Technical Skills & Understanding
EducationI attended the DeGroote School of Business1 at McMaster University2 in Hamilton, Ontario, Canada. At the time, it was considered amongst the top 100 universities globally, and was the top research university in Canada. One of the reasons I chose it was due to the Gould Trading Floor3 with trading stations and Bloomberg terminals, as even then I was intrigued by financial markets, instruments, and derivatives, and in my downtime, during breaks in between the supporting lectures, I could observe and sim-trade the markets live from this trading floor. My tuition was covered by academic excellence scholarships I had attained. After 4 years of study, I went on to graduate with an Honours Bachelor of Commerce with a Minor in Economics, summa cum laude. To account for my programming experience, my initial exposure was via a 2 semester programming course in high school, focusing on OOP (Object-oriented programming) with Java, where projects included games such as Blackjack and Deal or No Deal. In University, I only had access to information technology electives that did not focus on programming. However, I found myself continuing to learn programming as a hobby, when it came to helping me with coursework or for gaming via automation and modification. A few years following my graduation, I completed courses via Coursera solely focused on programming and computer science, such as Python and even cryptography; the latter namely to aid in understanding of the Bitcoin Whitepaper.
BlockchainShortly following me focusing on freelance development, I had run into Magic Internet Money, also known as Bitcoin. To be clear, this wasn't my first run-in with it. Friends had asked me to look into it years prior, when its primary utility was as a medium of exchange for the Silkroad Online marketplace. It appeared at the time to me, to just be for illicit use, likely some centralised house of cards as others before it, either waiting for an exit scam or government crackdown to happen. However, on this subsequent run-in, I see it had in fact survived over the years, even whilst being at times used for questionable purposes. That was no longer its primary let alone sole activity though, this time I gave it proper attention, because other communities I would frequent, had come to start accepting and transacting in Bitcoin. The value also significantly increased, I recalled things costing multiple whole BTC, now things were priced in fractions of it. Just in case this still was some elaborate scam, I made it my goal to read and understand the whitepaper, which was above me at the time in certain respects, but where I fell short, I looked to supplement my knowledge in the field, such as the undertaking of an online cryptography course from Rice University4. Finally, having done my due diligence, I believed this isn't just Magic Internet Money but the Revolution of Money. To be clear, I have a definite nostalgia for Bitcoin, but even at the time understood it or a progeny still had a ways to go before it could achieve the anticipated financial revolution. Therefore, it was the foundational technology behind blockchain dependent upon cryptography, math, consensus and game theory amongst potentially adversarial participants that ultimately fascinated me. The underlying principles also really drew me in. As someone with a formal education in commerce & economics that grew disillusioned with those legacy systems: blockchain and its principles of decentralisation, trustlessness and censorship resistance appeared as a solution. The highly adversarial nature of the ecosystem is also both challenging and exciting, requiring high degrees of knowledge across advanced computer science spectrums such as cryptography and cybersecurity. One way to really test your mettle is by bringing an application into production into such environments, without it being buggy or exploitable on what are essentially honeypot networks with billions in them.
FreelanceI had begun freelancing within the ecosystem during this period, including password recovery utilities to help those needing to recover private keys and also providing support to setting individuals up with mining. However, there was not much that could be done on the base protocol of Bitcoin. This changed with Ethereum, which supported smart contracts and unstoppable code, on its so-called World Computer running on a Blockchain. Shortly following its release, I shifted my focus completely towards it and worked on some early smart contracts and DApps (Decentralised Applications). As touched upon in the abstract, my work has seen millions quantitatively in transactions and billions of dollars worth go through them, and targeted quadrillion dollar markets5. Refer to the subsequent notable works section for specifics. I have also served as a technical advisor for a number of startups looking to join the blockchain space that were seeking me out.
