Fridolín Pokorný

A silicon fingerprint page.

💡 About Me

Life is about priorities.


🌳 Nature lover.
📚 Good books lover.
🚴 Road cycling.
CV (PDF version)
🔑 PGP

👔 CEO @ ComplyHub.dev / PerfSec.AI
📝 Contractor
🐾 ex-Datadog
🎩 ex-Red Hat
🦠 ex-AVG

impact

📃 Articles & Publications

Some of the articles are co-authored. Follow the links for more information.

🏗️ Projects

Some open-source projects I worked on; visit my GitHub profile for full listing:

  • RetDec - created a module which was responsible for de-optimizing code (removing instruction idioms and optimized function calls) produced by various compilers (GCC, compilers by Microsoft/Intel, LLVM, …) on different architectures (ARM, MIPS, x86)
  • Gofed - helped with tooling that automated packaging Golang projects into Fedora
  • CodeReady Analytics - backend developer for analytics platform used in OpenShift.io (later renamed to OpenShift Sandbox)
  • Selinon - main developer and maintainer, advanced task flow management on top of Celery (distributed task queue)
  • Linux kernel TLS/DTLS - main developer, later cooperated with Facebook engineers; TLS part of the module made it to the vanilla Linux kernel
  • Thoth - one of the main developers, the recommendation engine for Python applications and application stacks which uses reinforcement learning to recommend the best possible application dependencies based on pre-aggregated knowledge
  • Dependency Monkey - one of the main developers, part of project Thoth - a service that is able to evaluate different combinations of Python packages based on resolution in the target environment
  • Amun - one of the main developers, a service that can test and benchmark Python application dependencies and applications in different runtime environments
  • micropipenv - main author, a tool that can install Python applications into containerized environments, the tool helped to reduce installation time of Python packages in containerized environments (Fedora, CentOS, and RHEL Source-To-Image base container images)
  • pipctl - main author, a tool that can use vulnerabilities published by osv.dev and resolve application dependencies respecting vulnerabilities
  • yorkshire - main author, a tool that can check various Python requirements files and warn about possible dependency confusion
  • pip-preserve - main author, a tool that can reconstruct a requirements file from Python environments following PEP-610 and PEP-710

Some closed-source projects I worked on:

  • SBOM Hub - one of the main developers; Datadog’s platform for aggregating SBOM from build systems or from runtime analyses
  • Asclepius - main author; a project at Datadog that used Kubernetes’ admission controller to restrict what software can be deployed to clusters (based on SBOM submitted from a build system), this project was not productized due to the admission controller latency
  • Windows Code Signing - one of the main developers and led internal meetings; a project at Datadog that used AWS KMS to sign Windows artifacts
  • Mastiff - main author; a tool at Datadog that statically analyses source code and warns about possible security issues in Python sources

💬 Talks

Hacktoberfest 2023 x Monstarlab Prague: Desperate times call for desperate measures: Will open source survive?

  • Date: October 19th, 2023
  • Location: Prague, Czech republic

DevConf.CZ: Securing Python projects Supply Chain

Hacktoberfest 2022 x Monstarlab Prague: State of open source security

  • Date: October 25th, 2022
  • Location: Prague, Czech republic

Podcast.__init__: Intelligent Dependency Resolution For Optimal Compatibility And Security With Project Thoth

DevConf.CZ Mini 2022: Thoth’s open database for Python developers

Red Hat Summit 2022: Discover project Thoth

Red Hat Summit 2022: Securing Python applications with Thoth recommendations

Red Hat Czech Talks: Discover project Thoth

(Late) Hacktoberfest 2021 x Monstarlab Prague: Full-time Open Source

DevNation: Resolving problems in Python dependencies

DevConf.US: Thoth: healing Python applications

Red Hat Czech Talks: Thoth: Helping Python developers to create healthy applications

Online Red Hat Czech Open House: Thoth: Helping Python developers to create healthy applications

Online MLMU #11: Thoth: Reinforcement learning-based dependency resolution

NeurIPS: Thoth: Reinforcement learning based dependency resolution

  • Date: Dec 6th 2020
  • Location: US, virtual event

DevConf.US: Improvements in OpenShift Python s2i (Source-To-Image)

DevConf.US: Reinforcement learning based dependency resolution

DevNation: the one installation tool that covers Pipenv, Poetry and pip-tools

FOSDEM2020: Thoth - a recommendation engine for Python applications

PyCon US: Thoth - how to recommend the best possible libraries for your application

DevConf.US: Thoth - How to find the best application stack

PyCon.DE 2018: Selinon - Dynamic Distributed Task Flows

DAZ & WIKT: Selinon – Dynamic Distributed Task Flows

  • Date: Oct 11th 2018
  • Location: Brno, Czech republic
    • info
    • slides are not available
    • recording is not available

DevConf.US: Thoth - How to find the best application stack

DevConf.CZ: Global Revolution in Machine Learning

GeoPython 2018: Selinon - Distributed Computing with Python

  • Date: May 9th 2018
  • Location: Basel, Switzerland

PyDays Vienna: Selinon - Distributed Computing with Python

  • Date: May 4th 2018
  • Location: Vienna, Austria

PyCon SK 2017: Selinon - Distributed Computing with Python

FOSDEM: Selinon - Distributed Computing with Python

DevConf.CZ: AF_KTLS - TLS/DTLS Linux kernel module

FOSDEM: AF_KTLS - TLS/DTLS Linux kernel module

🪪 Licenses & Certifications

Coursera: Neural Networks and Deep Learning (by deeplearning.ai)

Coursera: Machine Learning (by Standford University)

Business skills (by Flotila s.r.o.)

  • January 2016

Leadership and People Management (by Flotila s.r.o.)

  • January 2016

Negotiation Strategies (by Flotila s.r.o.)

  • January 2015

Personality psychology (by psycho-servis s.r.o.)

  • January 2013