I'm currently a graduate student at Carnegie Mellon. I'm interested in machine learning, web development, and music technology. I've also hacked a bunch of stuff, mainly websites and browser features. I also compose music, sail and fly airplanes.
Federal Laboratory Consortium '14, Denver: Selected for Outstanding Technology Development in the far West region for work on ADS-B sense and avoid software.
Facebook, Instagram: Bug bounty ($$), OAuth authentication attack https://www.facebook.com/whitehat/thanks/
Evernote: Security hall of fame, oauth vulnerability
Adobe/google: CSS shader vulnerability fixed in Chrome browser
(2014) OAuth demystified for mobile applications
In the proceedings for ACM CCS '14, Scottsdale, Arizona. Paper describes common vulnerabilities in mobile implementations of oauth.
(2013) Cross-origin pixel stealing: Timing attacks using CSS filters and shaders
In the proceedings for the (SIGSAC) ACM CCS '13, Berlin. Paper introduces novel timing attacks on browser rendering engine, vulnerability has since been fixed.
Link: ACM Digital Library
(2013) Noise-resilient speech segmentation using the Voting Experts algorithm
Lawrence Livermore National Laboratory
(2013) Browser security mini-lecture: a mini-lecture I gave on a network attack, a proposal made in 2007 for a set of policies to protect against it, and why their proposal failed.
Dynamic Pharming and Locked-Same Origin Policies
(2011) MODAL: Motif Determining and Locating: senior Capstone project, presented at 2012 Meeting of the Minds at Carnegie Mellon University. http://www.robertkotcher.com/pdf/AtomicRelevance.pdf
(2010) AURAFX: A Simple and Flexible Approach to Interactive Audio Effect-Based Composition and Performance: In the proceedings for the International Computer Music Conference '10, published in the ACM Communications Magazine, vol. 1, edition 6; co-authored with Carnegie Mellon professor Roger Dannenberg. http://www.andrew.cmu.edu/user/jcmacdon/ACMC/ACMC-6.pdf
Here are a few of my favorite topics from recent classes. I decided to write these into a pdf because I lose and forget things.
Independent component analysis (ICA)
Independent component analysis tries to learn statistically independent signals from a set of linearly mixed input signals.
Expectation maximization is an iterative process for estimating parameters of multinomial distributions.
Latent variable analysis
In the following notes, expectation maximization is used to describe latent variables in mulivariate, multinomial distributions to build generative models for spectrograms.
Sed is turing complete!
A bit of fun that I had at the Lawrence Livermore summer '13 hackathon. I prove that sed is turing complete using μ-recursive functions.
(Summer '14 - curr) Nebulus, Inc:
(Spring 2014) Dryden Flight Research Center (NASA):
"Research and inventions for wireless architecture for UAV and space vehicles"
(Summer 2013) Lawrence Livermore National Laboratory:
Machine learning on enormous audio datasets
(July 2012 - July 2013) Tunessence.com:
A music education website that teaches guitar, listens to you play, and gives instant feedback
(Summer 2012) Studio for Creative Inquiry, Carnegie Mellon:
Wrote a vocoder in OpenFrameworks, developed with OpenGl for the CMU School of Design
(Fall 2011) JAVA for E Business Majors, tutor:
course was an in-depth tour of object-oriented programming concepts and web application development with Apache Tomcat and JAVA servlets.
(Fall 2010) Systems Programming in C and Unix, tutor:
gave weekly lectures on functional programming concepts, scripting under CMU professor Anada Gunawardena. Link to course website (same content, but different semester):
A theme for the fish shell that pings mixpanel in real-time and shows a single event count in your command-line prompt. Zero-latency, minimal, graceful.
A website for musicians, built with Ruby on Rails.
A list of some of some music I've written
Matlab, Python, Ruby, Bash, x86