Oraclize Ltd. & Provable Things Ltd.I began also working for Oraclize which eventually became Provable, where I started off as a Software Engineer, making it to Lead Dev, and eventual CTO. I had done a number of projects while there which will be referred to in a later section, and was also charged with maintenance for much of the infrastructure, starting with the testnet environments and eventually the mainnet, where I was able to improve processes and reliability. As CTO, I made a strong push to improve coordination on the development front. While I was tasked with turning the development process into an agile environment, based on team feedback and fit I opted for a custom solution that worked well for the team. This solution rendered better awareness and cooperation between the team and roadmaps, and facilitated a more capable remote work environment, as portions of the team, including myself, were remote. Additionally, the language stack was reduced from over a dozen languages down to two for future projects, to reduce the inundated technical debt we had been running into, going forward. DevOps with proper CI/CD (Continuous Integration/Continuous Delivery) pipelines became a requirement and as many processes as possible were abstracted and automated with the goal of achieving DRY (Don't Repeat Yourself) principles.
SecurityI pride myself on being security-focused and aware. Throughout my career, I have uncovered multiple security vulnerabilities, both internal and external that I helped patch. A few notable ones will be referred to in the subsequent notable works section. Here, I'll focus on some of my tenets regarding security.
The first step is to understand that a perfect security solution does not exist, otherwise everyone would be following it, and we wouldn't have a hacking problem to begin with. It is about taking the appropriate measures on a wide spectrum, to implement layered levels of security, and appropriate understanding down to the level of primitives.
IsolationWhen it comes to personal systems, I have experimented with a variety of distributions such as locked-down systems, as in Qubes OS6 via essentially isolated paravirtualized ad-hoc environments. Great security model overall, especially if you may use or interact with binaries of questionable origin or seek high degrees of privacy. Where it fell short was in convenience and customisability, and always felt clunky and bloated, making processes that should normally take you a few minutes at times take up to an hour, due to the "rituals" you'd have to do make things permanent. And even it, as with anything, was ripe with vulnerabilities, although to the credit of the team, they were always quick to announce, and look to patch things, even with upstream dependencies. I still use it, but not as my daily driver, because I also feel it may give its users such a sense of security, that they start foregoing security precautions, they may undertake on lower security focused systems.
Open-SourceOpenness is also very important, which is why I have a personally flashed Libreboot7 ThinkPad with a libre kernel and OS running. Biggest complaint is the fact that the laptop cover seems a bit more flimsy than I remember it, while taking everything apart and putting it together, but that would either be my fault or me just not remembering how flimsy it actually was :P. Other than that, binary blobs being removed is great, but for most people, it's of little concern likely, but I appreciate it, although in my case, a bunch of functionalities, such as working sleep mode, has been sacrificed.
MinimalismThe above both provided a good sense of security... that is until I would see all the processes running, hundreds, most I had no clue what they were doing. Previously while distro-hopping onto Debian, I had experimented with a variety of LSMs (Linux Security Module) and settled on TOMOYO and a patched & hardened Linux kernel via GrSec and PaX. TOMOYO provided me with granular control on what each process was allowed to do, however, with hundreds of processes, this was next to impossible. It did have a learning mode for such cases, but still essentially gave these hundreds of base processes free rein. This is where I decided to seek out an environment, that would have only enough base processes, that I could actually track and understand what each of them does and why they are necessary and the permissions they would need manually. My search for this minimalism led me to Void Linux, having less than 40 processes on the base, and am using that as my daily driver. I generally avoid anything not open-source, and will use a Windows, MacOS, or alternative Linux computer for running anything proprietary. I also take a light Qubes approach, but rather than using paravirtualized instances, I tend to keep most run and build space isolated and ephemeral by way of containers, as to keep changes to my root filesystem minimal and generally only by my direct actions. Additional hardening is utilized via AppArmor and other userspace isolation and hardening where containers are not sufficient, which are themselves isolated and not run as a root-access user. In fact, check out my vindi project which should give an idea of how my programs run. And rather than it being an inconvenience as some may expect, it again follows DRY principles, in that the needed environment is perfectly preconfigured, so on whatever computer that I have a compatible container runtime, I have my exact configured VIM editor profile available for me, without needing to configure anything on the base system itself. Additionally, the container only has access to the folders and files you want it to, depending on where you run it, which is quite important the more plugins you depend on. So the idea behind this system is to minimize bloat, but allow when needed via containers, which still keep your base system minimalist.
EntrepreneurshipI consider myself to always have been an entrepreneurially minded person, and felt the need to have a proper stake in something to feel passionate about it, aside from just an interest in the subject matter at hand. While in school, I would do computer repair as a personal side gig to earn some money, alongside with finding trends, such as selling tablets before the iPad even was announced and GPS devices before they became a common staple. These would serve as valuable business lessons and also serve to teach me about hardware. The software knowledge I have attained today, I would definitely attribute to PC gaming. Even when it came to consoles I owned, I could not do without having them modded. Games on the PC essentially helped teach me reverse engineering via modding and hacking, attaining an understanding of memory on a computer before even knowing how to code. Even in gaming circles, I was entrepreneurially spirited going so far as to host my own World of Warcraft server which hosted hundreds of players globally, while in High School, from a spare computer in my basement. I would go on to run a number of other gaming servers down the road as well, many of which attained high popularity and would usually be at max capacity. This in turn taught me a lot about organisation, community, and working with people across the globe you've never met, to create and maintain a vision. These ecosystems were also a great precursor to the adversarial blockchain networks, as gaming communities were highly adversarial in themselves. Other groups would seek to destroy your quality of service. DDoS (Distributed Denial-of-Service) attacks were a daily occurrence, and at times would be so straining, they took the entire datacenter of the server down. This required me to fast track my knowledge of networks, implement mitigation solutions on at least the attacks the datacenter could handle, but my servers couldn't. Lone hackers would also seek to disrupt the game for unfair advantages. Luckily, my adversarial mindset, allowed me to create the tools necessary to in most cases, pre-emptively detect and ban such users by understanding the methods and patterns to seek out such cases. Upon completion of my studies I spent some time in the corporate world. I found myself to have excelled at my positions, so much so that I would be doing the work of higher ups. This would not sit well with the hierarchy directly above me as they felt threatened to become replaced. The way the corporate environments I was unfortunate to have joined appeared to be non-conducive to productivity and growth, because if you did too well, you would essentially threaten the position of your manager, and the manager would attempt to solidify themselves by selling you to their higher ups, as critical to the department in question, basically turning you into what that corporate culture liked to call, a lifer. After having gotten the knowledge I needed and could from these environments, I knew it was time to start afresh and follow my own pursuits. I refocused my efforts outside of my formal education, to software engineering, whereas mentioned previously under education, I was undertaking online courses to both refresh my knowledge and learn new things. During this time I was acting as a freelancer, mainly on the software development front doing gigs. Upon Ethereum's Homestead release (considered first production version), I took it upon myself to focus on this platform, and bootstrapped various smart contract applications for others. I was also working on personal projects, including a timestamp authority. Some of my work had taken notice with Oraclize; a company that was the top oracle solution provider at the time. They had offered me a contract and the potential for options if becoming an integral core member of the team. I considered this to be a good opportunity to join an up and coming startup, where I would have a nice steady income stream, while not sacrificing my entrepreneurial spirit by still having skin in the game myself. After about 1 year, I had been signed on for some options. By 2018 we were in talks with two companies for acquisition. In both negotiations, I was considered 1 of 3 members of the team, considered to be an integral part of the deal. The other 2 were the exec team, while I was the Lead Developer. We had a successful exit in early 2019, and one of the stipulations of the new company Provable Things Limited, was to have me on as CTO, which I was acting as since February that year until September 2019, where I went on to pursue personal ventures. Since then, I have founded Solinfra8, an infrastructure consultation company. Most of the focus of work has been on internal R&D there so far, and it is acting as a support company for other ventures of my own and that of business partners.
