This document may be accessed on the Web at http://www.cs.utah.edu/~fish/resume.html .Russell D. Fish
E-Mail: fish@cs.utah.edu Home Address: 1618 East Meadow Moor Road http://www.cs.utah.edu/~fish Salt Lake City, Utah 84117 Cell phone: (801) 953-3778 Home phone: (801) 274-2834
My highest skill is leading a technical team in developing and refining systems designs, detailing and producing implementations, and evolving software systems from rapid prototypes to mature products. I strongly support good team process, communication, and mentoring.
I am a member of the Cloud9 development team that is creating Verio's new cloud hosting product for small-to-medium-sized businesses, using Python, MySQL, and Django, together with a proprietary mix of cluster software components.
I contracted with Bruce supporting early phases of software design and development for an embedded ZigBee Pro (802.15.4) wireless control network. In this product, a color touch-screen handheld unit controls rapidly reconfiguring sports facilities such as gymnasiums.
The Gem design includes a platform-independent GUI, implemented as a set of MVC (model-view-controller) object classes for handling interactive input events, 2D and 3D viewing controls, and OpenGL rendering of models.
Gem is also designed to work as a remote collaboration "design whiteboard", for example while diagramming software or designing mechanical parts.
The Python GemCore geometry library is a new implementation, quite similar in design to the Alpha_1 Shape_edit basic geometry library.
GemCore is nearly complete up through points and vectors, lines and planes, and arcs and circles including intersections and tangencies. At present, there's just enough basic NURBS curve support to make path (profile) curves and draw them through PyOpenGL in the default GLUT toolkit windows.
I have a CNC conversion for my little manual Unimat SL1000 lathe/milling machine, and intend to generate CNC g-code toolpaths from GemCore path curves, as we did in Alpha_1.
See an NE1 example screen and the NE1 Gallery for some examples of NE1 designs.
NanoEngineer-1 is:
Here's how I did it:
Some Emulab details:
Each Emulab experiment node runs on a physical PC, on which a saved OS image is rapidly installed using the Emulab "Frisbee" multicast loader. The researcher has root privileges and can install any software they want, then make custom OS images of their own.
Normally, they start with a base OS image containing Emulab management services that set up:
The Emulab experiment-node management software was originally written for FreeBSD and later ported to Linux. I ported it to Windows, scripting the complete setup of Windows XP from the "Out-Of-the-Box-Experience" to full operation in a few minutes.
I used the Cygwin GNU environment, Resource Kit tools, many Registry hacks, and finally Sysprep to make hardware-independent images. I found race conditions in the XP TCP stack initialization for the multiple NIC's, requiring much check and reconfiguration logic.
This work was part of a paper published in the IEEE INFOCOM proceedings, April 2006 . Scroll down for the pictures!
Mobility is provided for 6 of the Emulab Crossbow "Mica-2" sensor-net nodes. They are mounted on Intel "Stargate" PDA cards, which have an 802.11 control network card and control an Acroname "Garcia" two-wheeled motion platform.
The Garcias roam in a 60 square meter L-shaped office area, with 6 ceiling-mounted security cameras providing location information for navigation and control. Each Garcia has a "fiducial" marker consisting of orange and blue colored disks mounted on top.
David Johnson and I surveyed a 1/2 meter measurement grid over the entire robot area to a couple of millimeter accuracy; positioned fiducials at the grid points with pins; and measured that the original location software was accurate to only 10 cm. 1 cm accuracy was determined to be necessary for robot and wireless repeatability.
We determined that much of the error was due to wide-angle distortion in the lenses, calibrated and corrected for that. I devised an "error cancellation" algorithm to remove the remaining static error, using barycentric triangle coordinates to bilinearly blend corrections from the center and corners of each camera area to its interior points.
The result was 1.02 cm max error over the whole robot area, and 0.34 cm RMS (Root Mean Squared) error from the surveyed points.
Most web sites are implemented in PHP or ASP code, with a back-end SQL database holding user session and persistent state. Typically, SQL queries are constructed on-the-fly, combining HTML forms inputs from the user with SQL query statement strings. SQL injection attack vulnerability comes from any form inputs that are not checked for SQL metacharacters such as single- or double-quotes, allowing a DB query to be "hijacked" by an attacker.
Checking forms inputs is generally trivial code, but it must be done on EVERY input without fail, since a single vulnerability can give away control of the whole database. A defender must block everywhere; an attacker only needs to find one hole.
Researching this problem, I was surprised not to find tools available to do complete, automated checking of web sites. The best I found were manual "penetration testing" tools, random "blind" site-probing tools, and programming toolkits for manually constructing web site test frameworks.
The Emulab web interface is served from Boss, and it is not desirable to "beat up" the main database for testing. But Emulab has a unique ability to run "inner" copies of itself as "Emulab-in-Emulab" experiments, where the Boss and Ops servers and some experiment nodes are sequestered in an Emulab experiment for testing.
So I built an automated testing framework for the Emulab web interface, with an SQL injection scanner on top of it. An inner Emulab is started and "activated" by scripted creation of "one of everything" in the DB. This causes all Emulab web pages to be presented to a "spider" pass over the whole site. The saved pages are then mined for forms input arguments; the inputs are combined with a small test values dictionary; and test scripts are generated to drive the web interface.
There are two test modes, one to just verify operation of each of the forms through setup, control, and teardown of each managed object type. Another probes each of the forms inputs individually by substituting in a labeled SQL injection probe string.
