antirez weblog

General information

Salvatore Sanfilippo, 7 March 1977, Agrigento, Sicily, Italy

Contacts

email: antirez (at) gmail (dot) com

Education

• High school: Liceo Scientifico "A.Sciacia", Canicatti' (AG)
• University: Three years of courses in Palermo University of Architecture (of building and cities, not computers). I never completed it and started writing programs instead.

Current activity

I'm the founder of Merzia s.r.l. together with Fabio Pitrola. In winter 2005/2006 Merzia developed two web 2.0 applications (Segnalo and OKNOtizie) resulting in a deal with Matrix s.p.a. (a company fully controlled by Telecom Italia s.p.a).

We are now developing a new web service for the international market focused on giving users a new way to explore web site statistics in real time, for more information please visit LLOOGG.

Employment History

• 2001-2005 Freelance software developer
• 2001 Embedded software developer for Innominate AG, working from home
• 2000 Developer and security expert for LinuxCare Italia, working from home
• 1998/1999 Security expert and security tools developer for SECLAB (Intesis security division), Milan
• Pre-1999 System administrator and programmer for Alicom s.r.l.
• 1999-2006 Articles writer for Italian IT magazines

Free Software

• Lead developer of hping2 and hping3, a widely used security tool for networks and firewalls testing. Hping3 adds scripting capabilities. Hping is currently one of the top security tools in use.
• The Jim Interpreter is an alternative small footprint reimplementation of the Tcl programming language adding a references system with garbage collection, anonymous functions, closures, first class dictionaries. It uses a technique for interpretation based on objects specialization in order to be fast enough without requiring byte compilation.
• Visitors is a fast web log analyzer written in ANSI C.
• Sugar is a macro system for the Tcl programming language.
• s10sh is an userspace usb/serial driver for the Canon Powershot digicams.
• Tcpcam is a video conference software for Linux
• Some other projects are a DNS server for embedded systems, a web-based interactive shell for PHP, an arbitrary precision integer library par of the Tcl lib, an IRC server written in Tcl and an encrypting IRC proxy.

Writings

• (en) Tcl the misunderstood
• (en) Tclwise, a free book on Tcl programming
• (en) Financing your free software with Google Adsense
• (it) Spaghetti Ajax

Security research

I invented the Idle Scan, a novel technique for indirect port scanning, now implemented in the Nmap port scanner. The vulnerability was fixed in many TCP/IP stacks of modern operating systems including Linux and *BSD.

Programming languages research

Tcl TIPs:

• Procedures as Values
• Lazy Lists
• Arithmetic Series with Optimized Space Complexity

Details about the Jim Interpreter extensions to the Tcl language can be found at http://wiki.tcl.tk/jim.

• Sugar, a macro system for Tcl
• Apathy is an implementation of the Joy programming language written in Tcl with the addition of FORTH-like locals preserving Joy's theoretical features.

Main computer science skills

Programming: I'm good at writing code in C and some very high level programming language such as Tcl and Scheme. I also used the following languages for fun and/or work: Ruby, PHP, Python, SmallTalk, FORTH, C++, Joy. I've some experience with i386 and PPC assembly.

Kernel hacking:I wrote some device drivers in the past, for work or just to support my own hardware. I also have some experience with changes to the Linux TCP/IP stack (I needed it in order to experiment with TCP/IP security). I wrote a Linux VFS module in order to mount my USB digicam as a Linux file system.

Update 12 October 2006: As a quick and dirty hack I added the monitor mode to the Linux driver of my wifi card, source code and a README at http://antirez.com/page/rt73.

Languages development: I have worked with the Tcl internals and studied the implementations of programming languages like Ruby and Python. I have experiences implementing very high level programming languages, stack-based virtual machines, automatic memory management using reference counting and garbage collection.

Networking: Working in the security field and implementing hping I developed experience with the TCP/IP protocol. I also implemented at server and/or client level the following protocols: DNS, POP3, IMAP, DHCP, LMTP, SMTP, and a number of other protocols.

Security and Cryptography: Secure programming, security auditing of source code, networking protocols auditing and design for security. Block ciphers and stream ciphers, pseudo random number generators, cryptography uses in networking protocols, web security.

PIC programming: I have developed software for the microchip PIC family in assembler and using C and structured BASIC compilers. I've some very basic electronic understanding.

Evolutionary computation: I studied genetic algorithms and genetic programming and experimented with this ideas using a stack-based approach.

Artificial intelligence: I've some experience with back propagating neural networks, including NN-based image compression and implementation of a neural network engine based on resilient back propagation using the C language.

Web development: I use a lot Ajax and Javascript in my company, Merzia. Also I have designed web interfaces and database systems for high performance web applications.

Databases: SQL, MySQL C API, SQLit, Barkley DB.

Human Languages

I write and read English fluently. I speak in an intermediate way but I'm not very good at understanding fast spoken English.