Notable WorkThis section will contain some of my works of note, with citations where possible and readily available. The order can be considered roughly chronological, where it makes sense. Items at the end, such as for contributorships or memberships, do not follow this order.
Ethereum Wallet Bug BountyDisclosed remote code injection vulnerability present in Ethereum Wallet to Ethereum Foundation team. This exploit was usable on many existing DApps at the time including the DAO, with the potential to steal user's funds even outside of the exploitable itself, when a user accessed the DAO or vulnerable DApp contract via the Wallet.
Ethereum Fork SplitterWrote the base working version of the AmIOnTheFork9 smart contract later used to aid in securely splitting funds from the DAO fork. Initially conceptualized by Aakil Fernandes10 albeit known charlatans would swoop in thereafter to attempt and claim credit for it from him. Likewise, my base contract initially did not receive any credit, after it was clearly used as the base by Timon Rapp of Kraken, including even my comments, word-for-word, which I published open-source 2 days prior and was the first known iteration of such a contract11. Timon Rapp eventually gave some credit after I commented about this, noting he didn't have enough time to provide all appropriate credit when initially publishing his article12. These contracts in total have accounted for over a million transactions on Ethereum's mainnet.
vDice ICO Smart Contract ContributorCo-wrote the ICO contract for vDice, as a contractual obligation to Oraclize. It was amongst the first ICO smart contracts, and completed in 2016, before the ICO craze began later in 2017.
Derivatives on Blockchain PoC for Intesa BankDesigned and wrote a complete end-to-end smart contract & DApp that acted as a bilateral derivatives contract13, as a proof-of-concept for Intesa Sanpaolo Bank on behalf of Oraclize. It yielded settlement times that were orders of magnitude more efficient than that of the traditional systems in use. I was able to apply my education quite heavily into this project as it depended on financial understanding. The PoC proved successful and it would be demoed internally and to other partners of the bank. The project went on to a second proof-of-concept for the LCH (London Clearing House) which I only had limited involvement with as it was required to be on Corda, and I was tasked with other projects at the time.
Smart Contracts on Bitcoin via Oraclize LibraryCo-wrote oraclize-lib14 which provided a Node.js interface to the Oraclize service and Bitcoin Script that would effectively allow basic smart contracts on the Bitcoin blockchain. Unfortunately, the potential of this was not tapped into by the BTC community, as the general sentiment was that Bitcoin was not intended to run smart contracts, and it would be spammy on their already throughput limited blockchain. Similar feedback that Vitalik received for wanting Ethereum initially on Bitcoin.
Proof-of-Identity on Ethereum via Government Smart CardsDesigned and wrote Proof-of-Identity15 smart contracts & DApp code. It was intended as a mechanism for KYC on the Ethereum blockchain via Estonian e-Residency cards that almost anyone could apply for. The DApp allowed users to insert their e-Residency card into their PC via a supported hardware adapter, which would read the smart card for its certificate chain, public key and common names, which would be uploaded to the blockchain. An RSA signature would be requested from the smart card, of the user's public Ethereum address. The Oraclize service was utilized for verifying the cryptographic signatures pushed on-chain, and also checking any certificate revocations via the OCSP (Online Certificate Status Protocol), which would then essentially KYC a user via government credentials to a specific Ethereum address.
eWallet - Government Smart Cards as Ethereum WalletsFurther work of mine on Proof-of-Identity result in the eWallet16 project. This iteration now allowed users to essentially receive, send and transact with ETH and ERC20 via their e-Residency cards, essentially turning the cards into wallets backed by state-level KYC. It received much praise from the Ethereum community, including from Vitalik himself17.
Aside: I had only just begun working on the project approximately 2 months prior to the 1 year claimed tweet, the proof-of-identity idea was presented for the purpose of grants a year earlier, before I was contracted by Oraclize.