Bare metal → Containers → AI/ML
I've been building infrastructure from the ground up for a long time — routers, hypervisor clusters, distributed storage, PBX systems, the whole stack. Now I train reasoning models on Apple Silicon. The constant: making powerful tools run on hardware you own.
🧠 mlx-grpo-trainer — First MLX implementation of GRPO. Train DeepSeek-R1-style reasoning models entirely on your Mac. No cloud GPUs.
🎯 mlx-guided-grpo — Curriculum learning + GRPO training on Apple Silicon. Structured reasoning model development, locally.
🤖 MacPilot — Control your Mac with natural language. Plain English in, macOS automation out.
The ML work is built on top of years of doing everything below. All of this informs how I think about AI infrastructure, tooling, and what "running locally" actually means.
🔧 Bare metal & virtualization
Proxmox HA clusters on dedicated servers with Ceph hyper-converged storage over fiber ring. QEMU manual installs from recovery mode — diskless OS via netboot, advanced device emulation, PCI/USB/GPU passthrough. KVM, Firecracker, Cloud Hypervisor, RustVMM, Libvirt, Citrix Hypervisor. LinuxKit for minimal OS builds. I've bootstrapped clusters from nothing — formatting NVMe drives with gdisk, tuning sysctl, setting up VNC for headless installs. Netboot environments with iPXE, TFTP/HTTP PXE boot chains. USB hardware emulation using Raspberry Pi. Docker-in-Docker, QEMU-in-Docker with userspace networking. OpenStack and OpenNebula for private cloud orchestration. If there's no OS on the box, I'll put one there.
🌐 Networking
MikroTik — dual-WAN load balancing with mangle rules, connection marking, failover routing. VLANs, trunking, L2/L3 switching, bridge interfaces, tap devices for KVM guests. 10G/40G networks over fiber ring and through managed switches. OpenMPTCProuter for WAN bonding. MultiWAN/load balancing with HAProxy. OpenVSwitch, VXLAN, FRRouting for software-defined networking. OSPF, BGP routing. Pinhole NAT, TCP/UDP kernel optimization, custom kernel module development. VPN stack: WireGuard, Nebula P2P (Noise protocol), Tailscale, OpenVPN, IPsec, L2TP, GRE/IPIP tunnels, ZeroTier, sTunnel. Cloudflared tunnels with zero-trust networking. DNS over TLS/HTTPS, self-hosted DNS with Technitium, Pi-hole, AdGuard. Advanced DHCP with custom options. HTTP/HTTPS proxy with and without TLS intercept (Squid). Mail servers: Postfix, Sendmail, Exim. Web servers: Nginx, Caddy, Naxsi WAF. Routers/firewalls: Cisco 2100, Cisco PIX, OPNsense, pfSense, UniFi Security Gateway, OpenWrt, Vyatta, iptables. The kind of networking where you're drawing topology diagrams on napkins.
📞 VoIP & telephony
Asterisk — vanilla, FreePBX, RasPBX. Audio codec optimization including Opus. chan_dongle for GSM integration, SMS gateway with Kannel over USB modems. FXO/FXS analog integration. Call recording with automated transcription pipelines. 3CX, AWS Connect for cloud-hosted PBX. WebRTC with STUN/ICE for browser-based calling. Built complete phone systems from SIP trunks to desk phones to voicemail-to-email — the kind of setup where you're crimping RJ11s and debugging SIP traces in the same afternoon.
💾 Storage & data
Ceph hyper-converged clusters on fiber (cephfs on hypervisor clusters), GlusterFS, BtrFS, ZFS. Block storage, object stores, NFS, iSCSI, Samba. Fuse/overlay filesystems. Filesystems across the board: ExtFS, HFS, APFS, XFS. MinIO/S3, rclone with mergerfs for tiered local+cloud storage, JuiceFS. NAS appliances heavily customized with community packages. diskover for filesystem indexing. Block-level data recovery. I've moved petabytes around with rclone's multi-thread streams.
🔐 Security, forensics & hardening
CIS benchmarks, lynis, rkhunter, chkrootkit, ClamAV, Tripwire. SSH baselines, iptables-persistent, pgaudit, gitleaks. Snort IPS/IDS. Zero Trust architectures. Firewall hardening for DoS/DDoS. Port knocking. Vulnerability scanning with rustscan/nmap. TLS/SSL Certificate Authority with OpenSSL. SSL unpinning with Frida, mitmproxy, TLS intercepting. Reverse shell, SQLmap, WPScan, Netcat. Binary decompilation, overriding function calls in shared libraries (DLLs/.so). OSINT, privilege escalation, rainbow tables. Network packet analysis, HTTP request inspection. Google GRR live forensics. Bot/crawling tooling. Proxying HTTP/HTTPS/SSH. GDPR, FIPS, HIPAA compliance. KMS, CloudHSM, SSM Parameter Store. SOCKS and sockets over SSH. Automated security scanning on cron with email alerts. Started with white-hat pen testing — the kind where you'd find ISP vulns and then help them patch.
🔑 Authentication & identity
LDAP, Active Directory, OpenLDAP for directory services. SSO with Kerberos, SAML. FreeRADIUS with AAA accounting. Keycloak for auth server deployment. Apple MDM Server for device management. The full identity stack from directory schema design to RADIUS policies to single sign-on federation.
