Hi, I'm TJ.
About Me
My name's TJ Horner, I'm 15 years old and love programming. I like going to hackathons and creating awesome stuff!
I've been programming ever since I was 7 in ActionScript. I really love Google stuff. I'm an early adopter of just about any Google product.
I beta tested Google Wave, Voice, and many others. I love material design, and am thinking about redesigning this site with Polymer.
Want to talk? I'm mostly free!
And right now? I'm not playing anything on Steam, so I'm probably working on a project.
And right now? I'm not playing anything on Steam, so I'm probably working on a project.
Favorite OS
Mobile OS? I'd have to go with Android. Stock Android. No OEM bloatware, I'm fine...
For desktop OS I'm definitely for Fedora GNU/Linux. It has a strict policy for free software, which I'm a fan of. I love tweaking everything.
For desktop OS I'm definitely for Fedora GNU/Linux. It has a strict policy for free software, which I'm a fan of. I love tweaking everything.
Favorite Language
Favorite Music
I like electro music mostly, but I'm into rock and jazz. I'm not listening to anything right now.
Nothing
Nobody
Nobody
My Rig
I use my desktop as my main weapon while programming. Here are the specs if you are interested
(PCPartPicker list):
- CPU: AMD FX-8320 3.5GHz
- GPU: Gigabyte GeForce GTX 960 2GB
- Motherboard: Gigabyte GA-970A-DS3P
- RAM: 16 GB
- Model: MSI GT72VR 6RE
- CPU: Intel i7-6700HQ (8 cores, 2.6 GHz)
- GPU: GeForce GTX 1070 (not 1070M, it's a desktop 1070)
- RAM: 16 GB
Projects
Collaborative Launchpad
Control my Novation Launchpad over the internet. Uses Node.js for MIDI interface, express.js for the server and Socket.io for WebSocket stuff.
Yes, this all happens on my real Launchpad. It also wakes me up in the middle of the night.
GitHub: https://github.com/tjhorner/collaborative-launchpad
GitHub: https://github.com/tjhorner/collaborative-launchpad
CAH Creator
CAH Creator is a website that lets you create your own Cards Against Humanity-style
decks in real-time with friends and share them with anyone.
Check it out at cahcreator.com!
It's also open source on GitHub: @CAHCreator
Soundsync
Soundsync is an Android app that lets you control Soundcloud on your desktop from your phone. You can also cast to your Google Cast-enabled
device which is great for parties, meetups, or even hackathons!
GitHub: https://github.com/tjhorner/soundsync
GitHub: https://github.com/tjhorner/soundsync
Cloud
Cloud is a thing that lets you do stuff. Actually, right now it lets you upload files and share them. It also integrates
with my URL shortener, horner.tj. So you could head over to horner.tj/c/66 and it would
take you to a sample text file! It's soon to be open source. I have it set up at cloud.horner.tj.
Hackathons
This section is outdated. Maybe I'll update it later. Hopefully.
I love attending hackathons! Here are some hackathons I'll be going to in the Winter season:
I love attending hackathons! Here are some hackathons I'll be going to in the Winter season:
January 16 - 18, 2015
PennApps is the premier student-run college hackathon. More than a thousand student programmers from all over the world converge on Philadelphia twice a year for a weekend of creating and learning. Hackathons are about coding together to solve real-world problems. Students work in teams of up to four people for thirty-six hours to create a web, mobile, or hardware application. PennApps has been around for a long time, and we're soon going to be celebrating our eleventh iteration.
PennApps is the premier student-run college hackathon. More than a thousand student programmers from all over the world converge on Philadelphia twice a year for a weekend of creating and learning. Hackathons are about coding together to solve real-world problems. Students work in teams of up to four people for thirty-six hours to create a web, mobile, or hardware application. PennApps has been around for a long time, and we're soon going to be celebrating our eleventh iteration.
January 24 - 25, 2015
Today's youth hacking tomorrow's future. Hack Gen Y is a hackathon for high school hackers in Silicon Valley.
Today's youth hacking tomorrow's future. Hack Gen Y is a hackathon for high school hackers in Silicon Valley.
Security
When I'm not making things, I like breaking things (responsibly). Here
are some things that I've broken with permission, in no particular
order.
Environment Variable Leak
Found a vulnerability in the npm internal API that leaked environment variables, including API keys and database passwords (I shit you not, their Redis password used to be
Found a vulnerability in the npm internal API that leaked environment variables, including API keys and database passwords (I shit you not, their Redis password used to be
this-is-a-password-for-redis-and-it-is-a-secret-so-dont-share-it),
on certain requests.
Cross-Site Scripting
Angular statements put into meeting chat were not properly escaped, and executed on all clients whether they had the chat open or not. This allowed an attacker to execute arbitrary JavaScript on all clients in the meeting.
Angular statements put into meeting chat were not properly escaped, and executed on all clients whether they had the chat open or not. This allowed an attacker to execute arbitrary JavaScript on all clients in the meeting.
Cross-Site Scripting
HTML not escaped properly in Glossary and Updates views from the Translate page, allowing an attacker to execute arbitrary JavaScript on a client viewing a certain translation.
HTML not escaped properly in Glossary and Updates views from the Translate page, allowing an attacker to execute arbitrary JavaScript on a client viewing a certain translation.
Cross-Site Scripting/Form Validator Bypass
When updating a user's profile, one could send arbitrary data to the server in the name fields, and that is later shown on the website but isn't escaped, so you could put anything you want in there. It is also shown and effective in the teacher's dashboard, so a student could technically just XSS a teacher.
Privilege Escalation
A certain exploit allows a student to gain access to the teacher dashboard, and do everything a teacher can do (enable tests/quizzes, view student scores, add/delete/edit students and classes, etc.) This is obviously really bad.
When updating a user's profile, one could send arbitrary data to the server in the name fields, and that is later shown on the website but isn't escaped, so you could put anything you want in there. It is also shown and effective in the teacher's dashboard, so a student could technically just XSS a teacher.
Privilege Escalation
A certain exploit allows a student to gain access to the teacher dashboard, and do everything a teacher can do (enable tests/quizzes, view student scores, add/delete/edit students and classes, etc.) This is obviously really bad.
Cross-Site Scripting
An exploit in how wallpapers on Unified Workspace works allows a user to input arbitrary JavaScript, which is later not escaped properly when loading the workspace dashboard, and is then evaluated in a script.
An exploit in how wallpapers on Unified Workspace works allows a user to input arbitrary JavaScript, which is later not escaped properly when loading the workspace dashboard, and is then evaluated in a script.
Experience
I an Intern in Software Engineering at StudentRND.
I make projects such as CodeDay Teams and ColemanCTF that go along
with CodeDay, a 24 hour programming marathon designed to encourage students to learn how to code.
I'm also a volunteer for CodeDay San Diego and help set up things like securing sponsors or getting judges.
I'm currently working on nothing by doing nothing.
Last updated at .
(updates every 10 minutes)
I'm currently working on nothing by doing nothing.
Last updated at .
(updates every 10 minutes)