SENIOR SOFTWARE ARCHITECT, SOFTWARE DEVELOPER
Phone: +1 (408) 676-6612
San Jose, CA
- U.S. citizen (had to put it here because everyone asks anyway)
- Over 19 years of commercial software development experience, mostly in C/C++ on Linux, including cross-platform and embedded environments.
- Over two years of Android development experience, released commercial applications on several markets.
- Proficient in designing effective, user-friendly, customer-oriented SDK APIs. Ten year experience being a customer-facing engineer.
- Developed many portable, high-available networking Linux and Windows server applications.
- Ported existing software between different operation systems and architectures.
- Reviewed existing software and communication protocols for security, patent and licensing issues.
- Reverse engineering experience including analysis of Windows and Linux executables, kernel drivers, and non-x86 executables.
- Team leader experience, proven ability to work under minimal supervision.
- Clean background. Fluent in English, Russian and Ukrainian languages.
- C, C++, Perl. Proficient with the Qt framework. Those are tools of trade. Most of the time I write performance-critical networking applications which work on Linux, OS X and Windows.
- API design and documentation experience. An example of an API and documentation could be find here: http://sourceforge.net/projects/libircclient/files/libircclient/1.7/libircclient-1.7.pdf
- Expert knowledge in porting existing software to different architectures, operating systems and hardware platforms, including the emerging ones.
- Reasonable Android development experience, including Java and C w/JNI, and Android NDK. Designed, developed and released several Android applications; some are available at the Google Play and Amazon AppStore.
- Multimedia experience, released several free multimedia applications. Used SDL and FFmpeg libraries to process video and audio on Linux and Windows.
- Decent experience in reverse engineering and binary analysis, including non-x86 architectures. This includes malware analysis, and developing decompilers for the bytecode languages to simplify the automatic malware analysis.
- Expert knowledge in TCP/IP networking applications, building high-available servers, and boosting the application network performance. Familiar with most well-known Internet protocols. Developed several cross-platform networking applications on Linux and Windows using epoll and IO Completion Ports.
- Proficient in using cross-compilers for generating stable, reproducible builds covering all necessary architectures, including creating Windows, FreeBSD and OpenBSD builds on a Linux machine.
- Linux-as-main-OS user since 2002. Have experience to install and configure FreeBSD, OpenBSD, NetBSD, Mac OS X, Microsoft Windows, Solaris, HPUX and other operating systems.
- Familiar with development boards, u-Boot, TFTP, NFS, serial consoles and other aspects of embedded development.
- Extensive use of cross-compilers (gcc, mxe, buildroot), virtual machines (VMware and kvm) and build scripts/build systems to simplify simultaneous support for multiple operating systems running on different hardware architectures
FULL TIME EMPLOYMENT HISTORY
(see also part-time projects)
Senior Software Developer at Bitdefender, Santa Clara, CA
- Designed, developed and maintained the efficient, user-friendly, stable and powerful public API for the majority of Bitdefender SDKs. The major focus was on exposing as many underlying features as possible in an easy-to-understand way while making the integration easier, and supporting full backward compatibility.
- Developed the Android bytecode analyzer and the Android malware detection engine while working closely with the anti-malware research team. Created the anti-malware SDK for Android platform which used Java and C modules accessed through the JNI interface.
- Provided pre-sales and post-sales development support to the over 100 Bitdefender OEM technology licensees. While working directly with the licensees analyzed the customer requirements and suggesting the best architecture and integration scenario in a customer-facing environment, often in the field.
- Worked with different development teams in the company headquarters in Romania to manage the current action items and open tickets. This includes both everyday email and phone communications, and visiting the headquarters 3-5 times a year. Taught the developers the best practices for portable programming, and enhanced the teams’ productivity by suggesting and helping with deployment of different tools, such as cross-compilers to make builds faster, easier and more reliable.
- Created a proof-of-concept module which offloaded part of anti-virus engine functionality on a video card (GPU) using OpenCL.
- Developed a GUI anti-virus application to scan USB drives. The application was using Qt 4.
- Implemented a portable ICAP anti-malware server. The server was implemented using epoll and handled up to 1500 concurrent connections. The project also required implementing a test ICAP client which was used to test both the functionality and the performance of the product. Both the server and the client were written in C++, and supported Linux.
- Participated in code reviews to ensure the company compliance with the 3rd party licenses. This required digging the original library license if necessary, and sometime communicating to the authors. Worked with the legal department to interpret whether the burden is acceptable, and helped to find a suitable alternatives for those libraries when it was not.
