip an 8-bit truth table and watch its Walsh spectrum and nonlinearity recompute.
Read the post -
PenTesting 101: Setting up your lab
A 10-minute walkthrough for building your own hacking lab — VirtualBox, a Kali attacker VM, a Kioptrix victim VM, and an internal network — read as a git-graph: each step collapses as you scroll past it.
Read the post -
5-Min Tutorial: Git
A five-minute, bare-bones intro to git and Github — init, status, add, commit, log, diff, push — now with a fake in-browser terminal you can actually type the commands into.
Read the post -
Diary of an Immigrant
A short story written for IB English in 2010 — the diary of a young Irish emigrant crossing to America in 1938, sighting the Statue of Liberty from the deck. Presented as a journal you leaf through, page by page.
Read the post -
5-Min Tutorial: Caesar Cipher in Scala
A five-minute tutorial: implementing the oldest trick in cryptography in a handful of lines of Scala — with a live shift visualizer and an interactive cipher generator.
Read the post -
Android Tutorial
A quick, 4-hour Android tutorial written for UCSB's CS56 class — hosted on GitHub in markdown, paired with a 'legacy' SMS-driven Android service for students to keep building on.
Read the post -
Physical Unclonable Functions
A grad-class intro to PUFs — hardware functions whose challenge-response mapping falls out of physical manufacturing variation — covering their key principles, types, properties, and the intra-/inter-distance math used to measure them.
Read the post -
A poem for my Scottish teacher
A short, fevered poem written in 2010 to explain a sick-day absence to a Scottish English teacher — presented here as illuminated verse.
Read the post -
WWII and Computers
An old IB History paper asking whether modern electronic computers were built for war or merely re-purposed for it, plus a look at their wartime origins.
Read the post -
Bayes' Theorem and Stochastic Processes
A short discrete-maths paper on deterministic vs. stochastic systems, conditional probability, and Bayes' theorem — with a live base-rate visualizer that shows why a 99%-accurate test for a rare condition is mostly wrong.
Read the post -
Recap #1: Blog Kick-off!
Kicking off the blog: a public journal for scholastic ideas, plus a quick recap of grad school, a crypto class, an internship, and a capstone win.
Read the post


































