Curriculum Vitæ
—
Florian Obser
- system administrator
- Planning, implementing, running and monitoring large scale redundant
services on UNIX based operating systems. Hands on experience with
Debian,
Red Hat,
OpenBSD and
FreeBSD.
Proficient in the usual tools: Shell, perl, python, ansible,
cfengine, puppet, salt stack, cvs, git, svn...
DNS expert: Managing forward and reverse zones, running a root
name server and running authoritative servers with hundreds of thousands
of customer zones.
Many years experience running multi node postgres and mysql
databases.
- network engineer
- Planning, implementing, running and monitoring ISP layer 2 and layer 3
networks.
Planning, implementing, running and monitoring anycasted DNS
constellations with hundreds of nodes
(k.root-servers.org).
Hands on experience with
HP,
Juniper,
Cisco and
OpenBSD.
- developer
- Experience in imperative, object oriented, functional and multi paradigm
languages. In particular having written or worked on non-trivial programs
in C, C++, perl, python, java, smalltalk, erlang, lisp and haskell.
Contributions to OpenBSD (kernel and
user-land):
- Implemented
RFC 7011
(netflow version 10, aka IPFIX) support in
pflow(4).
- Unified
traceroute(8)
and traceroute6(8) into a single code base reducing code
duplication.
- Unified ping(8)
and ping6(8) into a single code base reducing code duplication and
bringing over improvements from the IPv6 version that never made it
into the traditional ping.
- Designed and implemented
slaacd(8) a
privilege separated daemon for IPv6 stateless address
autoconfiguration. It uses
pledge(2) to
reduce attack surface further and thus increasing security.
- Moved RFC
4861 stateless address autoconfiguration from the kernel to
slaacd(8) in
user-land.
- Replaced the kame IPv6 router advertisement daemon rtadvd(8) with
rad(8), another
privilege separated and pledged daemon.
- Implemented
unwind(8), a
privilege separated validating recursive resolver for laptops. Based
on libunbound from
unbound(8),
it monitors the network to find the best resolving strategy. It can do
recursion, talk to forwarders learned from DHCP and Router
Advertisements (DNS53 or opportunistic DoT) as well as configured
forwarders (DNS53 or DoT). It detects and handles captive portals, DNS
filtering and NAT64/DNS64.
- Pulled dig(1),
host(1), and
nslookup(1)
out of the last free release of
bind9. Replaced
abstraction layers with ANSI C and POSIX intrinsics and removed about
300.000 lines of unneeded code reducing the compile time from minutes
to under 10 seconds.
- conferences
- Regular attendee of
IETF,
RIPE
meetings, DNS-OARC,
and BSDCan. Presented on
implementing
slaacd(8) and
unwind(8) at
BSDCan and FOSDEM.
Presented on DNS, DNSSEC, IPv6, and BGP deployments at various
conferences including RIPE and denic meetings.
Studied Computer Science, Mathematics and Electrical Engineering
at University Darmstadt,
Germany. Areas of interest were abstract mathematics, program
verification and programming languages.
Fluent in English and German.