Steven Lawrance: Difference between revisions

From Moonlight Design
Jump to navigation Jump to search
 
(239 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Welcome to the web site of software consultant and [http://www.mse.cs.cmu.edu/ software engineering master] '''Steven Lawrance'''. I enjoy building complete computing solutions at all levels of abstraction to automate business processes at a low cost, in a short time frame, and with high quality. Put my experience, interests, training, and expertise to work for you. Please feel free to [mailto:steven@moonlightdesign.org contact me today].
__NOTOC__


<big>'''At this moment, this page is under construction. This notice will go away by 2007-09-23'''</big>
Welcome to the web site of '''Steven Lawrance''', [http://www.mse.cs.cmu.edu/ master of software engineering (MSE)]. I enjoy building complete computing solutions at all levels of abstraction to automate business processes at a low cost, in a short time frame, and with high quality. Put my experience, interests, training, and expertise to work for you. Please feel free to [mailto:steven@moonlightdesign.org contact me today].


==Interests and Consulting Services==
<div align="center">
These areas all share a common theme of putting software to work for you, regardless of the underlying technology. For me, computing solutions are not about the technology; they are about what the technology can do for you.
<table style="text-align: left;" border="0" cellpadding="1" cellspacing="5">
<tr>
<td style="background-color: rgb(240, 240, 240); border: 2px solid rgb(90, 90, 90); padding: 3px;"><big>[[Steven Lawrance#Team software|Software Built in a Team]]</big></td>
<td style="background-color: rgb(240, 240, 240); border: 2px solid rgb(90, 90, 90); padding: 3px;"><big>[[Steven Lawrance#Software that I created|Software Built by Just Me]]</big></td>
<td style="background-color: rgb(240, 240, 240); border: 2px solid rgb(90, 90, 90); padding: 3px;"><big>[[Steven Lawrance#Employment History|Employment History]]</big></td>
<td style="background-color: rgb(240, 240, 240); border: 2px solid rgb(90, 90, 90); padding: 3px;"><big>[[Steven Lawrance#Education and Training|Education and Training]]</big></td>
</tr>
</table>
</div>


{| border="1" cellpadding="5"
'''Résumé:''' [https://www.moonlightdesign.org/steve/resume.pdf Portable document format (PDF)]
|-
|valign="top" width="50%"|<h3>Mozilla Thunderbird and Firefox extension development</h3>


*Mozilla product extensions
'''Network:''' [http://www.linkedin.com/in/meowmeow LinkedIn]
*[https://www.moonlightdesign.org/thunderforce/Main_Page Thunderforce]
*[[Teacher's Pet]]
*[https://www.moonlightdesign.org/urllock/Main_Page URL Lock]


|valign="top" width="50%"|<h3>Microsoft Windows to Linux computer and network migrations</h3>
Please feel free to ask me for more information about any project listed on this page.


[[Image:Tux.png|right]]
==Software Project Experience==


*Cost effectiveness assessments
===Team software===
*Project planning
I materially participated in the team software projects listed below:
*Training
*Migration execution
*Profile migrations using [[Home Profiler]]
*Windows application porting to Linux using [http://www.winehq.org/ Wine]


{|class="software sortable"
!Name
!Description
!Technologies
!SLOC
!Year
|-
|-
|valign="top" width="50%"|<h3>Custom software development</h3>
|[http://www.salesforce.com/ Salesforce.com]||Web-based business software platform and suite of integrated business applications. During my time at Salesforce.com, I have worked on several teams -- API, Force.com Sites, Site.com, and Platform Security. Most recently, I led the implementation of custom https domains for Salesforce's site technologies, and this included tangential work, such as the domain management screens that were added in Summer '14. I've been a go-to person for several parts of the platform, and this includes Force.com Sites, the database tier of Site.com, site publishing, custom https domains, clickjack protection, inbound and outbound https connections, the reverse proxy caching layer for sites, IPv6, and our main production feature testing tool.<br><br>At Salesforce.com's Dreamforce 2013 conference, I presented a [http://www.youtube.com/watch?v=Z7L1pSfcCJc session on the lessons learned while developing a Force.com solution] to replace an older Microsoft Access solution for the San Francisco AIDS Foundation.<br><br>Earlier at Salesforce.com, I integrated the low-level parts of Siteforce into the core Salesforce.com product; wrote Siteforce's Resin and runtime server configurations; wrote a [http://en.wikipedia.org/wiki/Cross-site_scripting cross site scripting] [http://en.wikipedia.org/wiki/Mozilla_Firefox Firefox]/[http://en.wikipedia.org/wiki/Firebug_(Firefox_extension) Firebug] extension to test proper output escaping in the manual and automated tests; improved an internal production testing tool's scheduling of tests by adding prerequisite expressions to increase test parallelization; and added per-window screenshots to an internal testing tool by extending Selenium with JNI native code.||{{Tech:Java}}, {{Tech:Ant}}, {{Tech:Selenium}}, {{Tech:JUnit}}, {{Tech:Salesforce.com}}, {{Tech:Jetty}}, {{Tech:Resin}}, {{Tech:JSP}}, {{Tech:Servlet}}, {{Tech:JNI}}, {{Tech:Win32}}, {{Tech:X11}}||large||2007-current
 
|-
*Middleware software development
|[[Reggie/CIS]]||A 200-user multi-tenant three-tiered HIV/AIDS client database system that was used by all Ryan White Foundation CARE-funded AIDS service organizations in San Francisco in collaboration with the [http://www.sfdph.org/ San Francisco Department of Public Health (DPH)] [http://www.sfdph.org/PHP/HIVHlthSvc.htm AIDS Office] and two partners to the [http://www.sfaf.org/ San Francisco AIDS Foundation (SFAF)], where I worked for about five years. I actively maintained this system with a colleague at the DPH AIDS Office and was principally responsible for maintaining the "CIS" portion of Reggie/CIS, which extended the Reggie platform with extra features that the SFAF and two other organizations used.||{{Tech:Java}}, {{Tech:VBScript}}, {{Tech:Swing}}, {{Tech:T-SQL}}, {{Tech:MS SQL Server}}, {{Tech:CVS}}, {{Tech:JavaScript}}, {{Tech:C}}, {{Tech:JNI}}, {{Tech:CORBA}}, {{Tech:IIS}}, {{Tech:COM}}, {{Tech:Win32}}||162,005||2000-2005
*Custom software development
*Software process metrics, measurements, and analysis
 
|valign="top" width="50%"|<h3>Linux, Apache, MySQL, and PHP (LAMP) solution development</h3>
 
*Maintenance and extension of existing LAMP projects
*Installation, maintenance, and extension of the following software
**MediaWiki document collaboration
**phpESP survey software
*[[Bryant University ResNet Online]]
*[[Bryant University Guest Pass]]
 
|-
|-
|valign="top" width="50%"|<h3>Java application development</h3>
|[[DonorPerfect Online]]||Donor and fundraising event management system used by the San Francisco AIDS Foundation. I migrated [http://www.aidslifecycle.org/index.html AIDS/LifeCycle] data from a [http://www.goldmine.com/micro.aspx?id=4398 Goldmine] database to the [http://www.sfaf.org/ San Francisco AIDS Foundation's] customized [http://www.donorperfect.com/ DonorPerfect Online] system using a [http://en.wikipedia.org/wiki/Test_driven_development test-driven development process] for the SQL scripts. I also contributed substantially to the bulk data entry wizard, fixed bugs throughout the system, including security holes, made all pages and [http://en.wikipedia.org/wiki/Javascript JavaScripts] operate properly in [http://en.wikipedia.org/wiki/Firefox Mozilla Firefox], and implemented strict URL filtering security using an [http://httpd.apache.org/ Apache] [http://en.wikipedia.org/wiki/Reverse_proxy reverse-proxy] and [http://en.wikipedia.org/wiki/Mod_rewrite mod_rewrite].||{{Tech:VBScript}}, {{Tech:T-SQL}}, {{Tech:MS SQL Server}}, {{Tech:JavaScript}}, {{Tech:Apache}}, {{Tech:IIS}}, {{Tech:CVS}}||97,592||2004-2005
 
*Development of Java-based web and desktop applications
*Swing and SWT graphical user interfaces
*[[Serendipity|Bosch Security Configuration Assistant]]
*[[Reggie/CIS]], including the spell-as-you-type spell checker
*Security test framework AppExchange packages in Salesforce.com
 
|valign="top" width="50%"|<h3>Software and network security</h3>
 
*Security in software development processes
*Border, network, and local system security
*Web application security
*Centralized LDAP authentication
*Encryption and certificates, including TLS and SSL
*Novell AppArmor
*Linux iptables
*Astaro Secure Linux
 
|-
|-
|valign="top" width="50%"|<h3>Building and home automation</h3>
|[[SFAF CRM]]||Customer relationship management system that was implemented by a colleague at the [http://www.sfaf.org/ San Francisco AIDS Foundation] that primarily serves the organization's [http://www.sfaf.org/volunteer/ volunteer based programs department], automates expense reports, and runs the [http://www.aidshotline.org/ California AIDS Hotline]. I enhanced the deployment system using [http://en.wikipedia.org/wiki/Concurrent_Versions_System CVS] in a web-based front-end, helped my colleague fix various bugs, and enhanced its Internet-facing security with an [http://httpd.apache.org/ Apache] [http://en.wikipedia.org/wiki/Reverse_proxy reverse-proxy] and [http://en.wikipedia.org/wiki/Mod_rewrite mod_rewrite].||{{Tech:VBScript}}, {{Tech:T-SQL}}, {{Tech:MS SQL Server}}, {{Tech:JavaScript}}, {{Tech:Apache}}, {{Tech:IIS}}, {{Tech:CVS}}||69,015||2001-2005
 
