I contribute to many open source projects. On this page, you can find a hopefully exhaustive, unsorted presentation of the various crimes I’ve committed in these projects.
Personal projectsFuture projectsModest contributionsResElCAPRICAIMT Atlantique
In the few hours I have left each week outside work and associative activities, I happen to work on a few fun projects of mine.
Fewer and fewer people carry cash around with them, and at the office, begging for money to feed the collective kitty to buy coffee is a nightmare. So I developed this little project, linked to Stripe, to manage the break room cash flow.
bibedit is a program that allows to format a BibTeX bibliography in a homogeneous way, according to a number of policies. The code features some interesting experiments in OCaml, notably a preprocessor extention (PPX) that generates command-line parsers (we can pompously say it’s a command-line parser generator parser). The project is on hold due to a lack of time, and its PPX will soon be unbundled and developed as a standalone project.
Carnac is my playground for implementing some lambda calculus encodings into Menhir grammars. Because of Menhir’s grammar typing, arbitrary implementation choices have been made. Currently, Carnac encodes Church’s booleans and integers in Menhir.
cronlib is an OCaml library to parse crontabs. Nothing more for the moment!
I maintain a fork of ocamLDAP, the OCaml library to talk to LDAP servers. My fork makes connections non-blocking, better handles TLS and respects connection timeouts without SIGALRM tricks. Use it!
The day I discovered preprocessor extentions for OCaml was the beginning of a long love story! From time to time, I develop new PPXs to simplify my life and make my OCaml code even more expressive.
timed-cache is an OCaml library to implement almost-Hashtbl-compatible key-value stores with automatic time-based deletion strategies. I regularly use it as a function cache, where LRU or FIFO caches are not suitable.
Yarec, for Yet Another RexEx Compiler is a safe, non-explosive, quasi-PCRE-compatible RegEx engine. It is developed in OCaml and features an exotic recursive automaton data structure: states are actually small interpreters of a stack language able to recursively call other automata. The project is on hold due to a lack of time.
I’ve got some big projects in the pipeline on which I haven’t yet found the time to do much work.
Deccert is a project to build a decentralized, sharded CERT ecosystem between trusted network communities, to share the burden of risk management teams and systems and provide an entry point for smaller players based on the goodwill of larger players.
The Zero Transfer Gateway is a project to build a decentralized, multi-protocol data transfer monitor. If you’re not in the finance or automotive industries, chances are you’ve never heard of such a thing; I’d like to democratize these systems.
I’m not a huge fan of visual programming. However, in some business-critical cases, it can be important to know precisely, visually, where things go wrong, why, and progressively patch code. I am working on an object- and data-oriented visual language with live-patching and A/B testing capabilities called Tracer.
Here are a few small contributions I made in open source projects. I really liked how welcoming these projects’ communities were, with a special mention for Git Cola, which I think is a very good project for getting started in open source.
ExtUnix is a collection of OCaml bindings to low-level UNIX system calls. I added support for IPv6 in the getifaddrs ExtUnix binding.
Incus is a container and virtual machine manager written in Go. I added support for low-level, user-defined dynamic operations on virtual machines using the QEMU Machine Protocol (QMP).
Git Cola is a graphical interface for Git written in Python. I’ve added to Git Cola the ability to manage local file exclusions, an option to reset the window layout, the ability to rename stashes, and a dialog for consulting Git server responses.
linuxcontainers.org is the showcase website for a group of projects with the goal of offering a vendor-neutral environment for the development of container technologies. I translated into French the part of the website presenting Incus, and made a few improvements in the website generator.
Nextcloud is the most popular online drive management software. I helped add support for the naming and deletion of file versions in Nextcloud when using S3-compatible storage backends, using S3 object tags (in addition to metadata). The contribution has been merged into Nextcloud 27.0.1.
The ResEl (for Réseau des Élèves) is a French student Internet service provider. It provides Internet access and many services to 1400 rooms on the IMT Atlantique campuses in Brest, Nantes and Rennes. I maintain and have participated in a large number of projects within the association.
DHCAPI is an API for FreeRADIUS that manages the discovery and request logic for the DHCP servers of the ResEl. It is written in Python, but will soon be rewritten in OCaml. The project was launched because of the many limitations of traditional DHCP solutions, given the complexity of the ResEl infrastructure.
As a result of its activities, the ResEl needs to produce thousands of documents every year (invoices, reports, minutes, etc.). I designed and implemented the current visual identity for the LaTeX documents the association issues on a daily basis.
Both a showcase website for the association and the portal for user account management, myResEl is without doubt the most important tool for our users. It is based on the Django framework. I have made many improvements to the design and functionality of the website over my years with the association, and developed a webplayer enabling our users to watch TV from within our network.
RADAPI is an API for FreeRADIUS that manages the authentication, authorization and accounting logic for the RADIUS servers of the ResEl. Initially developed in Python, RADAPI was rewritten in OCaml for performance and safety reasons. I am the initiator of the project and its sole developer.
ResEl ID is the centralized authentication service of the ResEl. It is based on the tried-and-tested Apereo CAS and enables users to log in to our various services with their ResEl account. I am responsible for the entire configuration and design of the website.
ResEl NSA is the metrics collection and dispatching agent of the ResEl. Entirely developed in Bash, it enables the parallel execution of monitoring tools and transmits data at regular intervals to a remote Warp 10 time series server.
Vizir is a documentation generation engine based on Sphinx. Its specificity lies in its ability to aggregate files from several Git repositories to generate one or more documentation projects. Vizir is developed in Python.
CAPRICA, for Cartographie, Analyse et Prévention des Risques sur des Infrastructures Complexes Actives, is the code name for my PhD project. During these three years, I have developed several tools, some of which are presented here.
CL/I is a formally-specified, component-oriented infrastructure description language that allows to perform automated property verification on IT infrastructures. The CL/I compiler can plug to model checkers and theorem provers (it has formally-defined transformation semantics into Z3), and embeds a small runtime engine. The compiler is written in OCaml
To ensure the reproducibility of my thesis experiments, I have developed scripts to deploy a Proxmox VE hypervision cluster on Emulab.
mitre2owl is a Python tool for translating MITRE XML reference datasets (CAPEC, CVE and CWE) into expressive OWL ontologies. It uses XSD schemas to build specialized parsers for the XML data, which in turn are used to build the ontologies. mitre2owl is used to build nightly versions of the ontologies automatically with GitHub Actions.
Working at IMT Atlantique, I have had the opportunity to develop free and open source software. These projects are used on a daily basis there, and I hope they can be of use to others elsewhere.
Spider is a multi-protocol, multi-format, multi-threaded resource crawler. You can see it as your regular wget --spider, but on steroids, with support for several protocols, content types, schemes, and output formats.