Shapespark is a company founded by my friend Wojtek Matyjewicz and me in 2014. It provides software for creating web-based interactive 3D spaces. Shapespark is used mostly for real estate visualizations, virtual showrooms, and virtual art galleries. Shapespark was acquired in 2018 and I have left the company in 2023. Today Shapespark is a top choice for web-based architecture visualization.

wwwhisper: access control for Heroku hosted apps

wwwhisper is a language and framework-independent authorization add-on for web applications hosted on Heroku. It verifies email addresses of visitors with passwordless tokens and ensures that only owners of allowed emails can access the site.

Reflection Scan

A paper and a proof of concept that introduces a timing off-path attack on TCP. The attack exploits a shared routing queue to disclose TCP session secrets: an ephemeral port and sequence numbers used by two sides of a TCP connection.


Firekeeper was a Firefox add-on that provided Intrusion Detection System capabilities. The add-on scanned the browser requests and responses for traffic that matched known attack signatures and alerted the user of detected attack attempts. Firekeeper used rules in a Snort-compatible format. Because the scanning was done in a browser, Firekeeper was able to access and scan unencrypted HTTPS traffic. I had the privilege of being mentored by Len Sassaman and Meredith L. Patterson while working on Firekeeper during the Google Summer of Code. The project is no longer maintained.

Intercepting HTTP traffic in Firefox

nsITraceableChannel is a Firefox API that I co-authored while working on Firekeeper. At that time, Firefox did not provide a reliable way for add-ons to intercept browser traffic. Firekeeper and Firebug (which was than the top tool used by web developers) needed to resort to dirty hacks to provide HTTP request/response inspection functions. Jan Odvarko's from Firebug explains the API in more detail.

Speech Trainer

A recording application for Android specialized in quickly recording and playing back words, sentences, or musical phrases. The application automatically terminates recording and plays recorded samples when a short period of silence is detected. The source code is on GitHub, and there is also an F-Droid version.

Out of Kernel File System

An experimental virtual file system for Linux that works entirely at the user level and does not require any kernel patch or module. The source code and documentation are on GitHub.

still life