- Ported the anti-malware and anti-spam engines to MIPS platform, supporting n32 and 64 ABI with minimal code changes. Involved writing MIPS Assembly code, and debugging porting problems using MIPS debugger in Assembly.
- Ported the anti-malware engine to x86_64 Linux while using the same anti-malware database created for x86_64 Windows. Linux and Windows use different calling conventions on x86_64, so this required research, writing and debugging stubs in x86-64 Assembler.
- Ported the anti-malware engine to ARM platform, supporting LE ARM with OABI and EABI. Involved writing code in ARM Assembler, debugging the machine code without symbols loaded, and writing automatic tools to find the part of the source code where the crash happened.
- Participated in patent reviews to ensure that the company technology does not infringe specific patents.
- Rewrote the mirroring application written in PHP to work on PHP5, support Curl and work on MS Windows.
- Participated in creating the new portable API for the SDK. Ported the existing BitDefender SDK to Linux/Unix, including x86_64 build. The goal was to keep the code portable between platforms, including future platforms.
- Implemented a portable Client-Server anti-malware SDK, including the documentation and examples. The SDK could work as either multithreaded or multiprocess mode. Both the server and the client were written in C++, and supported Linux and FreeBSD on different hardware architectures.
- Wrote and maintained the developer documentation for all the SDKs. The documentation was written for OEM partners, and included generic SDK information, HOWTO section (“If you want that, here’s how to do it”), and the API reference. Carefully explained all known problems the partners might get into during the SDK integration, based on my past experience. The total size of all the documentation written was over 400 pages
Senior Unix Software Developer at Kaspersky Lab Customized Solutions, San Jose, CA
- Worked closely with multiple development teams of Kaspersky Lab OEM partners to help them to integrate our technology into their products. Provided development help and support in form of e-mail communication, source code review, remote debugging and on-site visits when necessary.
- Developed a kernel module for Mac OS X 10.4+ to provide on-access scanning capatibilities for Kaspersky Anti-Virus for Mac. This required extensive studying of existing MacOS X documentation and available source code, and a lot of experimental work. Provided the kernel module, and the user-level interface library with clean API to communicate with the kernel module. The target module worked on both PowerPC and Intel-based Mac’s. The module was written in C++, the userspace library was written in C++.
- Reviewed Kaspersky implementations, and worked with the legal team to form a legal opinion confirming that the product implementation does not infringe a specific patent. Educated the developers about patents, how to read them and and how to make sure the implementation does not infringe a patent.
- Ported the anti-virus engine to Mac OS X, and PowerPC CPU. A challenge was to use a single blob of precompiled machine code both on PowerPC Linux and PowerPC Mac OS X, which use different calling convention ABIs. This was solved by learning the PowerPC Assembler language, and writing necessary stubs which handle the difference in calling convention.
- Ported the anti-virus engine to Cavium MIPS arhitecture, and then to a proprietary partner OS. The challenges were: completely new architecture the engine has never supported, the tight schedule for the project, and the undocumented and non-standard toolchain. Created a workaround to handle calling conversion between ABI and non-ABI calls as well as between o32 and n32 ABI calls, which required knowledge of MIPS Assembler language. After studying the toolchain, created a script to make the toolchain standard with no impact to the Partner projects, adjusted to a non-standard toolchain.
- Ported the anti-virus engine to AMD x86_64 CPU. Wrote a patch to gcc compiler to generate warnings in appropriate places, which greatly speed up the porting process.
- Modified a gcc compiler source code, for gcc to be able automatically generate byte order-independend machine code. This was intended to easy the porting of the software between little-endian and big-endian hardware platforms. The integration patch was written in C.
- After talking to partners’ software developers who used our technology, created a new API for Kaspersky SDK, and completely rewrote the SDK documentation for developers. Both SDK and documentation addressed most issues the partners complained about. After the new version was released, the number of SDK integration support issues decreased dramatically, and allowed more efficient use of company resources.
Senior Software Developer, Product Architect at Kaspersky Lab HQ, Moscow, Russia
- Designed and developed an automate software build system, which handled the whole UNIX software building process for all Kaspersky Lab Unix products. The system handled everything from the checking out the application source code to the producing ready-to-install packages. The system supported all UNIX flavors we needed to use, which included several Linux and FreeBSD distributions, an OpenBSD distribution, different versions of Solaris (x86 and Sparc), and HP-UX. The system was designed as a central web server (apache) with database server (mysql), a set of scripts written in PHP and C++, and a client script written in Perl. A web management console was implemented for release engineers. The system supported builds using any compilers available, including gcc cross-compilation, native compilation, and compilation in VMWare virtual machines.