*Computer-based electrical device control
*[[Home Control]]
*[https://www.moonlightdesign.org/thunderforce/shared/Door%20lock%20example/ Door Lock]
 
|valign="top" width="50%"|<h3>Linux server configuration and maintenance</h3>
 
*Planning, installation, and maintenance of Linux servers
*Configuration and maintenance of [[Linux server services|standard and enterprise network services]]
*Creation of special-purpose FUSE filesystems, such as the [[Read-only filesystem|read-only filesystem]]
*Customized network security, filtering, and routing rules
*Active and deep knowledge of security technologies, including TLS and SSL
 
|}
 
==Software Project Experience==
 
===Team software===
I materially participated in the team software projects listed below:
{|class="software"
|[[Serendipity|Bosch Security Configuration Assistant]]||An Eclipse-based application that generates three-dimensional security plans for buildings using a rule engine and three-dimensional visualization
|-
|-
|[[Reggie/CIS]]||A large 200-user multi-tenant three-tiered system that was used by all Ryan White Foundation CARE-funded AIDS service organizations in San Francisco in collaboration with the [http://www.sfdph.org/ San Francisco Department of Public Health] [http://www.sfdph.org/PHP/HIVHlthSvc.htm AIDS Office] and two partners to the [http://www.sfaf.org/ San Francisco AIDS Foundation], where I worked for about five years
|[[Serendipity|Bosch Security Configuration Assistant]]||An Eclipse-based application that generates three-dimensional security plans for buildings using a rule engine and three-dimensional visualization. In this project, I integrated a Windows-based three-dimensional visualization program into an Eclipse view, kept our RedHat Fedora Core server and software available, secure, usable, and backed up using only one hour per week of my time on average throughout the project, and automated our data collection and reporting processes to minimize project overhead work. This group project involved four other students -- two whom also work at Salesforce.com -- and served as a laboratory for us to directly apply coursework to a software project with a real client throughout our software engineering masters' programs.||{{Tech:Java}}, {{Tech:Eclipse}}, {{Tech:UML}}, {{Tech:Ant}}, {{Tech:Bugzilla}}, {{Tech:CruiseControl}}, {{Tech:MediaWiki}}, {{Tech:Subversion}}, {{Tech:SWT}}, {{Tech:C++}}, {{Tech:JNI}}, {{Tech:Win32}}||21,274||2005-2006
|-
|-
|[[DonorPerfect Online]]||Migrated [http://www.aidslifecycle.org/index.html AIDS/LifeCycle] data from a [http://www.goldmine.com/micro.aspx?id=4398 Goldmine] database to the [http://www.sfaf.org/ San Francisco AIDS Foundation's] customized [http://www.donorperfect.com/ DonorPerfect Online] system using a test-driven development process for the SQL scripts. I also contributed substantially to the bulk data entry wizard, fixed bugs throughout the system, including security holes, and implemented strict URL filtering security using an Apache reverse-proxy and mod_rewrite
|[[Park 'N Park]]||A fault-tolerant, distributed, real-time three-tiered application for tracking parking garage usage. This was an academic project.||{{Tech:Java}}, {{Tech:CORBA}}, {{Tech:MySQL}}, {{Tech:CVS}}||2,027||2006
|-
|-
|[[Park 'N Park]]||A fault-tolerant, distributed, real-time three-tiered application for parking garage usage tracking. This was an academic project
|[[Teacher's Pet]]||Shares a tab in your Mozilla Firefox browser with one or more remote browsers, which can be useful in virtual classroom environments||{{Tech:JavaScript}}, {{Tech:Java}}, {{Tech:XUL}}, {{Tech:XPCOM}}, {{Tech:Subversion}}||1,251||2006
|-
|-
|[[Teacher's Pet]]||Shares a tab in your Mozilla Firefox browser with one or more remote browsers, which can be useful in virtual classroom environments
|[[Hulk]]||Physically navigates a maze using a customized {{Tech:Boe-Bot}}. This project involved both custom hardware and custom software as well as trade-offs between the two when implementing features.||{{Tech:BASIC Stamp}}, {{Tech:Boe-Bot}}, {{Tech:Subversion}}||784||2006
|-
|-
|[https://www.moonlightdesign.org/urllock/Configuration_editor URL Lock]||Follow-up project to [http://www.moonlightdesign.org/urllock/ IE URL Lock] that sports a configuration user interface and implements new ideas for visually disabling content on the web
|[https://www.moonlightdesign.org/urllock/Configuration_editor URL Lock]||Follow-up project to [http://www.moonlightdesign.org/urllock/ IE URL Lock] that sports a configuration user interface and implements new ideas for visually disabling content on the web||{{Tech:JavaScript}}, {{Tech:XUL}}, {{Tech:C++}}, {{Tech:XPCOM}}, {{Tech:Win32}}, {{Tech:Subversion}}||3,868||2006
|-
|-
|[[Ariesbase]]||During the Summer of 1999, I worked with Ariesnet, Inc. on creating its PHP-based Ariesbase intranet system. I mostly helped out with the back-end functionality, such as the security system and global includes, and I also created a high-level specification for an employee rating system for virtual team environments
|[[Ariesbase]]||Intranet system for Ariesnet, Inc. During the Summer of 1999, I helped shape the back-end functionality, such as the security system and global includes, and I also created a high-level specification for an employee rating system for virtual team environments.||{{Tech:PHP}}, {{Tech:MySQL}}, {{Tech:JavaScript}}, {{Tech:CVS}}||medium||1999-2000
|}
|}
<br>
<br>


