My Profile

David Fort

Software developer

Codito ergo sum

I code, therefore I am

20 years experience in analyzing, developing and troubleshooting softwares for IT security. Proven ability in the design, development and implementation of new software solutions and in the customization of existing solutions to specifications.

Skills

  • Software development

  • Languages - c / c++, python, javascript, java, html, css, postgresql, lex/yacc, x86 assembly.
  • Toolkits / platforms - CORBA (ORBacus, ORBit, ACE+TAO, JacORB), RMI, Qt, TCP/IP, OpenSSL, Apache, gtk
  • Softwares - eclipse, gdb, valgrind, wireshark
  • Operating systems

  • Linux, Windows, MacOs
  • Languages

  • French - native language
  • English - working knowledge

Education

University

2000

DEA d'intelligence artificielle à l'UFR Sciences de Nantes (French University degree for predoctoral research in artificial intelligence, 5 years at University after Baccalauréat)

University

1999

Maîtrise informatique (equivalent to a Master's degree in computer science, four years at University after Baccalauréat).

Baccalauréat série C (French scientific high-school diploma)

1994

Work Experience

Independant consultant - Hardening consulting

November 2013 - today

I've worked for companies located in various countries (France, Danemark, Italy, Poland, Germany, UK, US, Israel, Austria and India), mostly on projects related to FreeRDP, wayland and Qt:

  • I've worked on OGON, a project aiming to have an opensource RDP server using FreeRDP for the RDP primitives, it supports sound, disk redirection, multitouch devices, multiple monitors, remoteFx, H264, shadowing. It allows to connect on a X session or to display Qt applications directly. It is currently used in 5000 shops. This project made me modify and improve sources of FreeRDP, Xorg, openH264, Qt, wayland/weston, kwin and pulseaudio. This project has been open sourced mid-2017.
  • I've worked on misc subjects in FreeRDP: improving H264 performances by using hardware acceleration (this project lead me to play with ffmpeg, VAAPI and the H264 format), openCL in primitives, code hardening, refactoring of the transport layer, implementing the MS-RDPEVOR specification, implementing the dynamic resizing, implementing emulation layers in winPR, implementing smartcard logon, ...
  • I've also been hired as a RDP expert for various products that records or proxify RDP sessions, providing technical advises, bug corrections and evolutions.
  • I've implemented the RDP backend of the weston compositor, this code is the base for microsoft's WSL2 and is potentially deployed on all windows 10 hosts;
  • I've implemented the HTML and RTF formatted clipboard in GUACAMOLE;

IPdiva - Software engineer then CTO

November 2006 - November 2013, Rennes, France

IPdiva was the French leader for SSL VPN softwares, it was building softwares to secure access to LAN resources. The company lived for 10 years with about 200 customers (hospitals, industrials, administrations, IT operators, universities ...), it has been acquired by Systancia in 2014.
Within this job:

  • I am the product's leader and I have worked on all its components. The product is coded in C++ and python (Zope framework), the target operating systems are Linux, Window and MacOS. To work on the product the following skills are involved: network programming, some knowledge of network protocols (HTTP, MS-RPC, FTP, ActiveSync, WebDAV, RDP), cryptography (openSSL), system integration (Linux, Apache2, Win32, ActiveX, Java applet), web programming (HTML, CSS, Javascript).
  • The product must appear as secured so security must be a constant concern. Today there have been only 2 CVE targeting the product.
  • The product has high performance expectations, and I have worked on reducing performance bottle-necks : diagnose performance issues (valgrind and jMeter) and make required modifications to fix them. During the product's lifetime, performances have increased constantly although many features were added in the same time.
  • I have designed and implemented the process to build from the sources to the final delivery (from subversion to a debian mirror archive). I have made a custom builder that can: build a delivery using multiple hosts, manage build dependencies, tag a full delivery (handles different SVN locations), check package's changelogs, do partial builds (only a subset of the packages). Using this tool, a maintenance release is delivered every 3 or 4 weeks.
  • I have also been involved in the design of production tools (updates site, ticket management, PKI automation tools, monitoring).
  • I have supervised at least one trainee per year.
  • I have provided technical support and consulting services to major corporate clients.

