Blogs.
Writing on software engineering, infrastructure, and AI.
2026-05-30
Managing Kubernetes from my phone
Crow is a native SwiftUI iOS client for Kubernetes. mTLS via PKCS#12, generic CRD browsing, WebSocket log streaming, and RBAC-gated mutations.
2026-05-13
End-to-end user identity across a research platform with Istio, OPA, and token exchange
How we made the user's JWT travel through every service-to-service call, across Kubernetes and HPC, using mesh-level validation, per-service OPA policies, and chained RFC 8693 token exchange.
2026-04-28
Building a workflow execution service from scratch in Go
Conquest implements GA4GH WES/TES on Kubernetes. Adapter pattern for multi-language support, Postgres state machines, and the file staging problem.
2026-04-26
A filesystem-to-S3 sync daemon that doesn't poll
RedRush uses inotify/kqueue for event-driven uploads to S3-compatible storage. Debouncing, recursive watch registration, and the Kubernetes sidecar pattern.
2026-04-19
Using Gemini to list gemstones on Etsy for my mom
Structured output from Gemini's multimodal API, JSON schema constraints, marketplace-safe description generation, and automated product image grids.
2026-03-28
I wrote the same pipeline in Nextflow, Snakemake, and WDL
Three tiny repos, one variant-calling workflow, and what each language's execution model actually does to your code.
2026-03-22
Building a TUI database browser with React (yes, React)
DataSlip is a terminal-first Postgres client built with Bun, React, and OpenTUI. Component architecture, focus management, and terminal rendering performance.
2026-03-12
Popy: a 500 KB clipboard manager because every other one is an Electron app
Writing a native Swift macOS menu bar app. NSPasteboard polling, Keychain storage, global hotkeys via CGEvent, and universal binary CI.
2026-02-06
ConOps: I wanted Argo CD without the Kubernetes
Building a GitOps controller for Docker Compose in Go. Reconciliation loops, config hashing for drift detection, go-git for in-process clones, and an embedded web UI.
2026-01-29
Migrating live auth from SuperTokens to Keycloak
Custom SPI for phone-OTP in Java, gradual user adoption via login-time import, dual-session logout, and the oidc-client-ts cutover.
2025-12-27
The month we self-hosted everything
Moving Typesense and Metabase onto GKE. StatefulSet tuning, alias-swapped re-indexing, SAML attribute mapping, and the OOM that Prometheus caught.
2025-08-20
Small PRs to scientific infrastructure
Shipping a streaming zip endpoint to trs-filer, adding S3-compatible storage via boto3, and patching FOCA's MongoDB connection URI handling.