===Individual software that I created===
===Software that I created===
I wrote and maintain the following software:
I wrote and maintain the following software:
{|class="software"
{|class="software sortable"
!Name
!Description
!Technologies
!SLOC
!Year
|-
|-
|[https://www.moonlightdesign.org/thunderforce/ Thunderforce]||An open-source Mozilla Thunderbird extension for Salesforce.com
|[[Home Profiler]]||Synchronizes user profile data between multiple desktop computers, regardless of the operating system. This was used at the [http://www.sfaf.org/ San Francisco AIDS Foundation] to migrate user profile data from Windows NT to Windows XP while leaving malware and spyware behind.||{{Tech:Java}}, {{Tech:C}}, {{Tech:JNI}}, {{Tech:JACOB}}, {{Tech:COM}}, {{Tech:Win32}}, {{Tech:CVS}}||5,679||2005
|-
|-
|[[Home Profiler]]||Synchronizes user profile data between multiple desktop computers, regardless of the operating system. This was used at the [http://www.sfaf.org/ San Francisco AIDS Foundation] to migrate user profile data from Windows NT to Windows XP while leaving malware and spyware behind
|[https://www.moonlightdesign.org/urllock/ IE URL Lock]||A browser helper object (BHO) that prevents users from navigating to web sites in Internet Explorer and Windows Explorer while permitting URLs that match a Perl-compatible regular expression stored in the registry||{{Tech:C++}}, {{Tech:COM}}, {{Tech:BHO}}, {{Tech:Win32}}, {{Tech:Subversion}}||1,607||2005-2012
|-
|-
|[https://www.moonlightdesign.org/urllock/ IE URL Lock]||A browser helper object (BHO) that prevents users from navigating to web sites in Internet Explorer and Windows Explorer while permitting URLs that match a Perl-compatible regular expression stored in the registry
|[[Backup system]]||Multi-platform, SSH-secured, Internet-based incremental backup system that I assembled and use to back up all computers that I manage||{{Tech:Unison}}, {{Tech:Apache}}, {{Tech:OpenSSH}}|| ||2005-2007
|-
|-
|[[Backup system]]||Multi-platform, SSH-secured, Internet-based incremental backup system that I assembled and use to back up all computers that I manage
|[[Read-only filesystem]]|||FUSE filesystem view that makes all files unconditionally read-only. I use this in my [[Backup system|backup system]] for the web-based file restore interface.||{{Tech:C}}, {{Tech:Fuse}}||241||2005-2007
|-
|-
|[[Read-only filesystem]]|||FUSE filesystem view that makes all files unconditionally read-only. I use this in my [[Backup system|backup system]] for the web-based file restore interface
|[[Serendipity Time Tracking Tool]]||A two-tier software team time tracking tool used by [[Serendipity|Team Serendipity]] while designing and building the [[Serendipity|Bosch Security Configuration Assistant]]. It was rapidly developed using Microsoft Access 2003 as the front-end user interface, MySQL 5 as the back-end database, and SSH as the MySQL connection tunnel.||{{Tech:VBA}}, {{Tech:Microsoft Access}}, {{Tech:MySQL}}, {{Tech:OpenSSH}}||small||2006
|-
|-
|[http://pam-cuecat.sourceforge.net/ PAM CueCat Module]||Turns the CueCat barcode scanner into a pluggable authentication module (PAM) library, permitting logins with bar code scans
|[https://gnucashtoqif.us/ GnuCash to QIF]||Converts a GnuCash XML file into a QIF or an IIF file||{{Tech:Java}}, {{Tech:Xerces}}||2,274||2002-2007
|-
|-
|[http://gnucashtoqif.sourceforge.net/ GnuCash to QIF]||Converts a GnuCash XML file into a QIF file
|[[PDF Access Reports]]||Web-based PDF reports using Microsoft Access, a customized PHP build to run as a COM server, and a custom-built COM object for use by ASP on the reporting server. This was a component of [[Reggie/CIS|Reggie/CIS's]] reporting system.||{{Tech:PHP}}, {{Tech:COM}}, {{Tech:C++}}, {{Tech:Sockets}}, {{Tech:VBA}}, {{Tech:ASP}}, {{Tech:Access}}||651||2002-2005
|-
|-
|[https://www.moonlightdesign.org/thunderforce/shared/Door%20lock%20example/ Door Lock]||Specification (not an implementation) of a secure residential door real-time, embedded software system that uses electronic locks, secure entry, easy exiting, and alarm state awareness to securely and efficiently manage a door
|[[PDFFile and InvokeAsUser]]||Enables easy portable document format (PDF) file generation on Windows computers when used with AFPL GhostScript and RedMon||{{Tech:C}}, {{Tech:Win32}}||396||2005
|-
|-
|[https://www.moonlightdesign.org/steve/SpellChecker.pdf Swing Inline Spell Checker]||Inline spell checker that plugs into Swing's look-and-feel system. This was used in [[Reggie/CIS]] as its distributed spell checker with [http://aspell.net/ GNU Aspell] running on the server
|[[SFAF VPN Client]]||Connects a [http://en.wikipedia.org/wiki/Microsoft_windows Microsoft Windows] 2000 or XP computer to the [http://www.sfaf.org/ San Francisco AIDS Foundation's] [http://en.wikipedia.org/wiki/Vpn virtual private network (VPN)] by using the built-in [http://en.wikipedia.org/wiki/Ipsec IPsec] and [http://en.wikipedia.org/wiki/Pptp PPTP] capabilities in Windows. Each client computer is secured with a machine-unique [http://en.wikipedia.org/wiki/Public-key_cryptography public/private key], and users are authenticated against the [http://en.wikipedia.org/wiki/Windows_Server_domain NT domain] using PPTP over the IPsec connection.||{{Tech:C}}, {{Tech:Win32}}, {{Tech:Java}}, {{Tech:Swing}}, {{Tech:CVS}}||2,623||2003-2005
|-
|-
|[http://dirlist.sourceforge.net/ DirList2]||User directory system that runs as a CGI to serve up user lists, search, and synchronize with the operating system's user database. When used with DirList2ODBC, the ODBC driver that I wrote for DirList2, the entire DirList2 system becomes a SQL-compliant database system within the limits of the DirList2 Server. This project began in January of 1998 (simply "DirList" at that time) and is still updated to this day on occasion. Bryant University continues to use this program for their student web site list
|[https://www.moonlightdesign.org/thunderforce/shared/Door%20lock%20example/ Door Lock]||Specification (not an implementation) of a secure residential door real-time, embedded software system that uses electronic locks, secure entry, easy exiting, and alarm state awareness to securely and efficiently manage a door||{{Tech:Javelin}}||0||2006
|-
|-
|[[FAT Recover]]||Manual FAT filesystem recovery tool that I made to help with manual floppy disk recoveries and to salvage my dad's laptop when Windows totally crashed
|[https://www.moonlightdesign.org/steve/SpellChecker.pdf Swing Inline Spell Checker]||Inline spell checker that plugs into Swing's look-and-feel system. This was used in [[Reggie/CIS]] as its distributed spell checker with [http://aspell.net/ GNU Aspell] running on the server.||{{Tech:Java}}, {{Tech:Swing}}, {{Tech:CORBA}}, {{Tech:Aspell}}||2,859||2002-2005
|-
|-
|[[Bryant PRIDE web site]]||In the Fall of 1997, when I was a freshman at Bryant, I greatly enhanced Bryant PRIDE's site with several pages and JavaScripts. Over time, the site moved from static HTML to ASP to PHP
|[https://www.moonlightdesign.org/dirlist/ DirList]||User directory system that runs as a CGI to serve up user lists, search, and synchronize with the operating system's user database. When used with [http://www.moonlightdesign.org/dirlist DirList2ODBC], the ODBC driver that I wrote for DirList2, the entire DirList2 system becomes a [http://en.wikipedia.org/wiki/Sql structured query language (SQL)]-compliant database system within the limits of the [https://www.moonlightdesign.org/dirlist/doc/server/ DirList2 Server]. This project began in January of 1998 and is actively patched for any security issues that arise. [http://www.bryant.edu/ Bryant University] continues to use this program for their [http://web.bryant.edu/forhelp/pointer.html student web site list].||{{Tech:C++}}, {{Tech:C}}, {{Tech:Sockets}}, {{Tech:ODBC}}, {{Tech:Linux}}, {{Tech:Win32}}, {{Tech:VBA}}, {{Tech:Access}}||8,268||1999-2007
|-
|-
|[[ResNet Online]]||I rewrote the old site for ease of use with more capabilities. Automatic port registration and heavy database integration saved the ResNet program a substantial amount of time while greatly improving customer/student satisfaction. Read the History page for more information
|[https://www.moonlightdesign.org/dirlist/ DirList2ODBC]||[http://en.wikipedia.org/wiki/Odbc ODBC] 2.0 compliant driver written for the [https://www.moonlightdesign.org/dirlist/ DirList] server. This driver is primarily used with [http://en.wikipedia.org/wiki/Microsoft_access Microsoft Access], but can also be used from other ODBC client applications, such as [http://en.wikipedia.org/wiki/Spss SPSS].||{{Tech:C++}}, {{Tech:Win32}}, {{Tech:Sockets}}, {{Tech:ODBC}}||12,671||1999-2000
|-
|-
|[[ActiveMail]]||Back when I used to do ASP, I wrote a SMTP / POP3 / FTPAuth object so that I could send mail
|[https://www.moonlightdesign.org/pam-cuecat/ PAM CueCat Module]||Turns the CueCat barcode scanner into a pluggable authentication module (PAM) library, permitting logins with bar code scans||{{Tech:C}}, {{Tech:PAM}}, {{Tech:Linux}}, {{Tech:CueCat}}||285||2000
|-
|-
|[[CPU ID]]||A very simple program that returns info on the CPU that it happens to execute on
|[[Home Control]]||The project that marked my first significant work towards complete home and office automation systems||{{Tech:C}}, {{Tech:Win32}}, {{Tech:Serial}}, {{Tech:CP290}}||2,270||1996,1998
|-
|-
|[[DirList2ODBC]]||ODBC 2.0-compliant driver written for the DirList2 Server
|[[ResNet Online]]||I rewrote the old site for ease of use with more capabilities. Automatic port registration and heavy database integration saved the ResNet program a substantial amount of time while greatly improving customer/student satisfaction.||{{Tech:PHP}}, {{Tech:SNMP}}, {{Tech:MySQL}}, {{Tech:PHPLib}}||4,572||1999-2001
|-
|-
|[[Disk Imager]]||Read, write, verify, and erase entire disks into/from raw image files. Similar to rawrite.exe, but actually works in Windows NT. Actually, Disk Imager only works in Windows NT/2000 due to how it opens the selected disk
|[[FAT Recover]]||Manual FAT filesystem recovery tool that I made to help with manual floppy disk recoveries and to salvage my dad's laptop when Windows totally crashed||{{Tech:C}}, {{Tech:Linux}}||246||2000
|-
|-
|[[EzMIDI32]]||A 32-bit version of the ScreenWindow+EasyMIDI libraries that I wrote for Grapevine High School
|[[Bryant PRIDE web site]]||Web site for the [http://web.bryant.edu/~pride/ Bryant PRIDE] LGBT group. In the Fall of 1997, when I was a freshman at [http://www.bryant.edu/ Bryant University], I greatly enhanced the web site with several pages and JavaScripts. This also included a JavaScript-driven background {{Tech:MIDI}} music jukebox in a [http://en.wikipedia.org/wiki/Pop-under pop-under], which was unique for a web site at that time. While I was the web site's maintainer, it moved from static {{Tech:HTML}} to {{Tech:ASP}} and then to {{Tech:PHP}}.||{{Tech:JavaScript}}, {{Tech:PHP}}, {{Tech:VBScript}}, {{Tech:ASP}}||3,681||1997-2000
|-
|-
|[[Home Control]]||The project that marked my first significant work towards complete home and office automation systems
|[[ActiveMail]]||Provides SMTP email sending, POP3 email downloading, and FTP authentication services to {{Tech:ASP}}, {{Tech:VisualBasic}}, and other {{Tech:COM}}-consuming programs||{{Tech:C++}}, {{Tech:COM}}, {{Tech:Win32}}, {{Tech:VisualBasic}}||4,691||1998-2000
|-
|-
|[[LPD]]||Written for GCISD to allow employees to send AS/400 printouts to their local Windows printers. I wrote the piece that translates HP DeskJet 500 compatible instructions into a Windows GDI context, back in the good 'old days when printer manuals documented their control codes
|[[CPU ID]]||A very simple program that displays information about the CPU that it happens to execute on||{{Tech:C}}, {{Tech:x86 Assembler}}, {{Tech:Win32}}||111||1999
|-
|-