- Developed generic solution for running Kaspersky Anti-virus engine on non-x86 hardware platforms. The challenge was to implement an x86 CPU emulator, which would be able to execute an x86 machine code, used in the anti-virus database. Also developed an ELF object file loader to support replacing x86 code modules with native modules. The emulator was written in C++, the ELF loader was written in C. Also Perl was used extensively to parse and prepare x86 data units.
- Designed and developed a Kaspersky Antivirus on-access file monitor for Linux and FreeBSD. The software purpose was to ensure that only the files which have been scanned by the anti-virus are accessed, so all the file operations were intercepted, the virus check was done, and only then the file operation was allowed to continue (or not). Developed both the kernel part (a kernel module), and a user-space daemon, which communicated with it through the /proc interface. The kernel module was written in C, and the user-space daemon was written in C++.
- Analyzed and developed two decompilers for some proprietary BASIC-type languages. The purpose for these decompilers was to recreate the source code from the bytecode which would have the same functionality as the original (with lost symbol information, of course). This source code was used by the anti-virus experts to analyze the malware, as well as by automatic malware analysis system. The challenge was that neither the source code, nor the bytecode reference was available. Therefore a lot of analytical work was done, including disassembling with IDA and SoftIce, and writing complex Perl scripts to analyze produced data. Then the decompilers were developed using portable C++.
- Designed and developed Kaspersky Anti-Virus for Sun Messaging Server. Very strict timeline, and undocumented proprietary integration protocol, which needed to be decyphered, made it an interesting project. Solved as two-computer solution with two networking daemons on both ends, a protocol agent implementation running on Sun Sparc, and the AV engine on a Linux end. Everything was written on C++ except the agent, which was written in plain C.
- Designed and developed Kaspersky Anti-Virus for HPUX Openmail. There was no official way to integrate the anti-virus with this product, so the way was found utilizing the ELF format knowledge, and binary audit tool (IDA). Solved as two-computer solution with the integration shared library on HPUX end, and a networked AV engine on a Linux end. Networked AV engine was written on C++, and the library was written in C.
- Ported several modules, including the anti-virus kernel, from MS Windows platform to several hardware and software platforms, including x86 (Linux, FreeBSD, OpenBSD), Sparc (Solaris), HP-UX, and ARM (Linux). The challenge was that the original code was written without having portability in a mind, so a lot of code was simply non-portable, and had to be rewritten. Developed a compatibility library, which goal was to simplify the porting process. Wrote the documentation, and made a presentation for company software developersabout portability issues, with instructions how to write portable code.
- Supervised a team of four Unix software developers and a dedicated QA engineer, analyzing the product requirements, preparing design documents, developing the components architecture, creating and maintaining project plans, and writing reports using MS Project and MS Office/OpenOffice. Made decisions regarding tools used for development, external libraries and tools.
Software Developer at ITCS International, Kiev, Ukraine
- Led the team of developers for the fast and secure credit card transaction server for a large financial customer. The server worked with AmEx terminals over a TCP/IP network using the ISO 8583 protocol. Designed and developed the server part of the client-server solution, using C++ as a primary language. Implemented a parser and generator of ISO8583 messages according to ISO 8583 standard. Implemented a network stack, socket pool and connection manager. Also developed a test AmEx terminal, using Perl, to simplify automatic testing process. The application primary platform was Sparc Solaris, but as the application was written portable, it was possible to run the QA on Linux, saving the company money and the time.
- Designed and developed an object-oriented Java-like language compiler, and its bytecode interpreter, so it was possible to distribute just a compiled bytecode, and not the source code itself. The purpose of language was to enable the client-provided MS Word-like application with the ability to execute the scripts created by a user. Because the most users of the application were not programmers, the main goal of creating such a language was to be simple, secure and powerful. The goal was reached. The language compiler was developed using flex/bison as grammar parsers, and the rest of code was written in portable C++, so it worked both under MS Windows and UNIX flavors. Also the extensive use of Perl scripts to generate the language class templates and language documentation allowed saving the project time and cost.
- Ported several complex Lotus Domino Windows plug-ins to Linux, Solaris and AIX OS. The challenge was to learn the Lotus Domino SDK, and the differences between Windows and Linux SDK very quickly because of the tight project schedule. The plugins were written in C and C++, with extensive use of threads and IPC objects (semaphores and shared memory).
Software Developer at Ukrpage, Lviv, Ukraine
- Designed, developed and maintained the full stack of the company internal software which provided paging service to the users. From the client end to the backend, everything was my responsibility.
