November 2013 - today
I've worked for companies located in various countries (France, Danemark, Italy, Poland, Germany, UK, US, Israel, Austria and India), mostly on projects related to FreeRDP, wayland and Qt:
- I've worked on OGON, a project aiming to have an opensource RDP server using FreeRDP
for the RDP primitives, it supports sound, disk redirection, multitouch devices, multiple monitors, remoteFx, H264, shadowing. It allows
to connect on a X session or to display Qt applications directly. It is currently used in 5000 shops. This project
made me modify and improve sources of FreeRDP, Xorg, openH264, Qt, wayland/weston, kwin and pulseaudio.
This project has been open sourced mid-2017.
- I've worked on misc subjects in FreeRDP: improving H264 performances by using hardware acceleration (this
project lead me to play with ffmpeg, VAAPI and the H264 format), openCL in primitives, code hardening, refactoring of the transport layer,
implementing the MS-RDPEVOR specification, implementing the dynamic resizing, implementing emulation layers in winPR, implementing
smartcard logon, ...
- I've also been hired as a RDP expert for various products that records or proxify RDP sessions, providing
technical advises, bug corrections and evolutions.
- I've implemented the RDP backend of the weston compositor, this code is the base for microsoft's WSL2 and is potentially deployed on all
windows 10 hosts;
- I've implemented the HTML and RTF formatted clipboard in GUACAMOLE;
IPdiva - Software engineer then CTO
November 2006 - November 2013, Rennes, France
IPdiva was the French leader for SSL VPN softwares, it was building softwares to secure access to LAN resources.
The company lived for 10 years with about 200 customers (hospitals, industrials, administrations, IT operators, universities ...), it has been acquired by
Systancia in 2014.
Within this job:
- I am the product's leader and I have worked on all its components.
The product is coded in C++ and python (Zope framework), the target operating systems are Linux,
Window and MacOS.
To work on the product the following skills are involved: network programming,
some knowledge of network protocols (HTTP, MS-RPC, FTP, ActiveSync, WebDAV, RDP), cryptography (openSSL),
system integration (Linux, Apache2, Win32, ActiveX, Java applet), web programming (HTML, CSS, Javascript).
- The product must appear as secured so security must be a constant concern. Today there have been only
2 CVE targeting the product.
- The product has high performance expectations, and I have worked on reducing performance bottle-necks :
diagnose performance issues (valgrind and jMeter) and make required modifications to fix them.
During the product's lifetime, performances have increased constantly although many features were
added in the same time.
- I have designed and implemented the process to build from the sources to the final delivery (from subversion to a debian
mirror archive). I have made a custom builder that can: build a delivery using multiple hosts,
manage build dependencies, tag a full delivery (handles different SVN locations),
check package's changelogs, do partial builds (only a subset of the packages).
Using this tool, a maintenance release is delivered every 3 or 4 weeks.
- I have also been involved in the design of production tools (updates site, ticket management,
PKI automation tools, monitoring).
- I have supervised at least one trainee per year.
- I have provided technical support and consulting services to major corporate clients.
April 2005 - November 2006, Rennes, France
AtosOrigin is an IT services company, I have worked for various customers.
For Orange Business Services(April 2006 - November 2006)
The project was to build a tool to automate the deployment of a JAVA web application. The application
was written in PERL and involved technologies were Apache, JOnAS and Tomcat.
For Orange (February 2006 - April 2006)
In this project we had to make some evolutions on a Jabber server component. I took part
in these evolutions. The component was queryable through SOAP requests and
I have made a SWING application to test "by hand" all the available methods (JAVA, SOAP, SWING)
For France Telecom R&D (September 2005 - February 2006)
The project was to implement a multi-platform XMPP framework (the projet's name was MOSAIC). The
target platforms were: Windows, Linux, MacOs, WindowsCE and embedded Linux. I have worked on the
core components (Visual C++, gcc) and a sample multi-platform XMPP client (C++, Qt).
I have also been involved in performance optimisations for embedded targets (Linux, valgrind).
For SFR/Cegetel (April 2005 - September 2005)
This project was a configuration interface on the IVR for the CRM of SFR ("le 9" in French).
This server is responsible for dispatching customer calls over the miscellaneous call centres.
In peak hours, there could be up to 20 incoming calls per second, the daily traffic was around 300k calls.
The goal was to implement a configuration interface to set the parameters of the voice application. The project was
written in JAVA on a WebSphere application server, the project uses
Struts, JSP,
Javascript,
Tomcat,
Castor,
XML, XSD. Development has been done using
Eclipse.
The project was delivered on-time.
Software engineer for a research project - IRISA in the IDsA project
November 2003 - December 2004, Rennes, France
This research project was to study the deployment impacts of DNSSEC. I have worked more
specifically on implementing key rollover in DNSSEC. The work has been done in collaboration with a PhD student.
We have co-written RFC drafts and papers that have been accepted in various conferences.
On the coding part:
- I have maintained the web site of the project.
- I have implemented KROd: a daemon that automate key rollover
between DNSSEC servers (C, BIND, DNSSEC).
- I have also worked on libsresolv, a tool
based on BIND toolkit to build a client DNSSEC validator (C, BIND, DNSSEC).
- I have extended the wireshark DNS dissector to decode DNSSEC records.
- I have extended BIND to support the storage of IPSECKEY
in DNS records.
- I have co-written "Algorithm for trusted key rollover" that was accepted for ICOIN 2005 in Korea.
- Another article "GDS Resource Record: Generalization of the Delegation Signer Model" was accepted for ICN'2005.
- We have submitted an internet draft.
I also have implemented it in BIND.
Software engineer - Intranode
March 2001 - May 2003, Rennes, France
Intranode was a software editor for a product that does automated security audits. The
company was also hosting the software as a service for clients. Intranode was integrated
by Netasq in 2004.
I was a member of the R&D team and I have work on building a security scanner from scratch.
We have designed and implemented an expert system based architecture to drive security tests according
to the rules defined by security experts. The output of the audit was a report
listing the vulnerabilities found on each scanned host.
- The software was highly scalable as the miscellaneous C++ components could be
distributed on many hosts, communicating in CORBA (ACE/TAO). The expert system was
written in Prolog with a C++ API. It was coded for a Linux system.
- The information gathering part of a security audit is essential because the next steps
depend on what is found during this stage. I have worked on these security tests to make
them accurate in most situations (C, C++, packet manipulation).
- In collaboration with the security monitoring team, I have also worked on implementing specific security
tests (C++)
- This work has been patented as FR0204652: "procédé et dispositif d'un audit de sécurité dans un
réseau de télécom, plateforme et systèmes correspondants"