|[[PortProxy]]||Program I wrote in college so that I could run servers from behind a firewall. When I put Linux on resnet.bryant.edu, I no longer needed this program, but it's still cool if you have Windows NT/2000 or 95/98
|[[Disk Imager]]||Reads, writes, verifies, and erases entire disks into/from [http://en.wikipedia.org/wiki/Disk_image raw image files]. This is similar in principle to [http://www.tux.org/pub/dos/rawrite/ rawrite.exe], but Disk Imager implements a graphical user interface.||{{Tech:C}}, {{Tech:Win32}}||520||1998
|-
|-
|[[ScreenWindowX]]||An ActiveX version of ScreenWindow that I created during the ActiveX hype
|[[EzMIDI32]]||A 32-bit version of the ScreenWindow+EasyMIDI libraries that I wrote for Grapevine High School||{{Tech:C++}}, {{Tech:Win32}}||854||1998
|-
|-
|[[Trig Grapher]]||My first multithreaded Win32 program that I wrote in high school for fun
|[[LPD]]||Written for the [http://www.gcisd-k12.org/ Grapevine-Colleyville Independent School District (GCISD)] to allow employees to send [http://en.wikipedia.org/wiki/AS/400 AS/400] printouts to their local Windows printers. I wrote the piece that translates HP DeskJet 500 compatible instructions into a Windows GDI context.||{{Tech:C}}, {{Tech:Win32}}||1,850||1996-1998
|-
|-
|[[256-Color SDK]]||Library that I wrote a while ago to easily manage 256-color bitmaps on 256-color displays
|[[PortProxy]]||[http://en.wikipedia.org/wiki/Transmission_Control_Protocol TCP] connection forwarding [http://en.wikipedia.org/wiki/Windows_service service] that I wrote in college so that I could run servers from behind a firewall. When I put Linux onto resnet.bryant.edu, I no longer needed this program, but it's still cool if you are running [http://en.wikipedia.org/wiki/Microsoft_Windows Windows]. I also wrote a version that runs as a [http://en.wikipedia.org/wiki/System_tray system tray] application in [http://en.wikipedia.org/wiki/Windows_95 Windows 95].||{{Tech:C}}, {{Tech:Win32}}, {{Tech:Sockets}}||1,461||1999
|-
|-
|[[AudioCD Pictures]]||Displays predefined pictures as a playing CD reaches predefined moments
|[[ScreenWindowX]]||An {{Tech:ActiveX}} version of [[ScreenWindow]] that I created during the ActiveX hype. This gives [http://en.wikipedia.org/wiki/Internet_Explorer Internet Explorer] pages, [http://en.wikipedia.org/wiki/Component_Object_Model COM] clients, and [http://en.wikipedia.org/wiki/.NET_Framework .NET] applications an easy-to-use text console user interface control.||{{Tech:C++}}, {{Tech:COM}}, {{Tech:Win32}}, {{Tech:ActiveX}}||1,614||1998
|-
|-
|[[BBS Ads]]||Simply a program that can advertise bulletin board systems, when they used to be popular
|[https://www.moonlightdesign.org/kjmouse/ KJMouse]||Busy cursor for {{Tech:Java}} that is similar to the launch feedback in [http://en.wikipedia.org/wiki/KDE KDE] 2.2||{{Tech:Java}}, {{Tech:JNI}}, {{Tech:Win32}}, {{Tech:X11}}, {{Tech:Cocoa}}||736||2001-2004
|-
|-
|[[Bids-to-ASP]]||Converts American Airlines bidsheet files into Procomm Plus for DOS ASPect scripts
|[[CatSetup]]||Scriptable install and uninstall utility for [http://en.wikipedia.org/wiki/Windows_3.1 16-bit Windows] that I wrote in the mid-1990s to ease the distribution of my software. Most of my software from 1994 to 2000 used CatSetup. I eventually switched to using [http://en.wikipedia.org/wiki/Nullsoft_Scriptable_Install_System NSIS] and, later, [http://dennisbareis.com/makemsi.htm MAKEMSI].||{{Tech:C}}, {{Tech:Win16}}||3,676||1994-1998
|-
|-
|[[CatSetup16]]||Install/uninstall utility that I made a while ago so that I could distribute my programs easily
|[[Trig Grapher]]||Plots [http://en.wikipedia.org/wiki/Trigonometry trigonometric functions] in a window. This was my first [http://en.wikipedia.org/wiki/Thread_%28computer_science%29 multi-threaded] {{Tech:Win32}} program, which I wrote in high school for fun. I later back-ported it to {{Tech:Win16}}.||{{Tech:C}}, {{Tech:Win32}}, {{Tech:Win16}}||1,441||1995-1996
|-
|-
|[[Horses]]||A fun horse racing game that I made a long time ago
|[[256-Color SDK]]||Library that I wrote a to easily manage 256-color bitmaps on 256-color displays||{{Tech:C}}, {{Tech:Win16}}||704||1994
|-
|-
|[[KittyCat! Comm]]||Communications program with internetworking in mind. This was never finished, but it had some interesting ideas that I later found out existed in TCP/IP
|[[AudioCD Pictures]]||Displays predefined pictures as a playing CD reaches predefined moments||{{Tech:C}}, {{Tech:Win16}}||550||1994
|-
|-
|[[MCI SendString]]||Allows users to work with the Media Control Interface directly rather than through point-and-clicking
|[[BBS Ads]]||Simply a program that can advertise bulletin board systems, when they used to be popular||{{Tech:C}}, {{Tech:Win16}}||258||1993-1994
|-
|-
|[[MeowyMIDI]]||A sound font with cat meows and purrs. Includes several example MIDIs that use it
|[[Bids-to-ASP]]||Converts American Airlines bidsheet files into Procomm Plus for DOS ASPect scripts||{{Tech:C}}, {{Tech:Win16}}||562||1994
|-
|-
|[[PCL Page]]||Manipulate PCL-compliant printers with this nifty utility that works in both Win16 and DOS (the DOS program is linked into the Win16 as its DOS stub)
|[[Horses]]||A fun horse racing strategy game for Windows||{{Tech:C}}, {{Tech:Win16}}||3,348||1995,1997
|-
|-
|[[ScreenWindow]]||Win16 console and MIDI library that I wrote so that students at Grapevine High School in Computer Science I classes could use MIDI in their music projects using Borland's Turbo Pascal. They now teach C++, and I subsequently made a 32-bit version of the library but this time using Win32's native console rather than my own
|[[KittyCat! Comm]]||[http://en.wikipedia.org/wiki/Bulletin_board_system Bulletin board system (BBS)] communications program with a [http://en.wikipedia.org/wiki/Dynamic_Data_Exchange dynamic data exchange (DDE)] based [http://en.wikipedia.org/wiki/Application_programming_interface application programming interface (API)] and support for [http://en.wikipedia.org/wiki/ANSI_escape_code ANSI text] and [http://en.wikipedia.org/wiki/Remote_imaging_protocol RIPscrip graphics]. This was never finished due to the Internet and the World Wide Web making it obsolete.||{{Tech:C}}, {{Tech:Win16}}||8,166||1994-1995
|-
|-
|[[SLOS-Win]]||Windows-based interpreter for SLOS, a crazy operating environment that I made a while ago
|[[MCI SendString]]||Allows users to work with the [http://en.wikipedia.org/wiki/Media_Control_Interface Microsoft Windows media control interface (MCI)] with text rather than through pointing and clicking||{{Tech:C}}, {{Tech:Win16}}||212||1994
|-
|-
|[[AriesType]]||A typing program that I made while a freshman at Grapevine Junior High School (the 9th grade was in a separate school from the high school. That building is now Cross-Timbers Middle School, and grades 9-12 attend the high schools now)
|[[MeowyMIDI]]||A [http://en.wikipedia.org/wiki/SoundFont 1.0 sound font] with cat meows and purrs for [http://en.wikipedia.org/wiki/Sound_Blaster Sound Blaster] AWE32 and AWE64 audio cards||{{Tech:SoundFont}}, {{Tech:MIDI}}||0||1994-1995
|-
|-
|[[GlobalXMS]]||A small XMS memory manager that uses Windows-like memory manipulation functions (the XMS code itself was taken from Paul Chang's open-source XMMLIB.CPP)
|[[PCL Page]]||Manipulate [http://en.wikipedia.org/wiki/Printer_Command_Language PCL]-compliant printers with this utility that works in both {{Tech:Win16}} and {{Tech:DOS}}||{{Tech:C}}, {{Tech:Win16}}, {{Tech:DOS}}||196||1995
|-
|-
|[[IntMap]]||A small image library that I wrote for a Pascal project in high school to provide blt-like operations in DOS
|[[ScreenWindow]]||Text console and {{Tech:MIDI}} library for {{Tech:Win16}} that I wrote so that students at [http://www.gcisd-ghs.org/ Grapevine High School] in first-year computer science class could use MIDI in their music projects using [http://en.wikipedia.org/wiki/Turbo_Pascal Borland's Turbo Pascal]. When they switched to teaching {{Tech:C++}}, I made a 32-bit version of the library that used {{Tech:Win32}}'s native console rather than my own.||{{Tech:C++}}, {{Tech:C}}, {{Tech:Pascal}}, {{Tech:Win16}}, {{Tech:Win32}}, {{Tech:MIDI}}||2,953||1996-1997
|-
|-
|[[Jingle Bells]]||A musical project that I did during the first year of Computer Science in high school
|[[AriesType]]||A [http://en.wikipedia.org/wiki/Touch_typing touch typing] education program that I made while I was a freshman in high school. It tied into the local [http://en.wikipedia.org/wiki/Novell_Netware Novell NetWare] network to be a multi-user application with different capabilities given to students, teachers, and system operators. AriesType also included basic local email and paging capabilities.||{{Tech:BASIC}}, {{Tech:DOS}}||4,364||1993-1994
|-
|-
|[[SLOS-DOS]]||The original implementation of SLOS and the most correct (the Windows version has some problems)
|[[IntMap]]||A small image library that I wrote for a Pascal project in high school to provide image drawing, movement, and rotation operations in DOS||{{Tech:Pascal}}, {{Tech:DOS}}, {{Tech:C}}||1,797||1995,1998
|-
|-
|[[TSNHead]]||An online service charger that split the costs of using The Sierra Network (TSN) among my brothers and I. Should work with others such as Prodigy, but with today's unlimited access plans, this program is no longer relevant
|[[Jingle Bells]]||A first-year computer science course project to visually and audibly play a [http://en.wikipedia.org/wiki/Christmas_song traditional December holiday song], which I later ported to Windows using [[ScreenWindow]]||{{Tech:Pascal}}, {{Tech:DOS}}, {{Tech:C}}, {{Tech:Win16}}, {{Tech:Win32}}, {{Tech:MIDI}}||611||1994,1996
|-
|-
|[[Animation Master]]||Really lame animation program that I made for SLOS
|[[SLOS-DOS]]||A small interpreted toy operating environment written in BASIC for DOS. Programs are written in a trivial and limited scripting language.||{{Tech:BASIC}}, {{Tech:DOS}}||1,277||1993
|-
|-
|[[FAT Checker]]||Think of it as a /sbin/fsck for SLOS FATs
|[[SLOS-Win]]||Windows version of [[SLOS-DOS|SLOS]], a small interpreted toy operating environment written in BASIC for DOS. Programs are written in a trivial and limited scripting language.||{{Tech:C++}}, {{Tech:Win16}}||1,679||1993
|-
|-
|[[SLOS Modem]]||File transfer utility for SLOS and DOS
|[[TSNHead]]||Kept track of how much time my brothers and I spent on [http://en.wikipedia.org/wiki/The_Sierra_Network The Sierra Network (TSN)]||{{Tech:BASIC}}, {{Tech:DOS}}||291||1992
|-
|-
|[[TrackTrek]]||A track meet program that "keeps track" of events and allows others to view scores in realtime. This was never finished, but I have the source code available for download if you want to finish it or use bits and pieces
|[[TrackTrek]]||A track meet program that "keeps track" of events and allows others to view scores in realtime. This was my first {{Tech:Java}} program. This was more of a self-driven academic exercise as the project was never finished.||{{Tech:Java}}, {{Tech:AWT}}||3,690||1996-1998
|-
|-
|[http://kjmouse.sourceforge.net/ KJMouse]||Busy cursor similar to KDE 2.2's cursor for Java
|[https://www.moonlightdesign.org/thunderforce/ Thunderforce]||An open-source Mozilla Thunderbird extension for Salesforce.com. This project is now abandoned due to other priorities and interests.||{{Tech:JavaScript}}, {{Tech:XPCOM}}, {{Tech:C++}}, {{Tech:XUL}}, {{Tech:Subversion}}, {{Tech:MediaWiki}}||5,411||2007-2009
|}
|}
<br>
<br>
Line 200: Line 159:
===Software and project contributions===
===Software and project contributions===
I contributed to the following projects:
I contributed to the following projects:
{|class="software"
{|class="software sortable"
|[http://www.mozilla.org/ Mozilla]||[https://www.moonlightdesign.org/startfirefox/ Workaround code] for a shutdown bug in Firefox ([https://bugzilla.mozilla.org/show_bug.cgi?id=239223 bug 239223]) and helped others find the cause of a [https://bugzilla.mozilla.org/show_bug.cgi?id=245742 NTLM authentication crash] in a pre-Firefox build
!Name
!Description
!Technologies