- Designed and developed a MS Windows MFC program to control the Motorola CNET device (hardware TNPP-compatible POCSAG coder and transmitter) through a COM port. Implemented a complete TNPP protocol specification, according to documentation provided by Motorola. After the migration to Linux had started, the application was ported to Linux using Trolltech Qt. The application was written using Visual C++ and MFC, and then ported to Linux using Trolltech Qt and gcc.
- Designed and developed a Linux application to add additional services for our customers: DTMF paging, and Voicemail. Implemented the hardware driver using the Motorola-provided special hardware and specifications, the Voicemail database using MySQL, and the administrator panel, using Perl and apache. The application was written on C++, the driver was written on plain C.
- Created a hardware POCSAG signal receiver, designed and developed a software decoder and transmitted message integrity checker. This made the transmitting system fail-safe. The receiver was initially developed for MS Windows 95, and written using Visual C++ with MFC, and then was ported to Linux with the Web-based console
Software Developer at Eles, Ltd, Lviv, Ukraine
- Developed a set of libraries to handle image processing and conversion in the embedded hardware.
Software Developer at Lvov Attraction, Lviv, Ukraine
- Extended the functionality of existing x86-based arcade machines; fixed firmware bugs, added Ukrainian localization and reprogrammed it to accept new Ukrainian currency.
C++ Software Developer and Architect at Citrix (formerly ScaleXtreme, Inc)
- Participated in designing the complete cloud application architecture. Suggested some key features, created and maintained design documents. Used my general knowledge of client-server architecture, Unix networking, and OpenSSL.
- Designed and developed the networking server which tracks different cloud components, helps them to find each other, retrieve the information about other connected components, and initiate inter-component communications. The server supports up to 50,000 simultaneous connections, uses client and server certificates for mutual authentication, uses TLS for encryption, and will support scaling. The server was written in C++, used epoll() and OpenSSL.
- Designed and developed the certificate authority which handled all necessary certificate generation for every component. The authority included a set of PHP scripts to automatically generate and approve certificates for various components, as well as a web site to manage the authority remotely. Besides the certificate generation, the web site included the user roles, and the management interface. Used PHP and openssl with some AJAX and CSS.
- Troubleshooted and fixed the Java connector part to support client certificate authorization.
Python porting / Qt GUI development at Lexam Research
- Ported a huge (over 120 widgets, dialogs and windows) user interface application from Python to C++. The main challenge with the port was knowledge of Python, which I had to learn. The functionality was also extended as requested by the customer. The project was written in C++ using Qt 4, uses gcc on Unix, and MinGW and NSIS installer on MS Windows. Perl scripts were also created to convert a large number of dialogs into UI files. A set of build scripts has been created to build both Windows and Linux version directly from Linux workstation using cross-compiled MinGW compiler and NSIS for Linux.
Networking / ICAP Linux development at Infowatch
- Created an ICAP server for intercepting the HTTP traffic to detect the leaked information. The server supported a requested subset of ICAP commands plus mandatory minimum required by RFC. The server passed the content to an external shared library using the agreed upon interface which was discussed with, and approved by the company. The server supported 204, keep-alive and other advanced options, but provided workarounds for the ICAP clients which did not support them. Written in portable C++, ICAP server was developed primarily for Linux, but should work on any other platform with pthreads.
GUI / Qt development for Linux/Windows at Calabasas Creek Research
- Ported the plasma engine simulation toolkit to Qt4 and Linux. The main challenge was to port the graphics code, which used Dislin graphics library. Dislin was a closed-source library with a sparse documentation, which did not document its internals, so some black box testing was required. The project was written in C++ using Qt 4. The project has been completed with two people, another person working under my supervision.
- Implemented the complex GUI to a scientific application. The GUI was mostly used on Microsoft Windows, but since there was a possibility to run the application on OS X the Qt Toolkit was used again. The GUI was very complex, having more than 60 dialog windows, and a dozen of custom widgets, so the proper architecture and separating common code was a must. While the GUI itself wasn’t a major challenge, the number of windows, and their combinations, required a lot of efforts to keep the code base maintenable, since the whole project has been done by one person. The expression evaluator module required good knowledge of bison and flex as well as their integration into C++ language, and into qmake build system. The project was written in C++ using Qt 4, uses gcc and rpm on Unix, and MinGW and NSIS installer on MS Windows. A set of build scripts has been created to build both Windows and Linux version directly from Linux using cross-compiled MinGW compiler and NSIS for Linux. The project took approximately one man-year of part-time work.