A "probe catcher" pattern check on the way into DB query-handling code reports the labels of uncaught probes that could compromise the database. It's then trivial to fix up the input checking code, sealing off the vulnerabilities. Since the process is automated, it can be repeated regularly with little cost as the web site is evolved.
It became difficult to understand Emulab Testbed network experiments as they grew from tens to hundreds of router and hardware nodes, and then to thousands of virtual nodes. Emulab experiments are specified in a programming language, an extension of the widely-used ns network simulation language which is in turn based on TCL. Besides needing to look for bugs in their ns programs, experimenters began using and building their own topology generators, so they needed to examine the generated network topologies.
Links:
The main OpenGL display pane in hypview is based on the C++ HyperViewer software from Tamara Munzner at Stanford. I SWIGed it into Python and built controls for it with the wxWidgets/GTK2 GUI Python toolkit, using wxGlade as a user interface editor.
hypview is packaged for installation on FreeBSD, Windows, and Linux user workstations, and is open-sourced along with the rest of the Emulab software.
As a software developer, I used C++, STL and ATL/COM, together with a proprietary GUI environment and OpenGL, to implement new functionality for the ThinkDesign product.
As the local system integrator, I did the final merge of software changes and additions flowing from the seven programmers in Salt Lake City, checked them in to the weekly world-wide build cycle in Italy via ClearCase Attache, downloaded and compiled the next official build of the system and prepared it for the developers, and ran the official regression test suites. To support this process, I used and enhanced a suite of Perl programs developed in the French R&D office of Think3, extended by my own automation using Cygwin/Bash. I also introduced software power tools for use by the whole group, including WinMerge and WinCvs.
Stabro Laboratories is the only calibration service in the state of Utah which is accredited by the A2LA under the ISO Guide 17025 standard. Companies which use many kinds of measuring tools (electronic, dimensional, pressure-force, temperature/humidity, light...) send them to Stabro to be calibrated against standards which are traceable to NIST standards or physical constants.
Stabro uses software to track and schedule calibration work and maintain the necessary history and standards traceability in an accredited Quality environment. Just to make things interesting, calibration work is done at a main lab, satellite labs, and by mobile technicians at customer sites.
We architected and implemented an evolution to the new C# (C-Sharp) CLR .Net environment for visual client programs. This incrementally replaces the legacy stand-alone Visual Basic and DOS applications programs, front-ending DBASE/Clipper and Access/ADO databases on a Novell server. In the new system, distributed calibrations are handled by Web Services client connections to Debian Linux Zope servers, using XML-RPC/SOAP over HTTP, authenticated by OpenSSH public keys and encrypted by OpenSSL. Server-side business logic is written in Zope/Python and runs against MySQL databases.
We also implemented a Web Application server for calibration work status queries by Stabro customers. This was done using the FCGI-Python interface to Zope from the company web site on an Apache/HTTP server. Python code processes data which was submitted by customer forms and queries the MySQL database tables, dynamically generating HTML/JavaScript pages in response.
Our first two goals were to prove Viva on its own as a very high-speed applications server, and to implement very high-speed Java J2SE applications code compatibility.
Viva is the brain-child of Professor Levent Gursoz of CMU, who is the founder and CEO of Halosoft. Viva is a remarkable technology including a powerful, elegant programming language named V, together with a network-distributed, platform-independent operating system environment. V includes the ability to define language syntaxes as a low-level part of its own self-bootstrapping, as well as native language-specific datastructure primitives. It can thus naturally be used to implement multi-language compatible development and runtime systems for a networked virtual computer.
Alpha_1 is an extensible, portable, object-oriented, research software testbed for Computer Aided Design and Manufacturing, Geometric Computing, and Computer Graphics applications. Within that framework, I personally advised the software portions of at least thirty M.S. and Ph.D. research projects, as well as the continuous software evolution work of a staff of up to eight full-time programmers.
1986-1995 - Led research developing a feature-object based mechanical engineering language and manufacturing process plan representation, together with automatic CNC machining program generation methods. Sub-projects included CIDAM: Concurrent Integrated Design and Manufacture , RaDEO-MIND: Multiphase Integrated eNgineering Design , and MADE/MadeFast . This work culminated in the FeatureCAM commercial product of our tech-transfer company, Engineering Geometry Systems. I am one of the four inventors granted U.S. Patent number 5,726,896 for a real-time CNC machining servo-control method which added NURBS curves and surfaces to the usual lines and arcs handled by embedded machining controllers.
1982-2000 - Created and led the evolution of the Shape_edit interactive design and geometric modeling environment, featuring:
1980-2000 - With Beth Cobb, created StructGen, an object-oriented class definition system on top of the C language, and used it as the basis for evolving Alpha_1. The initial version was based on the system design developed in my Masters thesis and predated C++ by at least five years. StructGen is based on a meta-definition of the object structures similar to the current C++ dossiers or Java reflection. It includes generic method dispatching and polymorphic services such as deep copying, and very efficient interprocess serialized binary communication of structures of objects. Converted to C++ by Robert Mecklenburg in 1990, the higher levels are still the basis of distributed client-server interaction and persistent model state storage in Alpha_1. This has all been portable across more than a dozen Unix platforms, including Linux and Windows XP/Cygwin ports.
1990-2000 - Contributed to telecollaborative design research in our five-university NSF Science and Technology Center. This has included multi-way teleconferencing with H.263 over T1 lines and H.323 over IP, combined with real-time design refinement on networked computers. Concurrent distributed engineering design and CNC machining projects using our Alpha_1 and FeatureCAM software have included creation of a series of immersive augmented-reality research instruments with the UNC group, and development of a combined version of our design system with a post-WIMP gestural interface with the Brown group.