!SLOC
!Year
|-
|[http://www.mozilla.org/ Mozilla]||[https://www.moonlightdesign.org/startfirefox/ Workaround code] for a shutdown bug in Firefox ([https://bugzilla.mozilla.org/show_bug.cgi?id=239223 bug 239223]) and helped others find the cause of a [https://bugzilla.mozilla.org/show_bug.cgi?id=245742 NTLM authentication crash] in a pre-Firefox build|| ||156||2005
|-
|-
|[http://www.samba.org/ Samba]||[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134570 Patch] to allow the use of 32-bit user and group IDs in smbmnt
|[http://www.samba.org/ Samba]||[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134570 Patch] to allow the use of 32-bit user and group IDs in smbmnt|| ||11||2004
|-
|-
|[http://pan.rebelbase.com/ Pan]||Contributed a small multi-threaded bugfix to a function that was crashing on several important dialog boxes in version 0.6.3.
|[http://pan.rebelbase.com/ Pan]||Contributed a small multi-threaded bugfix to a function that was crashing on several important dialog boxes in version 0.6.3|| ||small||1999
|-
|-
|[http://www.php.net/ PHP]||Contributed the snmpset() function to PHP 3.0.12 and PHP4 Beta2 so that ResNet Online could turn on the ResHall ports when students registered their computers
|[http://www.php.net/ PHP]||Contributed the [http://us.php.net/snmpset snmpset()] function to [http://cvs.php.net/viewvc.cgi/php3/functions/?pathrev=php_3_0_12 PHP 3.0.12] and [http://cvs.php.net/viewvc.cgi/php-src/ext/snmp/?pathrev=php_4_0b2-2 PHP4 Beta2] so that [[ResNet Online]] could turn on the ResHall ports when students registered their computers||{{Tech:C}}, {{Tech:Net-SNMP}}, {{Tech:CVS}}||172||1999
|-
|-
|[http://spruce.sourceforge.net/ Spruce]||Contributed several small usability patches and a fix for a thread-based crash that brought down Spruce while checking messages in previous versions
|[http://spruce.sourceforge.net/ Spruce]||Contributed several small usability patches and a fix for a thread-based crash that brought down Spruce while checking messages in previous versions||{{Tech:C}}, {{Tech:GLib}} threads, {{Tech:GTK+}}||200||2000
|-
|-
|[http://www.bryant.edu/ Bryant University]||During the Spring of 1998, I enhanced Bryant's main page with rollovers and images. Other miscellaneous pages were also updated, and the DirList project was started originally as a web directory for Bryant
|[http://www.opensuse.org/ Novell openSUSE]||Fixed bugs related to [https://bugzilla.novell.com/show_bug.cgi?id=343891 LVM on a USB boot drive] and [https://bugzilla.novell.com/show_bug.cgi?id=410736 J-Pilot thinking that the username is always wrong on 64-bit platforms], and added a [https://bugzilla.novell.com/show_bug.cgi?id=328116 workaround for Bluetooth DUND issues]. [https://bugzilla.novell.com/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&long_desc_type=fulltext&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=anywords&keywords=&emailassigned_to1=1&emailreporter1=1&emailinfoprovider1=1&emailcc1=1&emaillongdesc1=1&emailtype1=exact&email1=novell%40moonlightdesign.org&emailassigned_to2=1&emailreporter2=1&emailqa_contact2=1&emailcc2=1&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0= Full bug list].||{{Tech:C}}||small||2007-2008
|-
|-
|[http://www.salesforce.com/ Salesforce.com]||Built a security testing framework for [http://www.salesforce.com/appexchange/ AppExchange] package security, enhanced an internal testing tool's user interface, helped resolve customer cases related to using the [http://wiki.apexdevnet.com/index.php/Web_Services_API application programming interface] (API) with TLS and SSL security, and ensured that new releases of the core product did not break older API versions
|[http://www.bryant.edu/ Bryant University]||During the Spring of 1998, I enhanced Bryant's main page with rollovers and images. Other miscellaneous pages were also updated, and the [http://www.moonlightdesign.org/dirlist/ DirList] project was started originally as a web directory for Bryant.||{{Tech:JavaScript}}, {{Tech:HTML}}||small||1998-1999
|}
|}
<br>
<br>
Lines of code were computed using [http://www.dwheeler.com/sloccount/ SLOCCount] and, for extensions not supported by SLOCCount, <code>find . -iname \*\\.js -print0 -or -iname \*\\.bs2 -print0 -or -iname \*\\.idl -print0 -or -iname \*\\.asp -print0 -or -iname \*\\.clp -print0 -or -iname \*\\.xul -print0 -or -iname \*\\.bas -print0 -or -iname \*\\.exc -print0| xargs -0 -Ixxx cat xxx| grep "[a-zA-Z0-9]"|wc -l</code>. SLOC counts that relate to San Francisco AIDS Foundation software that has not been made open-source were computed during my final months of employment; Carnegie Mellon University asked for those numbers as part of the admission process. Generated code is excluded from the SLOC counts. With generated code, such as the [[Reggie/CIS]] code generated from [http://java.sun.com/j2se/1.4.2/docs/guide/rmi-iiop/toJavaPortableUG.html idlj], the SLOC counts balloon significantly.
==Employment History==
===[http://www.salesforce.com/ Salesforce.com]===
*'''Senior Member of the Technical Staff: [http://developer.force.com/sites Force.com Sites], Core Infrastructure, Security, and [http://wiki.developerforce.com/index.php/Web_Services_API API] Teams'''
*January 2007 to present
*'''Accomplishments'''
**Brought attention to specific [http://en.wikipedia.org/wiki/Cross-site_scripting cross-site scripting (XSS)] vulnerabilities by writing a Firefox Firebug extension that looked for improper string escaping in a test org that had been specially populated with attack strings by another tool and having quality engineers from every functional team test the system with the Firebug extension running. This led to the identification and resolution of a large number of vulnerabilities, thus making Salesforce.com even more secure. A security research firm later commended Salesforce.com's security, saying that they couldn't find any XSS or cross site request forgery (CSRF) vulnerabilities, despite looking for them over the course of several days.
**Championed an improvement to an anti-phishing feature's design successfully, and that improvement is patent-pending
**Resolved customer cases related to the [http://wiki.apexdevnet.com/index.php/Web_Services_API application programming interface] (API) and [http://en.wikipedia.org/wiki/Secure_Sockets_Layer secure sockets layer] (SSL), quickly becoming a go-to person for HTTPS and SSL
**Improved an internal production testing tool's scheduling of tests by adding prerequisite expressions to increase test parallelization
**Built the initial security testing framework for [http://wiki.apexdevnet.com/index.php/Partner_Access_Controls package access controls], which helped quickly bring that feature to market with confidence in its quality and security
**Designed and began to implement a Thunderbird add-on for Salesforce.com: [https://www.moonlightdesign.org/thunderforce Thunderforce]
**Enhanced the user interface of, added Apache Ant build files to, significantly improved the configuration system of, and added multiple-window browser screenshots to an internal production testing tool that is used by multiple teams
**Created and automated anti-phishing and security test scenarios
**Automated HTTPS troubleshooting with an internal utility for support representatives that substantially reduced the number of escalated HTTPS cases
**Ensured that new releases of the core product did not break older API versions through gold files and automated testing
**Established a methodology for determining equivalence partition coverage in the test cases for the [http://www.salesforce.com/us/developer/docs/api/Content/sforce_api_calls_soql.htm Salesforce.com object query language (SOQL)]
**Assisted developers and quality engineers with installing and maintaining [http://www.opensuse.org/ Novell openSUSE Linux] on their primary desktops
===[http://www.sfaf.org/ San Francisco AIDS Foundation]===
*'''Database Administrator and Software Engineer'''
*September 2000 to July 2005
*'''Accomplishments'''
**Maintained a [[Reggie/CIS|large 200-user multi-tenant three-tiered system]] used by all Ryan White CARE-funded AIDS service organizations in San Francisco in collaboration with the Department of Public Health AIDS Office of San Francisco and two direct partners. That involved all aspects of the software development lifecycle as well as server and client deployments, network maintenance, and top-tier user support.
**Gathered requirements for new features collaboratively with stakeholders, designed those features, coded them, tested them, and deployed them
**Assisted the other database administrator with the foundation's customized [[SFAF CRM|customer relationship management]] (CRM) and [[DonorPerfect Online|donor relationship management]] systems
**Implemented large parts of the data conversion and customization of the Foundation's purchased donor relationship management system
**Secured the Internet-facing presence of the donor relationship management system using a locked-down Apache configuration and strict URL regular expressions
**Obviated a need for Crystal Reports by implementing web-based [[PDF Access Reports|PDF reports]] using Microsoft Access, a customized PHP build to run as a COM server, and a custom-built COM object for use by ASP on the reporting server, saving a significant amount of money
**Migrated client operating system data during the Windows XP transition using a [[Home Profiler|multi-platform profile migration tool]] that I wrote
**Planned, deployed, and provided training for Mozilla Firefox as the default web browser to all foundation users and created [https://www.moonlightdesign.org/urllock IE URL Lock] for business-related sites that only worked in Internet Explorer
**Evaluated, purchased, and managed the licenses of software related to Reggie/CIS
**Maintained the Cisco network equipment, including the PIX firewall's access control lists (ACLs) and routers' virtual local area network (VLAN) ACLs
**Cut unsolicited commercial email (UCE or SPAM) drastically and added virtual private networking (VPN) using Astaro Secure Linux (ASL) in the demilitarized zone (DMZ) behing the Cisco PIX firewall
**Administered databases, servers, and the organization's backup system
===[http://www.ariesnet.com/ Ariesnet]===
*'''Intranet Developer'''
*May 1999 to August 1999 and May 2000 to July 2000
*'''Accomplishments'''
**Developed specifications for a statistical employee rating system to help Ariesnet move towards building teams of virtual at−home employees
**Helped Ariesnet build their secure intranet system using PHP and MySQL
**Administered the intranet system's Linux server as well as the development test server using the CVS versioning software
===[http://www.bryant.edu/ Bryant University]===
*'''ResNet Consultant'''
**January 1999 to May 2000
**'''Accomplishments'''
***Shortened residence hall computer registration port activation turnaround times from two weeks to one second with a [[ResNet Online|custom-written Linux-based PHP web site]]
***Provided in-person network and computer support to students living in the university's residence halls
*'''Internet Developer'''
**January 1998 to May 1998 and September 1998 to May 1999
**'''Accomplishments'''
***Implemented the university’s first web-based faculty and student directory using the common gateway interface (CGI)
***Wrote an ODBC driver and Microsoft Access database for its administration. This lives on as the [https://www.moonlightdesign.org/dirlist/ DirList2] open-source project
===[http://www.gcisd-k12.org/ Grapevine-Colleyville Independent School District]===
*'''Student Intern'''
*January 1996 to August 1997
*'''Accomplishments'''
**Provided hardware and software support, winning an employee award for exceptional service
**Worked with wide-area network configurations
**Wrote a [[LPD|networked printer driver]] to save thousands of dollars in licenses by allowing printing from their AS/400s to local printers


