seriot.ch

About | Projects | Trail Running

💣 Parsing JSON is a Minefield

Where I demonstrate that JSON apparent simplicity is just hidden complexity that can lead to software errors and security issues.

2016-10 First version of the article
2016-10 JSON Test Suite (GitHub)
2016-10 Presentation at Soft-Shake Conference, Geneva (slides)
2016-11 Article and comments in The Register
2016-11 Presentation at Black Alps Security Conference, Yverdon (slides)
2018-13 Parsing JSON Considered Harmful, Toulouse Hacking Conference (slides)
2016-07   A JSON Parser in Swift 3 compliant with RFC 7159 (GitHub)

✏️ Drawing with Computers

Where I explore various ways to draw on screen programmatically and create interesting code, images and data visualisations.

2012-04 Home Made Maps - Python scripts to generate "centered time-distance maps" (GitHub)
2012-06 efx-backtest - Backtest your eForex trading strategies (GitHub)
2012-07 MathPlotLibs Experiments (GitHub)
2013-01 draw_bytes.py - Draws any file as a picture considering its bytes as pixel colors (GitHub)
2016-01 STStrava - Experimental visualisation of runs using Swift and Strava API (GitHub)
2016-11 STMovingImages - Create .MOV and .GIF from NSImages in Swift 3 (GitHub)
2016-11 DevTeamActivity - Generates a picture summarising the activity of a dev team on one or several repositories (GitHub)
2016-11            Swift Data Visualization workshop, Swift Alps Conference (slides, GitHub)
2018-03 kovach_pycairo.py (gist) Reproducing Benjamin Kovach's art with pycairo
2018-11 BitmapCanvas - Bitmap offscreen drawing in Swift for OS X (GitHub)
2018-11 PulsarRuns - Pulsar-plot of Strava runs (GitHub)
2018-11 schotter.py (gist) Reproducing "Schotter" by Georg Nees with pycairo
2018-11 schotter_color.py (gist)
2018-11 rainbow_rain.py (gist)
2019-01 PyCairoVisualDoc - https://seriot.ch/pycairo/ Visual documentation generator for PyCairo. (GitHub)
2019-01 sq_logo_animated.gif (gist)
2020-12 maze.py - algorithm to draw a maze (gist)
2021-10 IsoRenderer - A 2D, Cairo-based isometric renderer in Python 3 (GitHub)
2021-12 Isometric - An isometric screensaver for macOS, written in Swift (GitHub)
2022-06 truchet.py (gist)
2022-09 Intertwined - Draw intertwined threads, knots and knitting figures with PyCairo (GitHub)
2022-09 circles.py gist, circles.ps gist
2022-09 schotter.ps gist
2022-09 Postscript Golfing writing a tiny Postscript program drawing Swissquote logo
2022-10 Intersecting Planes Reproducing an image with intersecting planes in Postscript
2022-10 Isometric Stairs Isometric stairs in minimal Postscript
2023-04 Les Tuiles de Wang Atelier de programmation pour enfants (code, sample image)
2024-11 Old Macintosh Screensaver Reproducing an early 90s Macintosh screensaver with PyGame
2025-01 Amstrad CPC Color Palette in PostScript, Gist: cpc.ps, cpc2.ps

🦄 Unicode

Where I explore Unicode specifications, their implementation in various environments, edge cases and some security aspects.

2013-01      UniBinary, an efficient algorithm to encode/decode data into printable Unicode characters, (GitHub)
2014-10 Unicode Poster, (GitHub)
2014-10 I � Unicode, SoftShake 2014, (slides)
2014-11 Unicode Hacks, AppSec Forum 2014, (slides)

As a trail runner and Unicode enthusiast, I am a proud sponsor of characters:

🏃‍♂ U+1F3C3 U+200D U+2642 U+FE0F man runner
U+26F0 mountain
🏔 U+1F3D4 snow capped mountain

https://unicode.org/consortium/adopted-characters.html

🐣 Abusing Twitter API

Where I reverse engineer and document Twitter API, exploit vulnerabilities to automatise account creation and get access to user accounts.

2012-11      Abusing Twitter API, AppSec Forum 2012, (slides)
2009-04 TwitHunter - An experimental Twitter client with scoring for Mac OS X (GitHub)
2013-04 Abusing Twitter API and OAuth Implementation, Hack In The Box 2013, Amsterdam, (article, slides, video)
2013-10 Abusing Twitter API, One Year Later, AppSec Forum 2013, (slides, video)
2013-10 iOS / Twitter Integration, SoftShake 2013, (slides)
2014-05 STTwitter, CocoaHeads Lausanne, (slides)
2015-04 3 Nasty Twitter API Hacks, DahuCon, (redacted slides): Account Takeover, Automated Account Creation, SMS Abuse
2014-05 STTwitter - A stable, mature and comprehensive Objective-C library for Twitter REST API 1.1 (GitHub)

⏱ Time and Computers

Where I explore the various definitions of time, how time is managed by computers, and the troubles that can arise.

