Things I build on my own time. Each one started as a real problem I wanted solved,
not a tutorial.
Homelab and side work, summarized from my own session logs. Identifying details are
deliberately scrubbed.
Cloud cost kill switch
A serverless guardrail that automatically shuts off expensive cloud AI APIs before a runaway bill can happen.
Cloud AI services bill by usage, and a bug or a forgotten job can quietly burn
money for days. I built an automatic circuit breaker on Google Cloud: when
spending crosses a budget threshold, the system disables the expensive services
on its own, no human required. It also caught a subtle bug of its own along the
way, which I diagnosed and fixed.
Google Cloud Billing budget alerts publish to a Pub/Sub topic; a 2nd-gen Cloud
Function (Node.js) consumes them and calls the Service Usage API to disable the
AI APIs (Gemini, Vertex) once spend crosses the threshold, using a least-privilege
service account scoped to service management only.
The bug worth telling
Budget update events (fired when you edit the budget itself) arrive with
alertThresholdExceeded: undefined. My original guard was
threshold < 1.0, and undefined comparisons are
always false, so the function treated a budget edit as a breach and disabled
the APIs prematurely. The fix was an explicit
!== undefined check before the numeric comparison. A good reminder
that event payloads are part of your API contract, including the fields that
are sometimes missing.
Self-hosted AI agent platform
An always-on personal AI assistant platform running on my own hardware, with scheduled jobs and multi-model routing.
I run my own AI assistant infrastructure at home rather than relying on someone
else's app: it answers through a chat interface, runs scheduled daily jobs like
news briefings, and stays up through upgrades. Operating it has taught me what
production AI systems actually need: fallbacks, monitoring, and careful handling
of credentials.
A Dockerized multi-model agent gateway running on a home Ubuntu server and a
Raspberry Pi, with a Discord front end and cron-scheduled jobs (daily memory
initialization, workspace sync, automated web briefings). Model routing uses
Claude as primary with Gemini fallback. The interesting operational problems:
persisting credentials across ephemeral container upgrades via volume symlinks,
hardening headless Chromium web fetches, and keeping cron jobs from silently
dying after version bumps.
NJ Playgrounds
A live full-stack web app that helps families find and review playgrounds across New Jersey: nj-playgrounds.com.
Weekend trips with my kids kept starting with the same question: which playground?
So I built the answer and put it on the internet: maps, search, and parent reviews
for playgrounds across the state, running in production for real users.
Ruby on Rails 8.1 on PostgreSQL, deployed on Heroku: geocoded search including a
lat/long-to-ZIP feature, user reviews and ratings, Google sign-in, transactional
email via SendGrid, and a mobile bottom-sheet map UI. AI-assisted code review is
part of the workflow, and database backup and recovery procedures are documented
and tested.
Running this site's server
The website you are reading doubles as a small production environment I operate end to end.
This site runs on a cloud server I have operated for over a decade. I recently
audited everything on it, took the operating system through a major in-place
upgrade with zero data loss, retired services nobody used anymore, and cleaned
out years of accumulated cruft. Owning the whole lifecycle is the point.
A multi-tenant Apache box with Let's Encrypt TLS, carried in place through every
Ubuntu LTS release from 16.04 to 24.04, most recently three back-to-back release
upgrades run in a detached screen session, with a full-disk snapshot and database
dumps as the safety net and every site verified at each hop. The cleanup pass
retired an abandoned WordPress install behind a 301 redirect, purged years of
dead kernels and packages, and capped runaway logs, freeing roughly six
gigabytes on a small VM where that matters.
Home network security review
A full audit of my home network, and a deliberate decision about what not to publish.
I audited every device on my home network the way a professional would assess a
small office: what is connected, what is exposed, what needs fixing. Just as
important, I concluded the raw results should never be published, because network
scans are effectively a blueprint of your home. Knowing what not to share is part
of security work.
ARP and ICMP sweeps for inventory, TCP connect scans with banner grabbing for
service identification, and hardware trust assessment across roughly 30 devices.
Follow-up: a 48-hour rolling packet capture in monitor mode on a Raspberry Pi
(hourly tcpdump rotation with compression). The raw data stays private by design:
BSSIDs are geolocatable through public wardriving databases, so a published scan
is a map to your front door.
Reviving a scientific C codebase
Patched a decades-old lighting-simulation codebase to build on a modern compiler, then used it to answer a real question.
Radiance is a scientific lighting-simulation suite whose code predates most of
today's tools. I got it compiling on modern systems, then built a working
simulation of a real room to compute physically accurate lighting levels. Old
code is everywhere in industry; being comfortable making it work is a durable
skill.
Patched the legacy C sources (conflicting extern declarations, pre-ANSI idioms)
to compile under GCC 15.2 on ChromeOS via Chromebrew. Then scripted the full
pipeline: gensky for a calibrated sky model, oconv to build the octree, rpict
for HDR renders, rtrace for illuminance (about 8,100 lux at room center), and
falsecolor maps for glare analysis on a physically modeled 4x5x3 m room.