==Education and Training==
==Education and Training==


===Carnegie Mellon University===
===[http://www.cmu.edu Carnegie Mellon University]===
*'''Master of Software Engineering''', Institute of Software Research
*'''[http://www.mse.cs.cmu.edu/ Master of Software Engineering]''', [http://www.isri.cmu.edu/index.jsp Institute of Software Research]
*Pittsburgh, PA
*[http://en.wikipedia.org/wiki/Pittsburgh%2C_Pennsylvania Pittsburgh, Pennsylvania]
*'''Graduation:''' December 2006
*'''Graduation:''' December 2006
*'''Masters group project:''' [[Serendipity|Bosch Security Configuration Assistant]], which is an Eclipse-based application that generates three-dimensional security plans for buildings using a rule engine and three-dimensional visualization
*'''Masters group project:''' [[Serendipity|Bosch Security Configuration Assistant]], which is an [http://www.eclipse.org/ Eclipse-based] application that generates three-dimensional security plans for buildings using the [http://en.wikipedia.org/wiki/Jess_programming_language Jess] [http://en.wikipedia.org/wiki/Rule_engine rule engine] and three-dimensional visualization
*'''Project roles:''' Planning manager, software process manager, project risk manager, technology support manager, and quality manager
*'''Project roles:''' Technology support manager and, via rotation, planning manager, software process manager, project risk manager, and quality manager
*'''Focus areas studied:''' Fault tolerant, distributed, real-time systems; software project management; formal models and analysis of software systems; software architecture; and software requirements elicitation methods
*'''Focus areas studied:''' Fault tolerant, distributed, real-time systems; software project management; formal models and analysis of software systems; software architecture; and software requirements elicitation methods
*'''Accomplishments'''
*'''Accomplishments'''
**As a team, we met and exceeded our client's original picture of success by the end of the project's one-year time frame
**As a team, we met and exceeded our client's original picture of success by the end of the project's one-year time frame.
**I reduced the status meeting data collection time to less than 30 minutes through automation and used historical data to reduce our estimation error
**I reduced the status meeting data collection time to less than 30 minutes through automation and used historical data to reduce our estimation error.
**As the support manager, I kept our server and software available, secure, usable, and backed up using only one hour per week of my time on average throughout the project
**As the support manager, I kept our [http://fedoraproject.org/ RedHat Fedora Core] server and software available, secure, usable, and backed up using only one hour per week of my time on average throughout the project.
*'''Quality point average:''' Graduated with 4.03 out of 4.00, which is a weighted GPA, due to earning several A+ grades
*'''[http://www.cmu.edu/hub/reg/grading.html Quality point average]:''' Graduated with 4.03 out of 4.00, which is a weighted grade point average (GPA), due to earning several A+ grades


===Bryant University===
===[http://www.bryant.edu/ Bryant University]===
*'''Bachelor of Science in Business Administration'''
*'''[http://www.bryant.edu/wps/wcm/connect/Bryant/Academics/Undergraduate%20Programs/ Bachelor of Science in Business Administration]'''
*Smithfield, RI
*[http://en.wikipedia.org/wiki/Smithfield%2C_Rhode_Island Smithfield, Rhode Island]
*'''Graduation:''' May 2000
*'''Graduation:''' May 2000
*AACSB Accredited
*[http://www.aacsb.edu/ AACSB] [http://www.aacsb.edu/members/Omd/Profile_page2.asp?LinkId=38588&CallingPage=InstLists Accredited]
*'''Focus areas studied:''' Computer information systems with a minor in applied business statistics
*'''Focus areas studied:''' [http://www.bryant.edu/wps/wcm/connect/Bryant/Academics/Areas%20of%20Study/Computer%20Information%20Systems Computer information systems] with a minor in [http://www.bryant.edu/wps/wcm/connect/Bryant/Academics/Areas%20of%20Study/Applied%20Statistics applied business statistics]
*'''Grade point average:''' Graduated summa cum laude with a GPA of 3.96 out of 4.00
*'''[http://en.wikipedia.org/wiki/GPA#United_States Grade point average]:''' Graduated [http://en.wikipedia.org/wiki/Summa_cum_laude summa cum laude] with a GPA of 3.96 out of 4.00
*'''Leadership:''' Served as President of Bryant PRIDE for more than a year and conducted a Linux installation event
*'''Leadership:''' Served as president of [http://web.bryant.edu/~pride Bryant PRIDE] for more than a year and conducted a [http://en.wikipedia.org/wiki/Linux Linux] installation event


===Certification===
===Certification===
*'''RedHat Certified Engineer''' (RHCE; older version): 806200565301847
*'''[https://www.redhat.com/training/rhce/courses/ RedHat Certified Engineer]''' (RHCE for 6.2): [https://www.redhat.com/training/certification/verify/ 806200565301847]

Latest revision as of 15:12, 6 June 2015


Welcome to the web site of Steven Lawrance, master of software engineering (MSE). I enjoy building complete computing solutions at all levels of abstraction to automate business processes at a low cost, in a short time frame, and with high quality. Put my experience, interests, training, and expertise to work for you. Please feel free to contact me today.

Software Built in a Team Software Built by Just Me Employment History Education and Training

Résumé: Portable document format (PDF)

Network: LinkedIn

Please feel free to ask me for more information about any project listed on this page.

Software Project Experience

Team software

I materially participated in the team software projects listed below:

Name Description Technologies SLOC Year
Salesforce.com Web-based business software platform and suite of integrated business applications. During my time at Salesforce.com, I have worked on several teams -- API, Force.com Sites, Site.com, and Platform Security. Most recently, I led the implementation of custom https domains for Salesforce's site technologies, and this included tangential work, such as the domain management screens that were added in Summer '14. I've been a go-to person for several parts of the platform, and this includes Force.com Sites, the database tier of Site.com, site publishing, custom https domains, clickjack protection, inbound and outbound https connections, the reverse proxy caching layer for sites, IPv6, and our main production feature testing tool.

At Salesforce.com's Dreamforce 2013 conference, I presented a session on the lessons learned while developing a Force.com solution to replace an older Microsoft Access solution for the San Francisco AIDS Foundation.

