Michael Graff's Resume

explorer @ flame.org

Education Graduated from Iowa State University with a BS in Computer Engineering.

Internet Software Consortium - Jun 2002 to present
At ISC, I've filled many roles.
  • From hire until about 2004, I worked on the OARC project (which was spun off from ISC), and various other items such as a bid for ISC to run .org.
  • From 2004 to Jun 2010, I worked on BIND 9, BIND 10, and on other various small projects. This work involved a lot of analysis of the internals of BIND 9, graphing and analysis of various behaviors, and proposing solutions.
  • From Jun 2010 to Mar 2012, I was the BIND 9 Engineering Manager. During this time I improved internal communication between the BIND 9 Engineering Team and other ISC groups. I also worked to improve customer opinions of ISC and specifically BIND 9, worked to set up Statement of Work and development processes, and closed a feedback loop between what engineers produce and what customers expected. I also converted the BIND 9 Team to an Agile methodology (Scrum) and worked to improve BIND 9 testing methodology in the process.

Nominum, Inc (Principal Software Architect) - Jan 1999 to Jun 2002
Many design and coding tasks, include working on BIND 9, design and implementation of the web front-end and system back-end for secondary.com and gns.nominum.com.

Duties included design and implementation of user-visible and back-end processing for a large scale distributed DNS system, including zone transfer, zone upload, primary editing capability, and error and other state reporting. Also, using open source and proprietary technology to quickly implement a functional, reliable, and secure system.

Software used included PostgreSQL, Perl, PHP, Apache, NetBSD, and proprietary software by Nominum.

Vixie Enterprises (Software Engineer) - March 1998 to 1999
Network security using Kerberos, SSH, and other tools. Device driver programming for DS3, HSSI, and T1 interface cards for NetBSD, FreeBSD, BSDI, and linux. Worked on a NetBSD based transparent web cache project. Worked on BIND 4 and BIND 8, and in the development group for BIND 9.

Cygnus Solutions (Software Engineer) - May 1996 to March 1998
Mainly Kerberos 5 development with a bit of other development. This includes Kerberos 5 internal library functionality as well as integration into applications. (Kerberos is a trusted third party network authentication system first implemented at MIT.) Other duties included working on the Cygnus embedded OS project.

Ames Laboratory - May 1995 to May 1996

Obtained a grant from DOE for research in public key technology. The project is completely self-run, with weekly updates to superiors.

Assistant System Administrator
Duties included installing hardware and software for a variety of machine types, from personal computers to supercomputers. Also, network configuration and maintenance. Responsible for selecting products for potential purchase and dealing with sales and technical contacts.

Systems Programmer -- Iowa State University Computation Center - October 1991 to May 1995
Student Systems Programmer. Duties ranged from designing and writing programs users would run to purely internal scripts and utilities. Included systems administration work as well as program development.

Other Employment
Other employment in the computer field while in school include user consulting (at Iowa State University) and training on accounting and business systems.

And Papers
  • Developer for NetBSD for many, many years, and used NetBSD for several years before that. NetBSD is a free operating system based on UC Berkeley's Net/2 and 4.4BSD/lite releases and other sources.
  • Implemented loadable device modules for filesystems under NetBSD.
  • Have direct CVS access to the official NetBSD sources. Can modify repository sources directly and contact the other developers easily.
  • Understanding of the networking layers within NetBSD and of the kernel itself, including device drivers and kernel auto-configuration.

Network Programming

  • Implemented a stripped-down TCP and UDP layer for an embedded system. This system was used for encrypted ethernet bridging over insecure network segments.


  • The world-wide announced project to factor a large cryptographically secure number, called RSA-129. Role was of managing 1200 individuals and computers for nine months. All work was done over the internet.
  • A paper presented to Asiacrypt '94. This paper details the procedure used in factoring RSA-129.

Public PGP Key Servers

  • Author of the first generation of PGP Key Servers. At its peak, in use at over 50 sites around the world and in over 10 countries, including at Verisign. Previously, coordinator of the PGP Network, the collection of PGP Key Servers.

Abilities Fast learner who works well with others and can function independently.

Other abilities include:

  • An avid follower of Agile methodologies.
  • A Ruby on Rails developer
  • Well known languages include C, Ruby, Perl, and various shells (sh, csh) under Unix. Can read and understand Fortran and most other programming languages, including other scripting languages such as VMS command files.
  • General programming within a Unix environment: process control, interprocess communication, memory management, networking, etc.
  • Experience with the many issues in a distributed Unix environment, specifically with Project Vincent: Kerberos, Hesiod, Zephyr, Moira, etc.
  • System administration for VMS, MS-DOS, and Unix systems: OSF/Alpha, Ultrix/RISC, NetBSD/i386, NetBSD/alpha, NetBSD/arm32, SGI, N-Cube, Paragon, MasPar, others.
  • Some embedded work, including design of embedded systems based around various chips and programming for embedded systems, and a light-weight TCP/IP stack for use in embedded systems.
  • Network programming using the TCP/IP protocol suite on Unix platforms, and to a lesser degree win32.
  • Network management including routing, name service, mail, and printer services.
  • Use of cryptography and other security methods for privacy and security.
  • Graphics programming under X-Windows (including Motif), ray tracing, and OpenGL programming.
  • Writing documents for the World Wide Web, and configuring and maintaining a WWW server. Also, scripts and supporting tools.
  • Parallel processing using Unix workstations with custom protocols, as well as some basic C-Linda and PVM3 programming.