Juha‑Matti Tilli — Job experience
- Software development: 10 experiences
- Git: 8 experiences
- Linux: 8 experiences
- Parallel programming: 8 experiences
- C: 7 experiences
- HTTP: 7 experiences
- TCP/IP: 6 experiences
- High performance: 5 experiences
- JSON: 5 experiences
- Linux kernel: 5 experiences
- Wireshark: 5 experiences
- Firewalls: 4 experiences
- LaTeX: 4 experiences
- NAT: 4 experiences
- Network security: 4 experiences
- Server hardware: 4 experiences
- Software quality assurance: 4 experiences
- TLS/SSL: 4 experiences
- ARM: 3 experiences
- Cryptography: 3 experiences
- Distributed systems: 3 experiences
- Embedded systems: 3 experiences
- High availability: 3 experiences
- High performance packet processing: 3 experiences
- IPv6: 3 experiences
- Java: 3 experiences
- JavaScript: 3 experiences
- pthreads: 3 experiences
- Python: 3 experiences
- Scapy: 3 experiences
- Amazon AWS: 2 experiences
- Apache: 2 experiences
- Cellular communications: 2 experiences
- Characterization: 2 experiences
- C++: 2 experiences
- CVS: 2 experiences
- Differential evolution: 2 experiences
- DNS: 2 experiences
- Doxygen: 2 experiences
- DPDK: 2 experiences
- Deep packet inspection: 2 experiences
- Genetic algorithms: 2 experiences
- GeoJSON: 2 experiences
- HRXRD: 2 experiences
- I2C: 2 experiences
- iptables: 2 experiences
- JFreeChart: 2 experiences
- jQuery: 2 experiences
- KVM: 2 experiences
- Matlab: 2 experiences
- MOVPE: 2 experiences
- netmap: 2 experiences
- NodeJS: 2 experiences
- Octave: 2 experiences
- Parsing: 2 experiences
- PostgreSQL: 2 experiences
- Protocol buffers: 2 experiences
- Secure coding: 2 experiences
- SQL: 2 experiences
- Swing: 2 experiences
- Thin films: 2 experiences
- XML: 2 experiences
- XRR: 2 experiences
- 5G: 1 experiences
- ALD: 1 experiences
- Amazon S3: 1 experiences
- bash: 1 experiences
- BIND: 1 experiences
- Bugzilla: 1 experiences
- Containers: 1 experiences
- DFA/NFA: 1 experiences
- Eclipse: 1 experiences
- ElasticSearch: 1 experiences
- Electronics hardware design: 1 experiences
- Evasions: 1 experiences
- FreeBSD: 1 experiences
- FreeMarker: 1 experiences
- Gerrit: 1 experiences
- GNSS: 1 experiences
- Google Maps: 1 experiences
- GRE: 1 experiences
- GTP: 1 experiences
- HTML: 1 experiences
- HTTP/2: 1 experiences
- IPSec: 1 experiences
- JDBC: 1 experiences
- jUnit: 1 experiences
- libcurl: 1 experiences
- Lithium-ion batteries: 1 experiences
- Little kernel: 1 experiences
- Lucene: 1 experiences
- MIPS: 1 experiences
- MySQL: 1 experiences
- NAND flash: 1 experiences
- NFS: 1 experiences
- nginx: 1 experiences
- NTP: 1 experiences
- OpenDataPlane: 1 experiences
- OSPF: 1 experiences
- Photoreflectance: 1 experiences
- RCS: 1 experiences
- regexp: 1 experiences
- Scrum: 1 experiences
- Spectroscopic ellipsometry: 1 experiences
- SMB: 1 experiences
- Subversion: 1 experiences
- Tomcat: 1 experiences
- U-Boot: 1 experiences
- Unix: 1 experiences
- VPN: 1 experiences
- Web 2.0: 1 experiences
- ZFS: 1 experiences
Winter 2023/4 - (current): Senior Software Developer at Goodmill Systems: 2.5+ years
I developed software used in reliable routers with multiple redundant uplinks, used for critical network connectivity in vehicles, mostly in public sector, defense and law enforcement use cases, and locations like pharmacies where always-on connectivity is needed. I was the sole author of Goodmill Traffic Duplication (GTD-4) tunnel, which duplicates downlink and uplink traffic to as many as 4 (or whatever the C code #defines) links, always picking the first copy of arrived packet, with duplicates removed, with secure quantum safe cryptographic registration and also optional user plane packet encryption, with cryptographical details far stronger than in most IPsec deployments for example. GTD-4 client performs surprisingly well in user space, even in low powered ARM processors, and GTD-4 server performance is usually bounded by the willingness to pay high-bandwidth Internet connection costs. This unique feature cannot be matched by competitors, and gives lowest latency and highest bandwidth of the multiple links to the user, with enhanced availability and no switchover latency. The implementation is extremely portable, and I trust it can be compiled still 20 years from now with practically no changes. Later I added link bonding in a way that actually works with a single TCP connection, and it performed extremely well too, actually obtaining the bandwidth sum of the individual sub-links as the bandwidth. I also designed the implementation idea of a battery powered briefcase router, used in temporary locations, with power from AC, 12V DC, solar panel or built-in lithium battery. I also worked with GPS/GNSS-based PPS NTP clock synchronization, QoS features with Linux tc command and iptables based firewalling. The IPv6 support of Goodmill products is almost entirely written by me. Thanks to this job, I have extensive knowledge about NAND flash, UBI and u-boot of Linux kernel in embedded environments.
Keywords: ARM, C, Cellular communications, Containers, Cryptography, DNS, Elasticsearch, Electronics hardware design, Embedded systems, Firewalls, GeoJSON, Git, GNSS, GRE, High availability, HTTP, I2C, IPsec, iptables, IPv6, JavaScript, JSON, KVM, Linux, Linux kernel, Lithium ion batteries, NAND Flash, NAT, Network security, NodeJS, NTP, OSPF, Parallel programming, Python, Secure coding, Server hardware, Software development, Software quality assurance, TCP/IP, TLS/SSL, U-boot, VPN, Wireshark
Spring 2023-Winter 2023/4: Software Developer at F-Secure: <1 year
I developed F-Secure's consumer network security routers. Initially I joined F-Secure since the idea of network security interested me, but it gradually turned out that what was advertised as protection for devices that lack software-based endpoint protection (F-Secure SENSE), like smart TVs, actually was content control where parents set rules for different devices, and the router blocks certain content based on DNS names, even if TLS is being used. I feel this is a double-edged sword. On one hand, there probably are families with children of different ages, where such content rules could be applied to the very youngest of them (since prohibiting Internet access may not be doable if the oldest children have Internet access and the youngest start demanding Internet access too), but I feel it is probably misused in many cases, with parents setting very strict rules for anyone who is less than 18 years of age. I did my job, and could have done far more if the product management had given go-ahead for QUIC support for example (which would have been trivial for me to implement), but wasn't particularly happy in my job, since what I thought was consumer network security was actually content control.
Keywords: ARM, C, C++, Embedded systems, Firewalls, Git, HTTP, iptables, JSON, libcurl, Linux, Linux kernel, MIPS, NAT, Network security, Parallel programming, Software development, TCP/IP, TLS/SSL, Wireshark
Winter 2018/9-Spring 2023: Software Developer at Foreca: 4.5 years
I developed weather service software. Some of my innovative ideas and implementations include for example a custom C++ database (a custom on-disk format) for weather model verification, which far outperformed and outclassed in usefulness an existing Hadoop/Java based monstrosity that was so overloaded deleting old data couldn't have worked, a bytecode based GeoJSON generator for identifying areas of interesting weather based on Boolean expressions, a raster weather data map service with very fast interpolation based visually appealing zooming to arbitrary zoom levels, that allows palettes written in a custom expression language automatically compiled to x86-64 machine code, and correct GeoJSON isobands generation with marching squares that an existing senior developer thought could be implemented by modifying an old ad-hoc algorithm instead of developing marching squares from the scratch, but which he couldn't make work in a way that passed GeoJSON verification whereas my implementation worked after few minor bugfixes. Weather service operation requires moving and processing lots of data fast, and my experience from Nokia writing fast packet processing software proved very valuable.
Keywords: Amazon AWS, Apache, bash, C, C++, CVS, GeoJSON, Git, JavaScript, jQuery, JSON, High availability, High performance, HTTP, Linux, Linux kernel, NFS, nginx, MySQL, NodeJS, Parallel programming, Parsing, PostgreSQL, Protocol buffers, Python, RCS, Server hardware, Software development, SQL, XML
Spring 2018-Winter 2019/20: Doctoral Student at Aalto University: part-time, ≈1 year full-time equivalent
I developed network security tools such as pptk, nmsynproxy, ldpairwall, cghcpcli and yale. I also advised in the MSc thesis of Maria Riaz and developed build tools (stirmake and its bytecode engine abce). My licentiate thesis is about AL-NAT, a unique form of NAT traversal technology that ldpairwall offers, which detects the accessed endpoint device from TCP data stream, extracting the DNS name (plaintext HTTP, TLS). Later I found F-Secure SENSE used the same technology in the other direction, to block HTTP/TLS access to certain DNS names. YaLe is unmatched as a network protocol parser generator by anything open source, far exceeding the performance and correctness of Binpac for example. Stirmake is like make, except it works for projects that consist of multiple directories. If you feel make works for multi-directory projects, you haven't read "Recursive Make Considered Harmful" by Peter Miller. If you think you can make a non-recursive modular build system with make easily, you haven't tried Stirmake or else your build system is very trivial and suffers from many hazardous design choices. The packet processing toolkit pptk contains open-source implementations for some of the inventive user space packet processing ideas I invented at Nokia and got publication permission from them. All of the code I implemented at Aalto University is MIT licensed. With nmsynproxy as a component, I and Jesus Llorente won 25 000 EUR from SoftFIRE security stream in 2018. I also discovered SegmentSmack and FragmentSmack vulnerabilities in Windows and Linux, and was awarded 15000 USD by Microsoft for responsible disclosure.
Ultimately I decided to focus on a career in the private sector due to better salary than in a university, and semi-permanently halt my studies at the Licentiate level. Later my professor was unfortunately murdered, so I no longer have a supervising professor.
Keywords: C, Deep packet inspection, DFA/NFA, DPDK, Firewalls, Git, High performance, High performance packet processing, HTTP, IPv6, LaTeX, Linux, NAT, netmap, Network security, Parallel programming, parsing, pthreads, Python, regexp, Scapy, Software development, Software quality assurance, TCP/IP, TLS/SSL, Wireshark
Winter 2014/5-Winter 2018/9: Research specialist / SW developer at Nokia Bell Labs: 3.5 years
I worked on a research project involving mobile network emulation on Linux computers. Four patent applications, but two patent applications were abandoned, possibly since they were meant for standards, and the 5G standards didn't end up incorporating them. I also authored a huge number of non-patented inventions, for many of which I got publication permissions. The inventions include new ways of allocating memory and passing packets in producer-consumer and producer-worker-consumer architectures, a new patented packet processing architecture using a producer-worker-consumer approach with user and control plane, and optimization of link associations with simulated annealing, using a unique optimization I invented that improves the performance about thousandfold, making the single-threaded simulated annealing exceed in performance genetic/evolutionary algorithms for example. The 5G core network user plane of the project where I worked was nearly entirely written by me until the point I left, and the non-core network was written by others following my inventions and code structure, until I took responsibility of some of that code as well. Ultimately I left for Foreca, since I was somewhat unsatisfied by the non-willingness of Nokia to let me work part-time at Aalto University advancing my licentiate/doctoral studies, and was told by my manager that a pay raise for me was in planning but could have been announced only a bit later when the final decision would have been made. However, what probably wasn't in planning would be permission for a continued part-time job at Aalto University, so I'm still happy about the decision to leave to Foreca, since they didn't find my licentiate/doctoral studies so alarming.
Keywords: 5G, C, Cellular communications, Cryptography, Doxygen, DPDK, Git, GTP, High performance, High performance packet processing, HTTP, HTTP/2, IPv6, JSON, KVM, LaTeX, Linux, netmap, OpenDataPlane, Parallel programming, Protocol Buffers, pthreads, Scapy, Server hardware, Software development, Software quality assurance, Subversion, TCP/IP, TLS/SSL, Wireshark
Fall 2014: System software engineer at NVIDIA Helsinki: 4 months
I wrote Linux kernel space drivers and an embedded Little Kernel based power management firmware for NVIDIA's Tegra mobile SoCs. I found in the few months at NVIDIA that I'm a userspace guy, not a kernel guy. While I can write kernel code (whether it's the Linux kernel or some other embedded kernel like the Little Kernel), the very restricted environment makes software development somewhat dull, since what you can do based on the stack depth for example makes many approaches infeasible. I found some design choices at NVIDIA bad, without expressing my concerns against my employer, and later a student project done at NVIDIA I found showed they suffered from the design choices they made, which they wouldn't have suffered if their approach would have been similar to other SoC vendors, like Qualcomm for example. My future successful career at Nokia, Aalto University and Goodmill Systems was about user space packet processing.
Keywords: ARM, C, Distributed systems, Embedded systems, Gerrit, Git, High performance, I2C, Linux, Linux kernel, Little kernel, Parallel programming, Software development
Summers 2013, 2014: Research assistant at Aalto University: 5 months
I researched methods to measure quaternary semiconductor composition and strain state using an X-ray diffractometer. My final method works extremely well, and can determine the composition of a quaternary layer with two free variables solely using an X-ray diffractometer. This is something that could have been patented if the patent application was filed before I published my MSc thesis. The MSc thesis naturally has the best grade 5/5. In the few months, I wrote so much material about X-ray data analysis that it could have been a good basis for a PhD thesis, but I finally realized that I want to pursue some other career than X-ray data analysis, because there are probably only a handful of X-ray diffractometers in Finland.
Keywords: Characterization, Differential evolution, Genetic algorithms, HRXRD, Java, JFreeChart, LaTeX, Matlab, MOVPE, Octave, Photoreflectance, Software development, Swing, Thin films, XRR
Fall 2010-Fall 2012: Software specialist at Stonesoft: 2 years
I developed the Stonesoft Firewall and its deep packet inspection technology. I was a proponent of secure programming practices, and heavily developed testing of deep packet inspection, creating a Python based test system that others subsequently used to implement and test support for new protocols. The protocol-independent file deep inspection feature was nearly entirely written by me, as was the anomaly detection for deep packet inspection to be able to detect some of the advanced evasion techniques that Stonesoft had discovered.
Keywords: Bugzilla, C, Deep packet inspection, Distributed systems, Doxygen, Evasions, Firewalls, Git, High Availability, High performance, High performance packet processing, HTTP, Linux, Linux kernel, NAT, Network security, parallel programming, pthreads, Scapy, Scrum, Secure coding, SMB, Software development, Software quality assurance, TCP/IP, Wireshark
Winter 2008-Fall 2010: Software Developer at Equal Dreams: 3 years, ≈1.5 years full-time equivalent
I developed a new online music marketplace and I expanded the service to include a music catalog similar in size to the largest online music shops. I was known as a developer who diagnosed and fixed bugs very quickly. Later I left the startup company, since I estimated that it won't succeed. Unfortunately, due to competition from streaming-based payment model implemented by Spotify for example, it didn't succeed.
Keywords: Amazon AWS, Amazon S3, Apache, BIND, Cryptography, CVS, Distributed systems, DNS, Eclipse, FreeBSD, FreeMarker, Git, Google Maps, HTML, HTTP, Java, JavaScript, JDBC, jQuery, JSON, JUnit, Linux, Lucene, Parallel programming, PostgreSQL, Server hardware, Software development, SQL, TCP/IP, Tomcat, Unix, Web 2.0, XML, ZFS
Summers 2006, 2007: Research Assistant at Aalto University: 7 months
In 2006 I implemented software for X-ray reflectivity analysis of thin film structures. This was my first job, and my existing software development experience helped me implement the software with user interface better than in commercial variants under the direction of Jouni Tiilikainen doing his doctoral studies. I immediately realized that I have the capability to do my own doctoral studies, and decided this is the career I will focus on, later changing my decision.
In 2007 I implemented software for X-ray diffraction analysis of semiconductor heterostructures and wrote a BSc thesis about that. In my opinion, this was an extremely capable achievement, since I wasn't given any instructions about how X-ray diffraction curves are calculated, so I had to learn the theory without any background studies from the scratch, reading scientific papers in a foreign field. I think I got the details right, and everything is in my BSc thesis, apart from the derivation of Takagi-Taupin equations from Maxwell equations. My software still had a user interface better than commercial variants, extending it to X-ray diffraction from X-ray reflectivity, and gives accurate results, this time with pure Java based implementation which was more performing than the old Matlab approach of Jouni Tiilikainen. Ultimately I realized that this field is probably not the ideal choice for a career, and decided to focus on a career in the private sector.
Keywords: ALD, Characterization, Differential evolution, Genetic algorithms, HRXRD, Java, JFreeChart, LaTeX, Matlab, MOVPE, Octave, Software development, Spectroscopic ellipsometry, Swing, Thin fims, XRR