I contribute to many open source projects. On this page, you can find a hopefully exhaustive, unsorted presentation of the various crimes I’ve committed in these projects.
Personal projectsFuture projectsModest contributionsResElCAPRICA
In the few hours I have left each week outside work and associative activities, I happen to work on a few fun projects of mine.
Fewer and fewer people carry cash around with them, and at the office, begging for money to feed the collective kitty to buy coffee is a nightmare. So I developed this little project, linked to Stripe, to manage the break room cash flow.
bibedit is a program that allows to format a BibTeX bibliography in a homogeneous way, according to a number of policies. The code features some interesting experiments in OCaml, notably a preprocessor extention (PPX) that generates command-line parsers (we can pompously say it’s a command-line parser generator parser). The project is on hold due to a lack of time, and its PPX will soon be unbundled and developed as a standalone project.
Yarec, for Yet Another RexEx Compiler is a safe, non-explosive, quasi-PCRE-compatible RegEx engine. It is developed in OCaml and features an exotic recursive automaton data structure: states are actually small interpreters of a stack language able to recursively call other automata. The project is on hold due to a lack of time.
I maintain a fork of ocamLDAP, the OCaml library to talk to LDAP servers. My fork makes connections non-blocking, better handles TLS and respects connection timeouts without SIGALRM tricks. Use it!
Carnac is my playground for implementing some lambda calculus encodings into Menhir grammars. Because of Menhir’s grammar typing, arbitrary implementation choices have been made. Currently, Carnac encodes Church’s booleans and integers in Menhir.
The day I discovered preprocessor extentions for OCaml was the beginning of a long love story! From time to time, I develop new PPXs to simplify my life and make my OCaml code even more expressive.
timed-cache is an OCaml library to implement almost-Hashtbl-compatible key-value stores with automatic time-based deletion strategies. I regularly use it as a function cache, where LRU or FIFO caches are not suitable.
cronlib is an OCaml library to parse crontabs. Nothing more for the moment!
I’ve got some big projects in the pipeline on which I haven’t yet found the time to do much work.
I’m not a huge fan of visual programming. However, in some business-critical cases, it can be important to know precisely, visually, where things go wrong, why, and progressively patch code. I am working on an object- and data-oriented visual language with live-patching and A/B testing capabilities called Tracer.
The Zero Transfer Gateway is a project to build a decentralized, multi-protocol data transfer monitor. If you’re not in the finance or automotive industries, chances are you’ve never heard of such a thing; I’d like to democratize these systems.
Deccert is a project to build a decentralized, sharded CERT ecosystem between trusted network communities, to share the burden of risk management teams and systems and provide an entry point for smaller players based on the goodwill of larger players.
Here are a few small contributions I made in open source projects. I really liked how welcoming these projects’ communities were, with a special mention for Git Cola, which I think is a very good project for getting started in open source — David, you rock!
Nextcloud is the most popular online drive management software. I helped add support for the naming and deletion of file versions in Nextcloud when using S3-compatible storage backends, using S3 object tags (in addition to metadata). The contribution has been merged into Nextcloud 27.0.1.
ExtUnix is a collection of bindings to low-level UNIX system calls. I added support for IPv6 in the getifaddrs ExtUnix binding.
Git Cola is a graphical interface for Git written in Python. I’ve added to Git Cola the ability to manage local file exclusions, an option to reset the window layout, the ability to rename stashes, and a dialog for consulting Git server responses.
The ResEl (for Réseau des Élèves) is a French student Internet service provider. It provides Internet access and many services to 700 rooms on the IMT Atlantique campuses in Brest and Rennes. I maintain and have participated in a large number of projects within the association.
Both a showcase website for the association and the portal for user account management, myResEl is without doubt the most important tool for our users. It is based on the Django framework. I have made many improvements to the design and functionality of the website over my years with the association, and developed a webplayer enabling our users to watch TV from within our network.
ResEl ID is the centralized authentication service of the ResEl. It is based on the tried-and-tested Apereo CAS and enables users to log in to our various services with their ResEl account. I am responsible for the entire configuration and design of the website.
RADAPI is an API for FreeRADIUS that manages the authentication, authorization and accounting logic for the RADIUS servers of the ResEl. Initially developed in Python, RADAPI was rewritten in OCaml for performance and safety reasons. I am the initiator of the project and its sole developer.
DHCAPI is an API for FreeRADIUS that manages the discovery and request logic for the DHCP servers of the ResEl. It is written in Python, but will soon be rewritten in OCaml. The project was launched because of the many limitations of traditional DHCP solutions, given the complexity of the ResEl infrastructure.
ResEl NSA is the metrics collection and dispatching agent of the ResEl. Entirely developed in Bash, it enables the parallel execution of monitoring tools and transmits data at regular intervals to a remote Warp 10 time series server.
As a result of its activities, the ResEl needs to produce thousands of documents every year (invoices, reports, minutes, etc.). I designed and implemented the current visual identity for the LaTeX documents the association issues on a daily basis.
Vizir is a documentation generation engine based on Sphinx. Its specificity lies in its ability to aggregate files from several Git repositories to generate one or more documentation projects. Vizir is developed in Python.
CAPRICA, for Cartographie, Analyse et Prévention des Risques sur des Infrastructures Complexes Actives, is the code name for my PhD project. During these three years, I have developed several tools, some of which are presented here.
CL/I is a formally-specified, component-oriented infrastructure description language that allows to perform automated property verification on IT infrastructures. The CL/I compiler can plug to model checkers and theorem provers (it has formally-defined transformation semantics into Z3), and embeds a small runtime engine. The compiler is written in OCaml
mitre2owl is a Python tool for translating MITRE XML reference datasets (CAPEC, CVE and CWE) into expressive OWL ontologies. It uses XSD schemas to build specialized parsers for the XML data, which in turn are used to build the ontologies. mitre2owl is used to build nightly versions of the ontologies automatically with GitHub Actions.
To ensure the reproducibility of my thesis experiments, I have developed scripts to deploy a Proxmox VE hypervision cluster on Emulab.