2015-10   Time and Computers, SoftShake 2015 (slides)

🧨 Error Handling

Where I discuss what is an error and various error handling strategies.

2016-04     Error Handling, AppBuilders, Zürich (slides)
2016-14 HTTPRequests - NSURLRequest extensions in Swift, demonstrating various error management strategies (GitHub)

🧠 From Brainfuck to Domino Computers

Where I explore computation, Turing completeness and esoteric programming languages.

2017-10     From Brainfuck to Domino Computers, SoftShake 2017 (slides)
2017-03 Brainfuck - A flexible Brainfuck interpreter in Swift 3.1 (GitHub)
2017-06 Wireworld - A simple Wireworld cellular automaton explorer in Swift (GitHub)
2017-06 ECAExplorer - ECAExplorer - A simple and interactive tool to explore Elementary Cellular Automata, in Swift (GitHub)
2017-07 Fluid simulation from 1D cellular automata (gist)
2017-11 Game of Life Visualization (gist 1, gist2)
2023-05 Simulating Turing Machines with Wang tiles (article, GitHub)
2023-05 A tiny Turing machine for 2-symbols Busy Beavers. No variable for state. Program is kept on input string. Gist
2023-12 bfps - a Brainfuck interpreter written in PostScript (GitHub, Hacker News comments)
2024-03 Programming in PostScript
2024-11 PostScript - 2 minutes video for Black Alps rump sessions

⚔️ Mighty Bayard

Where I create a pseudo RPG for my kids.

An original and unique creative game that I've create with and for my kids.

The game will remain unpublished because it is using proprietary assets from 3rd parties.

Presentation: 20170126_mighty_bayard.pdf

🐜 Minimal Programs

Where I explore formats, tools and protocols by writings working programs with a minimal number of bytes.

2012-12        Hello Mach-O. Dissection of minimal Intel 32-bits, 204 bytes, Mach-O "Hello World" executable file.
2015-07 A Tiny NTP client in 79 characters

⚙️ Objective-C Runtime

Where I describe the design of the Objective-C Runtime, provide tools and several tips and tricks to ease debugging.

2008-2018 iOS and Mac OS X Obj-C Runtime Browser (GitHub)
2008-2018 Dumps of classes and methods from the Objective-C runtime. For iOS and macOS. (GitHub)
2011-03   Objective-C Runtime: Cocoa's Jewel in the Crown. (NSConference 2011, slides)
2011-07 Tries to find unused Objective-C methods by examining binary files (GitHub)
2013-01 Draws dependancies among classes out of an Objective-C code base (GitHub)

🥷 iPhone Privacy

Where I demonstrate that, despite Apple claims, a malicious iPhone app can harvest a user data without even using private APIs.

2009-12           iPhone Privacy, December 2nd, développeurs iPhone de Suisse Romande, Geneva Airport. SpyPhone Project on GitHub
2010-02 iPhone Privacy, February 3rd, Black Hat DC, Arlington, VA, USA, white paper, Black Hat slides, SpyPhone Project on github, 81 citations, Forbes, Wall Street Journal
2010-04 iPhone and AppStore: Security and Privacy. Workshop on mobile security, Federal Intelligence Service FIS, Reporting and Analysis Centre for Information Assurance MELANI, Bern.
2010-09 iOS 4 Privacy, Compass Security Event 2010.
2010-11 iOS 4 Privacy, DefCon Switzerland HashDays 2010 (video, slides)

📣 Talks in various iPhone developers user groups

2007-01       Django, a new Python web framework. Sen:te, Lausanne
2009-12 iPhone Unit Tests, CocoaHeads Lausanne
2009-12 What you can do with iPhone's Camera, Netinfluence iPhone Conference.
2010-05 Building a vertical tab bar controller for the iPad, macprofessionals.ch user group, Bern. (slides, GitHub)
2011-05 Subclassing UIControl using CoreAnimation. CocoaHeads, Swissquote Bank, Gland. (slides, GitHub)
2011-12 Growing iOS Projects. CocoaHeads Lausanne, (slides)

🕵️‍♂️ Criminal Intelligence out of Email Scams

Where I produce criminal intelligence out of a spams dataset.

2010-05          Thèse de master Master LCE, 12ème colloque de l'Association Internationale des Criminologues de langue Française, Université de Fribourg, (résumé, slides)

💼 Open Banking Opportunities for Swissquote

Where I explore open banking and provide business development recommendations for Swissquote.

2020-10       EPFL EMBA Thesis, (Executive Summary, redacted). Keywords: open banking, fintech, payments, strategic management, open innovation.

🦅 Videos

2017-06      Lavaux
2021-10 Dent du Bourgo et Tsermon
2020-11 Villars-Tiercelin

⚒ Other miscellaneous tools, talks, pieces of software

2024

2023

2021

2020

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004