Managing Director, Lucina & Associates
znegva@yhpvan.arg
Github: @mato
Twitter: @matolucina
Mastodon: @mato@mastodon.1984.cz
LinkedIn profile: www.linkedin.com/in/mlucina
Computers are tools meant to work for their users and get out of the way. Give users freedom and control and automate everything else.
Collaboration on Open Source, platforms, APIs and protocols where possible is preferable to building walled gardens and closed systems.
Simplicity and elegance — Everything should be made as simple as possible, but no simpler.
NetHSM is an Open Source Hardware Security Module produced by Nitrokey. A MirageOS unikernel implements the HSM APIs and business logic, leveraging OCaml to ensure type-safety and correctness. The hardware runs Muen, an x86/64 Separation Kernel for High Assurance.
Together with the team at Robur and Nitrokey, I was responsible for system design, development and integration of all the lower level components of the software stack (coreboot, Solo5, u-root Linux-based subjects), integration with the Muen Separation Kernel, hardware bring-up and platform support.
Solo5 is a re-targetable, sandboxed, execution environment, suitable for running applications built using various unikernels (a.k.a. library operating systems), targetting different sandboxing technologies on diverse operating systems and hypervisors.
I was a core developer and maintainer of the Solo5 project from 2016 until 2021.
MirageOS is a library operating system that constructs unikernels for secure, high-performance network applications across a variety of cloud computing and mobile platforms. MirageOS is developed in the OCaml programming language, a statically typed and memory-safe language well suited to developing secure and robust software.
My work on MirageOS centred primarily on the low-level base layers, supporting a freestanding OCaml runtime and platform support for MirageOS to run on KVM, FreeBSD/bhyve and other targets (via Solo5).
Rump Kernels provide free, portable, componentized, kernel quality drivers such as file systems, POSIX system call handlers, PCI device drivers, a SCSI protocol stack, virtio and a TCP/IP stack. The fundamental enabling technology is the anykernel architecture of NetBSD, which enables the use of unmodified NetBSD kernel drivers.
My work with Rump Kernels centred primarily on the rumprun unikernel and its application for running unmodified POSIX applications as unikernels atop various cloud hypervisors.
As co-maintainer and one of the original developers of ZeroMQ, participated in directing project development and primarily worked on:
Worked with the wider Open Source developer community on establishing common processes for project contributions, project version control with Git and high level abstractions for programming language bindings.
As a member of the core iMatix Corporation team which developed the AMQP standard for message-oriented middleware and OpenAMQ, its first implementation, was responsible primarily for:
As a member of the core iMatix team which developed AMQP and OpenAMQ, was responsible primarily for:
Apart from bug reports, various smaller contributions over the years include:
Working with a Slovak client in the education sector to modernise their legacy IT infrastructure and core business software systems.
See my FOSDEM 2024 talk for details.
For a Slovak client, developed a custom application for mastering disks using the UDF filesystem. Using Rump Kernel components enabled the re-use of unmodified production quality NetBSD code and development of the project in record time, including integration with a GUI developed in Qt and C++.
As Lead Software Engineer at Boltian, researched, designed and implemented a unique child protection and network security product. Developed a custom portable firmware for embedded wireless routers (Linux/OpenWRT and other OEM) with a back-end HTTP API implemented in C, using the Symas LMDB database for on-board storage. Front-end UI was developed as a modern HTML5 “single page application” using Knockout.js.
Consulting for Hewlett-Packard Korea, advised a major South Korean financial institution on developing a custom low-latency middleware product. Worked directly with the customer's engineering team to define performance test scenarios and train the team in understanding performance measurement of low-latency systems.
Consulting for VMware Inc., developed a proof of concept implementation of the Scalability Protocol for the Linux kernel. SP is an evolution of the concepts behind ØMQ, with the goal of eventual IETF standardisation of a wire protocol for globally scalable distributed messaging.
Working with a Slovak auditor and accounting practice, developed an online application to catalogue and track paper files. While technically a simple “CRUD” application built with Ruby on Rails, the most interesting part of the work was designing the UX experience to make it as painless as possible for the client's day to day use while at the same time enforcing business processes.
On the business side of the OpenAMQ project at iMatix Corporation, took on the role of Product Manager. Responsible for the migration of an existing application at JPMorganChase bank from legacy middleware onto OpenAMQ. Worked closely with the client to successfully migrate their global deployment onto the new middleware.
Developed a custom middleware product for iMatix Corporation. The product connected GSM network operators with SMS applications, providing full message queueing and routing for SMS messages with support for multiple protocols (UCP, XMPP and custom SOAP), routing of multiple short codes, and billing. Implementation was in a mix of C and Perl, using Libero state machines to define program logic.
Worked with iMatix Corporation on an industrial automation project for CBR Belgium. Developed a custom embedded Linux distribution based on the Debian “boot floppies”, integrated the full software and hardware stack. Designed and implemented a redundant fault-tolerant architecture allowing for hot-swap of components; the embedded kiosks would boot from the network and the boot server was simply a Live CD.
Worked for Catalyst IT, a leading Open Source company in New Zealand, as lead developer on the PropertyStuff project, a nationwide real estate classifieds website which we built with HTML::Mason and Perl.
Worked for EDS (New Zealand). Developed a custom backup application for the NCR MP-RAS platform, written in C and Perl. Involved in developing, deploying, maintaining and mentoring users of an internal multi-platform software toolset, based on GNU and other free software and using RPM as a package manager.
Lift and shift: Modernising a legacy LAMP application with systemd-nspawn, FOSDEM, February 2024. (slides and recording)
Solo5: A sandboxed, re-targetable execution environment for unikernels, FOSDEM, February 2019. (slides and recording)
Unikernels as Processes, with Dan Williams et al. SoCC '18 Proceedings of the ACM Symposium on Cloud Computing, October 2018. (paper)
Deploying real-world software today as unikernels on Xen with rumprun. Xen Project Developer Summit, August 2015. (slides, recording)
Rumprun for Rump Kernels: Instant unikernels for POSIX applications. New Directions in Operating Systems, November 2014. (slides)
ZeroMQ "chalk talk" for general developer audience. Presented at Weta Digital, March 2012. (slides)
Towards messaging on an Internet scale, with Martin Sústrik. Self-published, March 2010. (paper)
ØMQ: A new approach to messaging, with Martin Sústrik. LWN.net, January 2010. (article)
Victoria University of Wellington, New Zealand. 1998 — 2000, attended courses towards a double degree, BSc (Computer Science) and BA (Philosophy). Left at third year level for full-time professional work.
Photography, The Arts, Typography, Hiking.
Yachting:
RYA Yachtmaster Offshore holder as of 2022. Recent voyages — ask me for a full list: