Curriculum Vitae - Tim Small

Monday 17 March 2008

Revision History
Revision 0.117 Jan 2005ts -
First draft, incomplete
Revision 0.918 Apr 2005ts -
First release of DocBook version
Revision 1.019 Apr 2005ts -
Minor updates, workarounds, etc.
Revision 1.119 Apr 2005ts -
More minor updates, workarounds, etc.
Revision 1.219 May 2005ts -
Change in availability.
Revision 1.220 Dec 2005ts -
Add EADS Astrium, and other experience
Revision 1.31 Mar 2006ts -
Minor edits, availability
Revision 1.42 June 2006ts -
Minor edits
Revision 1.519 July 2006ts -
Minor edits
Revision 1.617 March 2008ts -
Update Availability to point to SEOSS main page

Table of Contents

Name and Address
Getting the Latest version of this CV, and other formats
Computing Experience
Development Platforms and Environments
Programming Languages, Tools, and Methodologies
Document Processing and Publishing
Installation, Development, Administration
Higher Level Protocols and Server Software
Low Level Networking
1992 to 1994
1994 to 1997
Technical Experience
May 2005 to March 2006
May 2003 to December 2004.
August 2000 to December 2002
June 2000 to August 2000
Jan 2000 to May 2000
1993 to December 1999
Interests and Activities
Accreditations and Licenses

Tim Small

Brighton & Hove
East Sussex
United Kingdom
+44 (0)7970 057284
Nationality: British

Notice Period:N/A
Start Date:Please see
Preferred Locations:Commutable from Brighton (United Kingdom) (e.g. London, Sussex, Surrey, East Hampshire)
Other Locations:Other locations considered for short term projects only
Role Sought:Unix/Linux/Development/Embedded/Security/Systems/Networks
Type:Normally Contract Only (will consider permanent positions in Brighton only)

The latest version of this CV, information on current availability, further material, and this CV in alternative document formats - e.g. HTML (web page), PDF (Adobe Acrobat format), RTF (which you can view and edit in Microsoft Word), is available at .

Agencies - please check the web page for current information in the first instance.

My best-fit projects encompass Linux-based development and/or systems design, on business and/or embedded systems. I am particularly suited to hybrid positions.

I have knowledge spanning a wide variety of IT disciplines, as well as familiarity with a variety of engineering and scientific topics. As a result I particularly enjoy projects that can benefit from cross-disciplinary approaches. I adapt rapidly to new environments, and enjoy challenging projects. Whilst Linux is my platform of choice, I am also proficient on Microsoft platforms and other Unices.

I have an in-depth knowledge of Linux distributions (particularly Debian and Redhat), high reliability environments, hosting, computer hardware, operating systems architecture, open source tools, and networking technologies (across all layers).

This wide overview helps greatly with tasks such as application design, performance tuning and security.

My commercial experience includes new startups, a Fortune 500 company, and an Internationally renowned research establishment. I have carried out work in the UK, the US, and continental Europe. My past roles have included team leadership and recruitment responsibilities.

I have successfully carried out projects involving the creation, and support of business-critical infrastructure - from planning, through deployment, to hands-on support and rolling upgrades.

Embedded projects which I have undertaken include control of highly complex industrial systems, and high reliability military communication systems (for which I underwent an MOD security check).

POSIXLinux (user, and kernel space)Embedded systemsSolaris (application)
SQLJavax86 assembly680x0 assemblyBugzilla
BoochGCC / GNU tool chainFlex and BisongdbVisual C++
CVSRational RosePrologMirandadistcc/ccache
Application security, and exploitation techniquesFirewalls (e.g. iptables)
Infrastructure, and risk evaluationsIDS (e.g. Snort)
Security policy definitionReal-time Virus scanning
Incident forensics, and recovery 
SMTP - Sendmail, Postfix, DSPAM, ClamSMTPSMB - Samba
DNS - Bind8, Bind9, NSDSSH - OpenSSH
HTTP - Apache, IIS, SquidSQL - MySQL, PostgreSQL, DB2
Connection tracing + debuggingLoad balancingDifferentiated services (QoS)
ProxyingIP fail-over/take-overFair queueing
Structured cablingWireless (802.11b/g)GSM/GPRS
Managed switchesLong distance 802.11b linksVLANs (802.1q)
RoutersxDSL(Rapid) Spanning Tree Protocol (802.1d, 802.1w)
Ethernet (including gigabit)ISDNPPP
19" rack layout and cablingFlash storage (esp. for Linux systems)Soldering (including some SMT work)
CompactPCI, and PMC/PrPMCElectrical power distributionTest gear and diagnostics
Production-line test softwareCooling and HVACPC remote management hacks
x86 hardware (in depth)Structured cablingRF principles and techniques
Server specification and purchaseDigital electronicsSimple microwave antenna design
Redundancy and reliability (e.g. RAID)Simple analogue electronicsARM, SPARC, and MIPS hardware
Storage Technologies1Wire Bus 

I carried out work for EADS Astrium on the Paradigm Modem project. The Paradigm modem combines a large amount of bespoke hardware and Linux on commercial embedded x86 hardware, and provides the communications end-points (ship-borne, and ground based) for the UK MOD's Skynet 5 secure satellite communications project.

EADS Astrium are a major international manufacturer of spacecraft, current and past project include Astra 2B, Mars Express, Venus Express, Galileo, and Meteosat.

Areas of the Paradigm Modem project with which I have been involved include:

  • Diagnosing hardware memory subsystem problems (including creating a Linux kernel module for the Linux EDAC project, which is tailored to the memory controller of the embedded chipset in question, and feeding back these changes to the Linux kernel maintainers)

  • Creating software for production-time testing of in-house hardware, and liaising with hardware manufacturing subcontractors

  • Creating a device driver for the Intel 21555 non-transparent PCI bridge chip, for communication between multiple Linux systems over a shared PICMG CompactPCI backplane

  • Adapting the Linux PIIX EIDE device driver to the embedded chipset in use by the project

  • Debugging in-house hardware implementation (e.g. PCI IRQ routing), feeding back to hardware designers, and creating workarounds in the Linux kernel where necessary

  • Customisation of PrPMC (processor card) interrupt priorities to provide necessary latencies for real-time tasks

  • Supplying Linux technical support and advice to other developers on the project

  • Stress testing, evaluation, and supplier feedback for COTS hardware

  • Communication with other EADS Astrium software development teams on integration issues with the Paradigm Modem

  • Customising mainstream Linux packages for embedded operation

  • Reliability analysis, and design feedback for memory and solid-state storage subsystems

  • Improving developer infrastructure (e.g. deployment of an in-house wiki, development server reorganisation)

  • Consultancy on the use of 1-wire bus (iButtons) as part of the project

I was originally engaged by Semantico to carry out Perl programming tasks, and worked with them to assist with time-sensitive development projects. I was able to make major improvements to Semantico's infrastructure - particularly in the areas of manageability, security, and reliability. My work culminated in the hand-over of systems support duties to a new permanent system administrator.

Semantico are a Brighton-based company, whose clients include major reference publishing houses, such as Oxford University Press. Semantico provides a complete outsourcing service for subscription-based on-line versions of traditional paper reference works. A product such as the award-winning Oxford Reference Online contains over a hundred paper titles in a single web site. Semantico's products are written in a combination of Perl, and Java. They make extensive use of XML, PostgreSQL, and Debian.

I managed Semantico's migration from Redhat to Debian, and from managed server based hosting solutions to their own colocated rack-space (providing increased value-for-money, reliability, and manageability).

The projects that I have carried out for Semantico include such tasks as:

  • Perl programming (e.g. HTML Mason work, performance tuning and analysis, session locking)

  • Server purchase, setup, testing and deployment

  • Software architecture design

  • Server platform design

  • Extensive server remote management, and monitoring

  • Research and deployment of Linux x86-64 based servers

  • Deployment of Redhat Enterprise Linux AS2.1 on HP Proliant hardware

  • Deployment of IPMI, HP "Lights-Out" and other remote management solutions

  • Deployment of Debian 3.1 (Sarge) on Intel SR2300 hardware

  • Hardware, OS, and application resource usage tracking and trend-analysis

  • Hosting deployment

  • CoLo deployment

  • Incident analysis

  • 3rd line technical support

  • Developer support

  • Supplier and client liaison

  • Infrastructure evaluation and improvement

  • Security

  • Work area acoustic management

  • Electrical infrastructure loading analysis and troubleshooting

  • Infrastructure documentation

  • Firewall, mail system, LDAP, DNS infrastructure overhaul/replacement

Following changes in focus and staffing at NexNix, I was asked to provide analysis, and recommendations for this small Horsham based computer supplier and audiovisual systems specialist.

Important aspects of the project included:

  • Security

  • Identifying solutions appropriate to changing staff skills within the organisation

  • Providing value for money solutions

  • Outsourcing DNS, web and mail services where appropriate

  • Recommending appropriate 3rd party service providers

  • Transition planning

I have recently made use of the Linksys NSLU2 NAS product to create a customised low-power (9watts max) wireless router. This cheap, and capable hardware (£50 for a 266MHz Intel StrongARM, with Ethernet, and USB2 interfaces, 32MiB of RAM, and 8MiB of NAND flash) provides an excellent platform for the OpenEmbedded Linux distribution, which I customised to my own purposes for this deployment.

I have carried out extensive property renovation, which has given me a solid knowledge of subjects such as the IEE Wiring Regulations (16th Edition). This knowledge has been helpful during subsequent large scale systems deployments, from both a reliability, and safety point of view. In my experience, this is a blind spot for the majority of systems planners.

I am interested in wireless networking, and home automation. I helped to set up a local community wireless ISP, and have carried out work on the Linux kernel drivers for the Atmel at76c503a USB 802.11b chip (, work on the ALSA project (Advanced Linux Sound Architecture) USB-audio kernel driver, in conjunction with a USB-audio based SPDIF i/o device. Secure, long range 802.11b links (over a mile) using high gain antennas, and VPN software. I have also debugged IRQ routing within the Linux kernel for the Texas Instruments PCI1031, and related PCI<->PCMCIA bridge chips.

I have also been working on a Java based HVAC (Heating, Ventilation, and Air Conditioning) control system, utilising a network of 1wire bus remote temperature sensors, connected with cat5 cable. Initial control hardware is a PC running Debian Linux.

Based in Brighton, East Sussex, UK, I worked full-time for Digitalbrain PLC, as Head of Internet Systems

Digitalbrain PLC is Britain's leading online educational content, and managed learning environment provider. They also manage public, and private sector educational portals, such as the London Grid for Learning (

Originally employed as sole system administrator, I oversaw the growth of the company's system administration team to a total of 6 (while the company grew from 20, to nearly 100 employees).

Important aspects of the role included:

  • Team management and hiring

  • Operating 24/7 services in a rapidly growing environment

  • Web serving infrastructure, architectural design, and day to day management

  • Developer support (tools, and environment as well as OS related technical support)

  • Security of internal, and external systems - including company-wide security policy and standards

  • Advising, and assisting with product architecture and direction

  • Communicating with, and advising, senior management

  • Communicating with suppliers and customers

  • 3rd line technical support

Notable areas that I worked on included:

  • Managing the release of updated versions of the company's products on live web servers, including testing, live-environment simulation, and change management elements

  • Minimising planned, and unplanned down-time of customer-facing, and internal network services

  • A distributed compilation system for C++ - utilising over 30 CPUs with a perl/ssh system, co-developed by myself and a colleague - use of the system increased developer productivity by slashing compilation times

  • Performance tuning, and testing of a C++ based in-house Apache module

  • Quicktime media support for an in-house Apache module (size interrogation for layout purposes)

  • Porting C++ Apache module, and development environment from FreeBSD to Linux

  • Web server configuration tool in Perl, for developer, and production web sites

  • Refactoring and extending Perl-based developer tools (in-house "make" replacement etc.)

  • Monitoring, and reporting of, faults, utilising 'mon', with altering via email and GSM/SMS. With an emphasis on redundancy, I wrote extensions to 'mon' in Perl, e.g. to interface Nokia mobile phones directly to the monitoring servers to provide a reliable two-way SMS alerting and acknowledgement

  • Evaluation and deployment of hardware for mobile emergency on-call administration

  • NOC status display, based on a PC with multiple video cards and large monitors

  • SNMP based performance monitoring for web servers, with logging and graphing

  • Load balanced pair of redundant Linux web server directors, using IPVS (IP takeover), and LVS (TCP level load balancing)

  • Secure, load balanced DNS deployment, utilising Bind

  • Developing low cost, high density storage servers, utilising IDE RAID (3ware cards)

  • Developing low cost RS232 based management system, involving serial consoles, serial BIOSes and custom hardware to support hardware reset via RS232 (relay driven by DTR signal) and RS232 over RJ45-based structured cabling - for ease of maintenance and deployment

  • Purchasing and deploying high density web server array (30x Rackable Systems dual Xeon, "half-U" systems)

  • Deploying remote office Linux servers (VPN, Squid Transparent Proxying, SAMBA, LDAP, with remote management and backup)

  • Migrating developer workstations to Linux on the desktop, utilising OpenOffice, Mozilla and rdesktop to provide remote access to a Windows 2000 Terminal Server

  • Deploying account management via OpenLDAP, NSS-LDAP/PAM-LDAP, Samba-LDAP to manage Windows and Linux computer accounts + user information in one central database

  • Migrating mail servers from FreeBSD/Sendmail/pop3d to Linux/Postfix+SASL+SSL/Courier POP3+SSL,IMAP4+SSL for improved maintainability and security

  • Managing an internal x509 Certificate Authority, and associated SSL certificates for secure mail and web access

  • Acquiring, and managing, certificates issued by commercial Certification Authorities (e.g. Verisign etc.)

  • Running, and updating, company DNS zones (for multiple domains, including customer domains) and DNS serving infrastructure (including load balancing)

  • Utilising journalling filesystems (ReiserFS, ext3) for increased reliability

  • Investigating, testing and utilising various kernel patches (e.g. ATA133 48bit large disk support, VLANs, reverse mapping VM, ACLs)

  • The creation of a system for automatic application-level file replication, implemented in C++ and perl

  • Deploying a secured NFS network using VLANs for high performance, with minimum network infrastructure cost and impact

(European Organisation for Particle Physics Research)

Near Geneva, French/Swiss border

1 month contract (extended for a further 2.5 weeks)

Short contract to implement a system for automated roll-out of large numbers of Linux systems on differing hardware. The project involved storage of machine information, and discovery of this information. Project implemented using PHP4, Apache, Kerberos, ODBC (unixODBC), PostgreSQL, SMTP, DHCP/TFTP and shell scripting. Principle OS - Redhat Linux.

Horsham, West Sussex, UK & Santa Clara (Silicon Valley), California, US

Approximately 3.5 years (1.5 contract, 2 Permanent).

Applied Materials is the world's largest manufacturer of Silicon Wafer fabrication equipment, and is a Fortune 500 company. It employs around 250 people at its Horsham site, and around 13,000 worldwide.

I carried out several roles at Applied Materials, including periods as a system administrator on SunOS, and Solaris (with an emphasis on security, and problem solving using open source software).

Tasks included the design of a preprint image processing system, and enhancing Unix to PC connectivity (including specifying and installing Samba, and Winframe).

Following graduation, I spent six months at the corporate headquarters in Silicon Valley. The majority of this time was spent writing configuration utilities for a SunOS based machine control system, using Perl and Tk. Other work included setting up from scratch, and administering a web server using Linux and Apache on Sparc hardware.

After my return to the UK in August 1998, I worked with a team of around 15 software engineers, developing control software for a new silicon wafer ion implantation machine, based on Windows NT 4.0. My responsibilities included:

  • GUI design and implementation (using VC++)

  • Troubleshooting

  • Specification

  • Planning

  • Benchmarking

  • Configuration

  • Research of PC hardware, NT

  • Troubleshooting networking issues

  • Supplier liaison

  • Installation, and administration of departmental Linux, and NT4 servers running:

  • CGI based developer tools, which I developed from scratch, using Perl, DBI, SQL

  • IP networking support and troubleshooting (including routing, DNS)

  • News

  • Web

  • Samba file sharing

  • Bind DNS(sub-domain management)

  • Mail (SMTP/POP3/IMAP) services

  • Virtual private network + firewall

In January 1999, I detected an unsuccessful intrusion attempt on the departmental Linux server, and submitted a detailed incident report to the company's security personnel.

The attack had been carried out by a newly appointed in-house security officer at the company's US HQ. With the exception of network administrators at the company's headquarters, I was the only person to report his security probes (at that time Applied Materials employed in excess of 30,000 people worldwide). Following the report he invited me to join the company's "Global Security Task Force" the task force's responsibilities included setting company standards for computer security, and risk assessment (including acting on new security exploits, as they came into the public domain).

TravelHiFiRenewable EnergyCycling
Free softwareProperty developmentSnowboardingFlying
Clean UK Driving LicenseStudent Pilot License 

References available on request.