🐳 Containers & DevOps
Docker — compose patterns, slim builds, Swarm cluster orchestration, volume/network plugin development, hardening with AppArmor profiles (mounts/cgroups), Docker-in-Docker, QEMU in Docker with userspace networking. Podman, Kata Containers for micro-VM isolation. Traefik, Pulumi for IaC. Code-server, self-hosted Gitpod. Cockpit, Netdata, Prometheus + Grafana. ECS/EKS, Kubernetes, serverless with Lambda. CI/CD: GitHub Actions, GitLab CI, Circle CI, Travis CI, CodeBuild/CodePipeline. DORA metrics. Maintained NAS template ecosystems. If it runs in a container, I've probably written the docker-compose for it.
📊 Monitoring & observability
Prometheus + Grafana dashboards. ELK stack — Elasticsearch, Logstash, Kibana dashboards, Mtail. OpenNMS, Nagios, Cacti, SmokePing for network monitoring. Monit for process supervision. Netdata, Netflow analysis. ARP scan/arpwatch for network discovery. MTR, iPerf for performance testing. nmap/rustscan for scanning. SNMP polling. Fail2ban. The kind of monitoring where you know a disk is dying before the on-call page fires.
☁️ Cloud & data engineering
AWS — Bedrock, SageMaker, Textract, Comprehend, Transcribe, Glue, Lambda, ECS/EKS, CloudFormation, Connect. Azure. Snowflake + DBT pipelines. Apache Spark, Airflow. Data warehousing, ETL, metadata governance. Databases: Postgres, MariaDB/MySQL, MongoDB, InfluxDB, Redis, Memcache. Apache Solr, Elasticsearch, LevelDB, IndexedDB, MQTT. Caching: Redis, Memcache, FlashCache, Varnish, Squid. Analytics: Metabase, Redash, OpenRefine. GenAI solutions spanning hundreds of terabytes.
🎬 Digital preservation & media
Built video-to-text pipelines — ffmpeg for frame extraction and deduplication, Tesseract OCR, Kaldi ASR, Deep Speech for transcription, face recognition. Indexing for searchable archives. Contributed to digital repository frameworks and public broadcasting archives. Ruby/Rails/Puma on AWS.
🌍 Full-stack & web
Svelte (big fan), React, TypeScript, Prisma, Node.js, Deno. Ruby on Rails, Dry-rb, custom gems. PHP — Symfony, Laravel, CodeIgniter, Zend, PHP extension development in C. Java — Spring, Swing. Python — SQLAlchemy, dataclasses, pip package dev. Advanced service workers and browser extensions. Reverse proxies — Fabio, gobetween, reproxy. Diagrams-as-code. The kind of full-stack where you also configure the router the server sits behind.
Every phase has been about the same thing: owning your compute. Building hypervisor clusters instead of renting instances. Running your own DNS instead of using managed services. Standing up your own PBX instead of paying per-seat. Training reasoning models on a Mac Studio instead of paying for GPU hours. The platform keeps changing. The principle doesn't.
AI/ML MLX · PyTorch · GRPO/RLHF · HuggingFace · LLMs · Bedrock · SageMaker
Kaldi ASR · Deep Speech · Tesseract OCR · Face Recognition
Languages Python · TypeScript · Ruby · Go · Rust · C++ · Swift · Bash
PHP · Java · Perl · Lua · AppleScript
Cloud AWS (SA Pro) · Azure · Snowflake · OpenStack · OpenNebula
Serverless · ECS/EKS · Kubernetes
Infra Proxmox HA · KVM/QEMU · Firecracker · Cloud Hypervisor · RustVMM
LinuxKit · Docker · Podman · Kata Containers · Pulumi
Networking MikroTik · Cisco · pfSense · OPNsense · OpenWrt · Vyatta
WireGuard · Nebula · Tailscale · OpenVPN · IPsec
VLANs · OSPF · BGP · OpenVSwitch · VXLAN · HAProxy
VoIP Asterisk · FreePBX · 3CX · AWS Connect · WebRTC · Kannel SMS
Storage Ceph · GlusterFS · ZFS · BtrFS · MinIO/S3 · NFS · iSCSI
rclone · JuiceFS · mergerfs
Data Postgres · MySQL · MongoDB · Redis · InfluxDB · Elasticsearch
Snowflake · DBT · Airflow · Spark · Solr · MQTT
Caching Redis · Memcache · Varnish · FlashCache · Squid
Security CIS · lynis · Snort IDS · Frida · mitmproxy · rustscan
HIPAA/GDPR · KMS · CloudHSM · Zero Trust · GRR Forensics
Identity LDAP/AD · Kerberos · SAML · FreeRADIUS · Keycloak · SSO
Monitoring Prometheus · Grafana · ELK Stack · Nagios · OpenNMS · Cacti
SmokePing · Netdata · Fail2ban · SNMP
CI/CD GitHub Actions · GitLab CI · Circle CI · CodeBuild/Pipeline
Travis CI · DORA Metrics
Web Svelte · React · Rails · Node.js · Deno · Prisma
Symfony · Laravel · Spring
327 repos · 5k+ starred · Arctic Code Vault Contributor