Software engineer - Atos Origin

April 2005 - November 2006, Rennes, France

AtosOrigin is an IT services company, I have worked for various customers.

For Orange Business Services(April 2006 - November 2006)
The project was to build a tool to automate the deployment of a JAVA web application. The application was written in PERL and involved technologies were Apache, JOnAS and Tomcat.
For Orange (February 2006 - April 2006)
In this project we had to make some evolutions on a Jabber server component. I took part in these evolutions. The component was queryable through SOAP requests and I have made a SWING application to test "by hand" all the available methods (JAVA, SOAP, SWING)
For France Telecom R&D (September 2005 - February 2006)
The project was to implement a multi-platform XMPP framework (the projet's name was MOSAIC). The target platforms were: Windows, Linux, MacOs, WindowsCE and embedded Linux. I have worked on the core components (Visual C++, gcc) and a sample multi-platform XMPP client (C++, Qt). I have also been involved in performance optimisations for embedded targets (Linux, valgrind).
For SFR/Cegetel (April 2005 - September 2005)
This project was a configuration interface on the IVR for the CRM of SFR ("le 9" in French). This server is responsible for dispatching customer calls over the miscellaneous call centres. In peak hours, there could be up to 20 incoming calls per second, the daily traffic was around 300k calls.
The goal was to implement a configuration interface to set the parameters of the voice application. The project was written in JAVA on a WebSphere application server, the project uses Struts, JSP, Javascript, Tomcat, Castor, XML, XSD. Development has been done using Eclipse.
The project was delivered on-time.

Software engineer for a research project - IRISA in the IDsA project

November 2003 - December 2004, Rennes, France

This research project was to study the deployment impacts of DNSSEC. I have worked more specifically on implementing key rollover in DNSSEC. The work has been done in collaboration with a PhD student. We have co-written RFC drafts and papers that have been accepted in various conferences.
On the coding part:

  • I have maintained the web site of the project.
  • I have implemented KROd: a daemon that automate key rollover between DNSSEC servers (C, BIND, DNSSEC).
  • I have also worked on libsresolv, a tool based on BIND toolkit to build a client DNSSEC validator (C, BIND, DNSSEC).
  • I have extended the wireshark DNS dissector to decode DNSSEC records.
  • I have extended BIND to support the storage of IPSECKEY in DNS records.
  • I have co-written "Algorithm for trusted key rollover" that was accepted for ICOIN 2005 in Korea.
  • Another article "GDS Resource Record: Generalization of the Delegation Signer Model" was accepted for ICN'2005.
  • We have submitted an internet draft. I also have implemented it in BIND.

Software engineer - Intranode

March 2001 - May 2003, Rennes, France

Intranode was a software editor for a product that does automated security audits. The company was also hosting the software as a service for clients. Intranode was integrated by Netasq in 2004.
I was a member of the R&D team and I have work on building a security scanner from scratch. We have designed and implemented an expert system based architecture to drive security tests according to the rules defined by security experts. The output of the audit was a report listing the vulnerabilities found on each scanned host.

  • The software was highly scalable as the miscellaneous C++ components could be distributed on many hosts, communicating in CORBA (ACE/TAO). The expert system was written in Prolog with a C++ API. It was coded for a Linux system.
  • The information gathering part of a security audit is essential because the next steps depend on what is found during this stage. I have worked on these security tests to make them accurate in most situations (C, C++, packet manipulation).
  • In collaboration with the security monitoring team, I have also worked on implementing specific security tests (C++)
  • This work has been patented as FR0204652: "procédé et dispositif d'un audit de sécurité dans un réseau de télécom, plateforme et systèmes correspondants"

Interests

Opensource and computer science

I'm an opensource enthusiast since 1996. I'm an active contributor of the FreeRDP and Wayland projects. I'm the maintainer of the RDP compositor in weston, the reference compositor of wayland. I kept a great interest in IT security and reverse engineering.

Music

I'm playing diatonic accordion, clarinet and bombarde (a Breton oboe), piano

Sport

I'm practising windsurfing for many years. I'm beginning waves riding, and I hope to be able to do jumps with rotations in the next years.