- Ported the physics simulation toolkit to Windows/Linux/MacOSX port using Qt4. The original source code was written in C++ using xlib X Window functions, so X Window knowledge was required to complete the port. An imporant requirement was to provide the source code compatibility with applications using the toolkit.
System library development at Centromeric, Inc.
- Created a generic abstraction interface to provide the company’s application a consistent interface to intercept and sometime alter the system calls across Linux operating systems. The goal was to add extra functionality to any application without having access to the application source code. This new functionality allowed the application designed to manipulate local files, to access and manipulate files and other objects on remote computers. The project required deep systems level knowledge to overcome implementation differences across multiple operating systems. The project was coded in C/C++ using GCC and has been tested on Linux Red Hat 7.3 and above.
- Created a method to intercept and change the Win32 API calls for a specific Windows binary. The goal was to add extra functionality to any application without having access to the application source code, or patching it. This new functionality allowed the application designed to manipulate local files, to access and manipulate files and other objects on remote computers. The project required deep understanding of PE files format, Windows system calls and good knowledge of x86 Assembler to write a loader and to debug problems. The project was coded in C++ and x86 assembler using mingw and MSVC, and supported Windows 2000, XP and 2003.
GUI / Qt development for Windows at Skyler.
- Developed a GUI according to the draft specification. The company had to make the product available on a very short call. The goal was to develop GUI for the data processing library according to the API provided. While the GUI itself was not that complex, requiring only several custom widgets and had less than ten total windows, the very short deadline was a challenge – five calendar days (with two weekend days) for the whole project, including QA and integration. The development was done on Linux using Qt4, and additionally tested and debugged on Windows. KDevelop and Visual C++ were used as IDEs. The project was finished on time.
OPEN SOURCE PROJECTS
- Sole creator, developer and maintainer of Kchmviewer located at http://sourceforge.net/projects/kchmviewer which is a free open-source Qt/KDE based viewer for CHM (Compiled Help Manual) files, which has a lot of unique features, including tab browsing. It is the only CHM viewer with native KDE support. Stable, mature version, started in early 2005. Successfully ported it to a pure Qt4 application, without using qt3-support, in 2007. Released under GNU General Public License.
- Sole creator, developer and maintainer of Karaoke Lyrics Editor located at http://sourceforge.net/projects/karlyriceditor which is an open-source Qt based lyrics editor for Karaoke songs in popular formats. It used SDL and FFMpeg to play music files, and export the lyric videos. Released under GNU GPL Open Source License.
- Team member of XBMC located at http://www.xbmc.org, which is a full-featured cross-platform media center application, which is also completely open-source. Developed the karaoke backend.
- Creator, project administrator, developer, tech documentation writer and maintainer of libircclient located at http://sourceforge.net/projects/libircclient. This is an open-source IRC client-side library, which handles everything someone needs to build their own IRC client or bot. Stable, mature version, started in 2004 and completed in 2005 but still supported and used by several other projects. Excellent documentation is available here: here: http://sourceforge.net/projects/libircclient/files/libircclient/1.7/libircclient-1.7.pdf. Released under GNU GPL License.
Authored several articles on software development, reverse engineering and system administration:
- select / poll / epoll for system architects (http://www.ulduzsoft.com/?p=816) is an article which covers the difference between those polling methods and explains when each method applicable.
- How does the reverse engineering work (http://www.ulduzsoft.com/?p=636) – this is a series of four posts which explains how the reverse engineering works to the general public usingof the popular file formats as an example. Part 4 (http://www.ulduzsoft.com/?p=651) is advanced, and explains how even an encrypted file format could be reversed in some cases.
- FontPreference dialog for Android (http://www.ulduzsoft.com/?p=579) explains how to implement the font selection dialog on Android. Other articles on the same topic include ChooseFile/ChooseDirectory dialog, and ColorPreference dialog .
- Your personal GMail-like email system (http://www.ulduzsoft.com/?p=298) is a series of articles for system administrators explaining how to set up your own e-mail system for personal or business use based on free software using Dovecot, Postfix, Round Cube and getmail.
- Master C/C++. Passed the C Programming, C++ Programming, and C++ Fundamentals tests.
- Master Perl. Passed the Perl test with the highest score possible - 5.0.
- Master in UNIX development. Passed the Linux Programming, UNIX Programming, and UNIX Korn Shell Scripting tests.
- Master in web server development. Passed PHP 4, ASP and CGI Scripting tests.
- Master in UNIX Administration. Passed Linux Administration (General and RedHat), UNIX Administration (Solaris and Solaris 8), MySQL 3.23 Administration (4.91 score), Apache 1.3.12 Administration (5.0 score), and TCP/IP Administration tests.