Seth Arnold


NAME

Seth Arnold - sarnold(7) - +1-503-577-3453 - seth.arnold@gmail.com


SYNOPSIS

I am versatile, able to quickly adapt to and excel in complex systems, especially those with subtle security and reliability problems. I enjoy talking with customers and users; my most recent supervisor noted I have a very good sense of the customer's voice. I support co-workers with enthusiasm, improving a team's productivity and morale.


OPTIONS

- 15 years experience developing software for Linux (Ubuntu, Debian, SuSE, Red Hat, Slackware, Caldera).
- 6 years experience using OpenBSD, WinNT 4.0 / Win2K.
- 4 years experience using NetWare 3.11, SCO 3.2.4.2, and SCO OpenServer 5.0.
- Programming Languages: C, Ruby, Perl, Python, Java, Unix shell, SQL, HTML, LaTeX
- Source code control systems: Git, Subversion, CVS, BitKeeper
- Native English speaker; learning German

I have expertise with Linux kernel internals, cryptography, security issues, software development and maintenance, and the TCP/IP family of protocols. I am familiar with the constraints and freedoms of open source licenses.

I give confident, credible, and effective presentations about complex subjects.

I participate in Free Software and Open Source communities. I have been part of the Open and Free Technology Community's NOC and a staff member on Freenode.


HISTORY

May 2005 -- October 2007 Novell, Inc. / SuSE GmbH; Portland, OR, USA

I joined the SuSE Labs research and development team when Novell acquired Immunix. My responsibilities at Novell / SuSE included:

Software development

Primary developer of AppArmor Mandatory Access Control policies for the SuSE Linux family of distributions.

Primary responsibility for internal code reviews; mentored team members to improve our team's code quality and reliability.

Invented, designed, and developed a client-server architecture to integrate an online profile repository into AppArmor profile development tools to reduce the cost of deploying AppArmor.

Sole developer on XMLRPC/SOAP/HTTP server (Ruby on Rails, PostgreSQL) first deployed for openSUSE 10.3, Ubuntu Gutsy; over 300 users created accounts in the first month after release.

Performed public code quality reviews of IBM's SLIM and EVM kernel security modules, Casey Schaufler's SMACK kernel security module, Serge Hallyn's Filesystem Capabilities kernel patch, and Stony Brook's UnionFS kernel patch.

User support

Educated internal and external developers how to make the most of AppArmor with both application design and policy design, through in-person trainings, email conversations, and IRC conversations:

- AppArmor technical presentations at 2005 and 2006 SuSE Labs conference, including SuSE R&D teams and selected Novell business partners; the Novell Technical Support team; the Netware kernel development team.
- AppArmor introductory presentations in Nuernberg and Prague SuSE offices.

Served as a sounding board for co-workers; provided guidance, explored and analyzed architecture alternatives, discussed priorities.

Primary contact for community users for bug reports and contributed policies.

Second-level support for Novell's enterprise client support and deployment engineers.

Primary author of technical documentation of AppArmor.

Gave our technical writer review and feedback on our end-user documentation.

Wrote a detailed AppArmor walk-through to introduce the software to new users and serve as community marketing material.

Community AppArmor evangelist:

- AppArmor presentations at LinuxConf.eu 2007, Ottawa Linux Symposium 2007.
- openSUSE booth at Linux World Expo San Francisco 2007, LinuxConf NorthWest 2007.

Occasional technical sales support.

May 2001 -- May 2005, Immunix, Inc. (Previously WireX Communications); Portland, OR, USA

After graduating from Willamette University I joined Immunix, a pioneering startup company that invented the influential StackGuard, FormatGuard, PointGuard, and SubDomain security technologies, and sold a secure Linux distribution built with our unique tools. My responsibilities at Immunix included:

Software development

Primary developer of SubDomain mandatory access control policies.

Developer of SubDomain profile authoring tools.

Primary developer of the CryptoMark signed executable support:

- integrated OpenSSL into the Linux kernel to verify the integrity of ELF files
- wrote utilities to embed signatures into executables

Primary responsibility for migration to Subversion from CVS and Subversion administration.

Distribution packaging duties: repaired broken package builds when upgrading toolchain, integrated security and feature patches into packages, integrated new drivers and features into the kernel.

User support

Supported users on Immunix's public and private mail lists. Supported internal developers. Occasional conference calls and meetings with customers to discuss new features to support unique installations.

Authored technical documentation for Immunix's unique features, intended for technically-savvy end-users and developers.

Technical sales and on-site customer meetings, roughly one visit every three months.

Distribution security

Administered the vendor-sec community of Linux distribution security teams.

Created, tested, integrated, and documented security fixes for the Immunix Secure Linux distribution. Coordinated with other vendors through vendor-sec.

Performed source code audits; I found 21 buffer overflows in Samba and one in the Linux kernel ELF loader, and many off-by-one address validation errors in the Linux kernel memory management subsystem.

Innovation

Co-inventor on US patents 7,490,072 and 7,752,459.

September 1997 -- May 2001, Willamette University; Salem, OR, USA

Willamette University, BS in Computer Science, Mathematics, and Religious Studies. Work-study employment in the University computer lab.

Summer 2000, InterTrust; Portland, OR, USA

Design and cryptanalysis of distributed offline song proof of purchase protocol.

Design generic cryptographic library layer.

Summer 1999, CFI ProServices (acquired by Harland Financial Solutions); Portland, OR, USA

Deployment of new WinNT developer workstations, helpdesk duties.

September 1994 -- June 1999, Network Behavioral Health Care; Portland, OR, USA

I worked at NBHC, a non-profit mental health organization, part-time during high-school and full-time during holidays.

Deployment of new WinNT, NetWare domains at off-site locations.

User and application administration on Unix, NetWare, and WinNT domains.

SQL report authoring and maintenance.

Win3.1 and Win95 user deployments and helpdesk duties.


SEE ALSO

Software

I wrote the Ruby on Rails server application running http://apparmor.opensuse.org to allow users to collaboratively create security policy; full use of the server requires client tools to use the SOAP or XMLRPC backend (API at http://apparmor.opensuse.org/backend/wsdl; the clients are published in openSUSE 10.3 and Ubuntu Gutsy).

User support, marketing, papers

http://en.opensuse.org/AppArmor_Geeks AppArmor technical walk-through.

http://immunix.org Website to document and market features unique to the Immunix Secure Linux distribution. (This website can still be viewed at http://web.archive.org/web/20040102171929/http://immunix.org/ in a reduced-functionality version.)

Steve Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, Chris Wright, and Adam Shostack. Timing the application of security patches for optimal uptime. In Proceedings of The 16th USENIX Systems Administration Conference (LISA 2002).

Free Software, Open Source communities

I helped organize several international online conferences with the Uninet organization, to provide an opportunity for community members to interact with popular community mainstays and little-known authors of promising software, including one conference with a focus on security.

I have been a member of the Network Operations Committee for the Open and Free Technologies Community http://www.oftc.net/ (a member of Software in the Public Interest).

I have been a staff member of Freenode http://www.freenode.net/.

Professional development

I continually read books to expand my knowledge and abilities; a link to a partial reading log of professional development books is kept at http://careers.stackoverflow.com/sarnold/#books.

 Seth Arnold