Earlier at Salesforce.com, I integrated the low-level parts of Siteforce into the core Salesforce.com product; wrote Siteforce's Resin and runtime server configurations; wrote a cross site scripting Firefox/Firebug extension to test proper output escaping in the manual and automated tests; improved an internal production testing tool's scheduling of tests by adding prerequisite expressions to increase test parallelization; and added per-window screenshots to an internal testing tool by extending Selenium with JNI native code.
Java, Apache Ant, Selenium, JUnit, Force.com, Jetty, Resin, JSP, Servlets, JNI, Win32, X11 large 2007-current
Reggie/CIS A 200-user multi-tenant three-tiered HIV/AIDS client database system that was used by all Ryan White Foundation CARE-funded AIDS service organizations in San Francisco in collaboration with the San Francisco Department of Public Health (DPH) AIDS Office and two partners to the San Francisco AIDS Foundation (SFAF), where I worked for about five years. I actively maintained this system with a colleague at the DPH AIDS Office and was principally responsible for maintaining the "CIS" portion of Reggie/CIS, which extended the Reggie platform with extra features that the SFAF and two other organizations used. Java, VBScript, Swing, T-SQL, MS SQL Server, CVS, JavaScript, C, JNI, CORBA, IIS, COM, Win32 162,005 2000-2005
DonorPerfect Online Donor and fundraising event management system used by the San Francisco AIDS Foundation. I migrated AIDS/LifeCycle data from a Goldmine database to the San Francisco AIDS Foundation's customized DonorPerfect Online system using a test-driven development process for the SQL scripts. I also contributed substantially to the bulk data entry wizard, fixed bugs throughout the system, including security holes, made all pages and JavaScripts operate properly in Mozilla Firefox, and implemented strict URL filtering security using an Apache reverse-proxy and mod_rewrite. VBScript, T-SQL, MS SQL Server, JavaScript, Apache HTTP Server, IIS, CVS 97,592 2004-2005
SFAF CRM Customer relationship management system that was implemented by a colleague at the San Francisco AIDS Foundation that primarily serves the organization's volunteer based programs department, automates expense reports, and runs the California AIDS Hotline. I enhanced the deployment system using CVS in a web-based front-end, helped my colleague fix various bugs, and enhanced its Internet-facing security with an Apache reverse-proxy and mod_rewrite. VBScript, T-SQL, MS SQL Server, JavaScript, Apache HTTP Server, IIS, CVS 69,015 2001-2005
Bosch Security Configuration Assistant An Eclipse-based application that generates three-dimensional security plans for buildings using a rule engine and three-dimensional visualization. In this project, I integrated a Windows-based three-dimensional visualization program into an Eclipse view, kept our RedHat Fedora Core server and software available, secure, usable, and backed up using only one hour per week of my time on average throughout the project, and automated our data collection and reporting processes to minimize project overhead work. This group project involved four other students -- two whom also work at Salesforce.com -- and served as a laboratory for us to directly apply coursework to a software project with a real client throughout our software engineering masters' programs. Java, Eclipse, UML, Apache Ant, Bugzilla, CruiseControl, MediaWiki, Subversion, SWT, C++, JNI, Win32 21,274 2005-2006
Park 'N Park A fault-tolerant, distributed, real-time three-tiered application for tracking parking garage usage. This was an academic project. Java, CORBA, MySQL, CVS 2,027 2006
Teacher's Pet Shares a tab in your Mozilla Firefox browser with one or more remote browsers, which can be useful in virtual classroom environments JavaScript, Java, XUL, XPCOM, Subversion 1,251 2006
Hulk Physically navigates a maze using a customized Parallax Boe-Bot. This project involved both custom hardware and custom software as well as trade-offs between the two when implementing features. Parallax BASIC Stamp, Parallax Boe-Bot, Subversion 784 2006
URL Lock Follow-up project to IE URL Lock that sports a configuration user interface and implements new ideas for visually disabling content on the web JavaScript, XUL, C++, XPCOM, Win32, Subversion 3,868 2006
Ariesbase Intranet system for Ariesnet, Inc. During the Summer of 1999, I helped shape the back-end functionality, such as the security system and global includes, and I also created a high-level specification for an employee rating system for virtual team environments. PHP, MySQL, JavaScript, CVS medium 1999-2000


Software that I created

I wrote and maintain the following software:

Name Description Technologies SLOC Year
Home Profiler Synchronizes user profile data between multiple desktop computers, regardless of the operating system. This was used at the San Francisco AIDS Foundation to migrate user profile data from Windows NT to Windows XP while leaving malware and spyware behind. Java, C, JNI, JACOB, COM, Win32, CVS 5,679 2005
IE URL Lock A browser helper object (BHO) that prevents users from navigating to web sites in Internet Explorer and Windows Explorer while permitting URLs that match a Perl-compatible regular expression stored in the registry C++, COM, BHO, Win32, Subversion 1,607 2005-2012
Backup system Multi-platform, SSH-secured, Internet-based incremental backup system that I assembled and use to back up all computers that I manage Unison, Apache HTTP Server, OpenSSH 2005-2007
Read-only filesystem FUSE filesystem view that makes all files unconditionally read-only. I use this in my backup system for the web-based file restore interface. C, FUSE 241 2005-2007
Serendipity Time Tracking Tool A two-tier software team time tracking tool used by Team Serendipity while designing and building the Bosch Security Configuration Assistant. It was rapidly developed using Microsoft Access 2003 as the front-end user interface, MySQL 5 as the back-end database, and SSH as the MySQL connection tunnel. VBA, Microsoft Access, MySQL, OpenSSH small 2006
GnuCash to QIF Converts a GnuCash XML file into a QIF or an IIF file Java, Apache Xerces 2,274 2002-2007
PDF Access Reports Web-based PDF reports using Microsoft Access, a customized PHP build to run as a COM server, and a custom-built COM object for use by ASP on the reporting server. This was a component of Reggie/CIS's reporting system. PHP, COM, C++, Sockets, VBA, ASP, Microsoft Access 651 2002-2005
PDFFile and InvokeAsUser Enables easy portable document format (PDF) file generation on Windows computers when used with AFPL GhostScript and RedMon C, Win32 396 2005
SFAF VPN Client Connects a Microsoft Windows 2000 or XP computer to the San Francisco AIDS Foundation's virtual private network (VPN) by using the built-in IPsec and PPTP capabilities in Windows. Each client computer is secured with a machine-unique public/private key, and users are authenticated against the NT domain using PPTP over the IPsec connection. C, Win32, Java, Swing, CVS 2,623 2003-2005
Door Lock Specification (not an implementation) of a secure residential door real-time, embedded software system that uses electronic locks, secure entry, easy exiting, and alarm state awareness to securely and efficiently manage a door Parallax Javelin 0 2006
Swing Inline Spell Checker Inline spell checker that plugs into Swing's look-and-feel system. This was used in Reggie/CIS as its distributed spell checker with GNU Aspell running on the server. Java, Swing, CORBA, GNU Aspell 2,859 2002-2005
DirList User directory system that runs as a CGI to serve up user lists, search, and synchronize with the operating system's user database. When used with DirList2ODBC, the ODBC driver that I wrote for DirList2, the entire DirList2 system becomes a structured query language (SQL)-compliant database system within the limits of the DirList2 Server. This project began in January of 1998 and is actively patched for any security issues that arise. Bryant University continues to use this program for their student web site list. C++, C, Sockets, ODBC, Linux, Win32, VBA, Microsoft Access 8,268 1999-2007
DirList2ODBC ODBC 2.0 compliant driver written for the DirList server. This driver is primarily used with Microsoft Access, but can also be used from other ODBC client applications, such as SPSS. C++, Win32, Sockets, ODBC 12,671 1999-2000
PAM CueCat Module Turns the CueCat barcode scanner into a pluggable authentication module (PAM) library, permitting logins with bar code scans C, PAM, Linux, CueCat 285 2000
Home Control The project that marked my first significant work towards complete home and office automation systems C, Win32, Serial, CP290 2,270 1996,1998
ResNet Online I rewrote the old site for ease of use with more capabilities. Automatic port registration and heavy database integration saved the ResNet program a substantial amount of time while greatly improving customer/student satisfaction. PHP, SNMP, MySQL, PHPLib 4,572 1999-2001
FAT Recover Manual FAT filesystem recovery tool that I made to help with manual floppy disk recoveries and to salvage my dad's laptop when Windows totally crashed C, Linux 246 2000
Bryant PRIDE web site Web site for the Bryant PRIDE LGBT group. In the Fall of 1997, when I was a freshman at Bryant University, I greatly enhanced the web site with several pages and JavaScripts. This also included a JavaScript-driven background MIDI music jukebox in a pop-under, which was unique for a web site at that time. While I was the web site's maintainer, it moved from static HTML to ASP and then to PHP. JavaScript, PHP, VBScript, ASP 3,681 1997-2000
ActiveMail Provides SMTP email sending, POP3 email downloading, and FTP authentication services to ASP, Visual Basic, and other COM-consuming programs C++, COM, Win32, Visual Basic 4,691 1998-2000
CPU ID A very simple program that displays information about the CPU that it happens to execute on C, x86 Assembler, Win32 111 1999
Disk Imager Reads, writes, verifies, and erases entire disks into/from raw image files. This is similar in principle to rawrite.exe, but Disk Imager implements a graphical user interface. C, Win32 520 1998
EzMIDI32 A 32-bit version of the ScreenWindow+EasyMIDI libraries that I wrote for Grapevine High School C++, Win32 854 1998
LPD Written for the Grapevine-Colleyville Independent School District (GCISD) to allow employees to send AS/400 printouts to their local Windows printers. I wrote the piece that translates HP DeskJet 500 compatible instructions into a Windows GDI context. C, Win32 1,850 1996-1998
PortProxy TCP connection forwarding service that I wrote in college so that I could run servers from behind a firewall. When I put Linux onto resnet.bryant.edu, I no longer needed this program, but it's still cool if you are running Windows. I also wrote a version that runs as a system tray application in Windows 95. C, Win32, Sockets 1,461 1999
ScreenWindowX An ActiveX version of ScreenWindow that I created during the ActiveX hype. This gives Internet Explorer pages, COM clients, and .NET applications an easy-to-use text console user interface control. C++, COM, Win32, ActiveX 1,614 1998
KJMouse Busy cursor for Java that is similar to the launch feedback in KDE 2.2 Java, JNI, Win32, X11, Cocoa 736 2001-2004
CatSetup Scriptable install and uninstall utility for 16-bit Windows that I wrote in the mid-1990s to ease the distribution of my software. Most of my software from 1994 to 2000 used CatSetup. I eventually switched to using NSIS and, later, MAKEMSI. C, Win16 3,676 1994-1998
Trig Grapher Plots trigonometric functions in a window. This was my first multi-threaded Win32 program, which I wrote in high school for fun. I later back-ported it to Win16. C, Win32, Win16 1,441 1995-1996
256-Color SDK Library that I wrote a to easily manage 256-color bitmaps on 256-color displays C, Win16 704 1994
AudioCD Pictures Displays predefined pictures as a playing CD reaches predefined moments C, Win16 550 1994
BBS Ads Simply a program that can advertise bulletin board systems, when they used to be popular C, Win16 258 1993-1994
Bids-to-ASP Converts American Airlines bidsheet files into Procomm Plus for DOS ASPect scripts C, Win16 562 1994
Horses A fun horse racing strategy game for Windows C, Win16 3,348 1995,1997
KittyCat! Comm Bulletin board system (BBS) communications program with a dynamic data exchange (DDE) based application programming interface (API) and support for ANSI text and RIPscrip graphics. This was never finished due to the Internet and the World Wide Web making it obsolete. C, Win16 8,166 1994-1995
MCI SendString Allows users to work with the Microsoft Windows media control interface (MCI) with text rather than through pointing and clicking C, Win16 212 1994
MeowyMIDI A 1.0 sound font with cat meows and purrs for Sound Blaster AWE32 and AWE64 audio cards SoundFont, MIDI 0 1994-1995
PCL Page Manipulate PCL-compliant printers with this utility that works in both Win16 and DOS C, Win16, DOS 196 1995
ScreenWindow Text console and MIDI library for Win16 that I wrote so that students at Grapevine High School in first-year computer science class could use MIDI in their music projects using Borland's Turbo Pascal. When they switched to teaching C++, I made a 32-bit version of the library that used Win32's native console rather than my own. C++, C, Pascal, Win16, Win32, MIDI 2,953 1996-1997
AriesType A touch typing education program that I made while I was a freshman in high school. It tied into the local Novell NetWare network to be a multi-user application with different capabilities given to students, teachers, and system operators. AriesType also included basic local email and paging capabilities. QBASIC, DOS 4,364 1993-1994
IntMap A small image library that I wrote for a Pascal project in high school to provide image drawing, movement, and rotation operations in DOS Pascal, DOS, C 1,797 1995,1998
Jingle Bells A first-year computer science course project to visually and audibly play a traditional December holiday song, which I later ported to Windows using ScreenWindow Pascal, DOS, C, Win16, Win32, MIDI 611 1994,1996
SLOS-DOS A small interpreted toy operating environment written in BASIC for DOS. Programs are written in a trivial and limited scripting language. QBASIC, DOS 1,277 1993
SLOS-Win Windows version of SLOS, a small interpreted toy operating environment written in BASIC for DOS. Programs are written in a trivial and limited scripting language. C++, Win16 1,679 1993
TSNHead Kept track of how much time my brothers and I spent on The Sierra Network (TSN) QBASIC, DOS 291 1992
TrackTrek A track meet program that "keeps track" of events and allows others to view scores in realtime. This was my first Java program. This was more of a self-driven academic exercise as the project was never finished. Java, AWT 3,690 1996-1998
Thunderforce An open-source Mozilla Thunderbird extension for Salesforce.com. This project is now abandoned due to other priorities and interests. JavaScript, XPCOM, C++, XUL, Subversion, MediaWiki 5,411 2007-2009


Software and project contributions

I contributed to the following projects:

Name Description Technologies SLOC Year
Mozilla Workaround code for a shutdown bug in Firefox (bug 239223) and helped others find the cause of a NTLM authentication crash in a pre-Firefox build 156 2005
Samba Patch to allow the use of 32-bit user and group IDs in smbmnt 11 2004
Pan Contributed a small multi-threaded bugfix to a function that was crashing on several important dialog boxes in version 0.6.3 small 1999
PHP Contributed the snmpset() function to PHP 3.0.12 and PHP4 Beta2 so that ResNet Online could turn on the ResHall ports when students registered their computers C, Net-SNMP, CVS 172 1999
Spruce Contributed several small usability patches and a fix for a thread-based crash that brought down Spruce while checking messages in previous versions C, GLib threads, GTK+ 200 2000
Novell openSUSE Fixed bugs related to LVM on a USB boot drive and J-Pilot thinking that the username is always wrong on 64-bit platforms, and added a workaround for Bluetooth DUND issues. Full bug list. C small 2007-2008
Bryant University During the Spring of 1998, I enhanced Bryant's main page with rollovers and images. Other miscellaneous pages were also updated, and the DirList project was started originally as a web directory for Bryant. JavaScript, HTML small 1998-1999


Lines of code were computed using SLOCCount and, for extensions not supported by SLOCCount, find . -iname \*\\.js -print0 -or -iname \*\\.bs2 -print0 -or -iname \*\\.idl -print0 -or -iname \*\\.asp -print0 -or -iname \*\\.clp -print0 -or -iname \*\\.xul -print0 -or -iname \*\\.bas -print0 -or -iname \*\\.exc -print0| xargs -0 -Ixxx cat xxx| grep "[a-zA-Z0-9]"|wc -l. SLOC counts that relate to San Francisco AIDS Foundation software that has not been made open-source were computed during my final months of employment; Carnegie Mellon University asked for those numbers as part of the admission process. Generated code is excluded from the SLOC counts. With generated code, such as the Reggie/CIS code generated from idlj, the SLOC counts balloon significantly.

Employment History

Salesforce.com

  • Senior Member of the Technical Staff: Force.com Sites, Core Infrastructure, Security, and API Teams
  • January 2007 to present
  • Accomplishments
    • Brought attention to specific cross-site scripting (XSS) vulnerabilities by writing a Firefox Firebug extension that looked for improper string escaping in a test org that had been specially populated with attack strings by another tool and having quality engineers from every functional team test the system with the Firebug extension running. This led to the identification and resolution of a large number of vulnerabilities, thus making Salesforce.com even more secure. A security research firm later commended Salesforce.com's security, saying that they couldn't find any XSS or cross site request forgery (CSRF) vulnerabilities, despite looking for them over the course of several days.
    • Championed an improvement to an anti-phishing feature's design successfully, and that improvement is patent-pending
    • Resolved customer cases related to the application programming interface (API) and secure sockets layer (SSL), quickly becoming a go-to person for HTTPS and SSL
    • Improved an internal production testing tool's scheduling of tests by adding prerequisite expressions to increase test parallelization
    • Built the initial security testing framework for package access controls, which helped quickly bring that feature to market with confidence in its quality and security
    • Designed and began to implement a Thunderbird add-on for Salesforce.com: Thunderforce
    • Enhanced the user interface of, added Apache Ant build files to, significantly improved the configuration system of, and added multiple-window browser screenshots to an internal production testing tool that is used by multiple teams
    • Created and automated anti-phishing and security test scenarios
    • Automated HTTPS troubleshooting with an internal utility for support representatives that substantially reduced the number of escalated HTTPS cases
    • Ensured that new releases of the core product did not break older API versions through gold files and automated testing
    • Established a methodology for determining equivalence partition coverage in the test cases for the Salesforce.com object query language (SOQL)
    • Assisted developers and quality engineers with installing and maintaining Novell openSUSE Linux on their primary desktops

San Francisco AIDS Foundation

  • Database Administrator and Software Engineer
  • September 2000 to July 2005
  • Accomplishments
    • Maintained a large 200-user multi-tenant three-tiered system used by all Ryan White CARE-funded AIDS service organizations in San Francisco in collaboration with the Department of Public Health AIDS Office of San Francisco and two direct partners. That involved all aspects of the software development lifecycle as well as server and client deployments, network maintenance, and top-tier user support.
    • Gathered requirements for new features collaboratively with stakeholders, designed those features, coded them, tested them, and deployed them
    • Assisted the other database administrator with the foundation's customized customer relationship management (CRM) and donor relationship management systems
    • Implemented large parts of the data conversion and customization of the Foundation's purchased donor relationship management system
    • Secured the Internet-facing presence of the donor relationship management system using a locked-down Apache configuration and strict URL regular expressions
    • Obviated a need for Crystal Reports by implementing web-based PDF reports using Microsoft Access, a customized PHP build to run as a COM server, and a custom-built COM object for use by ASP on the reporting server, saving a significant amount of money
    • Migrated client operating system data during the Windows XP transition using a multi-platform profile migration tool that I wrote
    • Planned, deployed, and provided training for Mozilla Firefox as the default web browser to all foundation users and created IE URL Lock for business-related sites that only worked in Internet Explorer
    • Evaluated, purchased, and managed the licenses of software related to Reggie/CIS
    • Maintained the Cisco network equipment, including the PIX firewall's access control lists (ACLs) and routers' virtual local area network (VLAN) ACLs
    • Cut unsolicited commercial email (UCE or SPAM) drastically and added virtual private networking (VPN) using Astaro Secure Linux (ASL) in the demilitarized zone (DMZ) behing the Cisco PIX firewall
    • Administered databases, servers, and the organization's backup system

Ariesnet

  • Intranet Developer
  • May 1999 to August 1999 and May 2000 to July 2000
  • Accomplishments
    • Developed specifications for a statistical employee rating system to help Ariesnet move towards building teams of virtual at−home employees
    • Helped Ariesnet build their secure intranet system using PHP and MySQL
    • Administered the intranet system's Linux server as well as the development test server using the CVS versioning software

Bryant University

  • ResNet Consultant
    • January 1999 to May 2000
    • Accomplishments
      • Shortened residence hall computer registration port activation turnaround times from two weeks to one second with a custom-written Linux-based PHP web site
      • Provided in-person network and computer support to students living in the university's residence halls
  • Internet Developer
    • January 1998 to May 1998 and September 1998 to May 1999
    • Accomplishments
      • Implemented the university’s first web-based faculty and student directory using the common gateway interface (CGI)
      • Wrote an ODBC driver and Microsoft Access database for its administration. This lives on as the DirList2 open-source project

Grapevine-Colleyville Independent School District

  • Student Intern
  • January 1996 to August 1997
  • Accomplishments
    • Provided hardware and software support, winning an employee award for exceptional service
    • Worked with wide-area network configurations
    • Wrote a networked printer driver to save thousands of dollars in licenses by allowing printing from their AS/400s to local printers

Education and Training

Carnegie Mellon University

  • Master of Software Engineering, Institute of Software Research
  • Pittsburgh, Pennsylvania
  • Graduation: December 2006
  • Masters group project: Bosch Security Configuration Assistant, which is an Eclipse-based application that generates three-dimensional security plans for buildings using the Jess rule engine and three-dimensional visualization
  • Project roles: Technology support manager and, via rotation, planning manager, software process manager, project risk manager, and quality manager
  • Focus areas studied: Fault tolerant, distributed, real-time systems; software project management; formal models and analysis of software systems; software architecture; and software requirements elicitation methods
  • Accomplishments
    • As a team, we met and exceeded our client's original picture of success by the end of the project's one-year time frame.
    • I reduced the status meeting data collection time to less than 30 minutes through automation and used historical data to reduce our estimation error.
    • As the support manager, I kept our RedHat Fedora Core server and software available, secure, usable, and backed up using only one hour per week of my time on average throughout the project.
  • Quality point average: Graduated with 4.03 out of 4.00, which is a weighted grade point average (GPA), due to earning several A+ grades

Bryant University

Certification