security · deployment · open source
I pick architectures on purpose. Security and privacy are the floor, not a feature. I prefer open source, self-hosted, and decisions I can defend.
- budget-lens — a self-hosted receipt scanner and expense tracker. Financial records shouldn't live on someone else's analytics pipeline.
- camunda-compose — full Camunda 8 Self-Managed stack (Web Modeler, backups, the lot) you bring up with one
docker compose up. Workflow engines shouldn't require a sales call. - EDPO-Project-FS26 — event-driven crypto-portfolio platform on Kafka + Spring Boot. Data Integrity, availability and fault tolerance as driving non-functional properties.
- homepage — the code behind 1oannis.com.
Privacy-preserving computation on fuzzy records. SSO architectures in workflow-heavy environments. The information-disorder side of AI in public discourse. Writing thesis-quality systems that stay maintainable after the deadline.
Postgres over MongoDB — unless the data is genuinely document-shaped.
Keycloak over rolling-your-own auth — identity is the boring part you have to get right.
Docker Compose over Kubernetes — until cardinality actually demands otherwise.
Self-hosted over SaaS — where the data is mine.
Open source over closed — unless there's a defensible reason, and "we already pay for it" isn't one.
I pick by workload, not by category.
| When | I reach for | Why |
|---|---|---|
| services | Spring Boot · FastAPI | conservative on JVM, fast iteration in Python |
| events | Kafka | persistence and replay built in |
| UI | Next.js · Svelte · Tailwind | static-first, server-only when it matters |
| deploy glue | Ansible · Caddy | reproducible provisioning, TLS without surprises |
| research | Python · PyTorch · Jupyter | optimized for the question, not the deploy |
| simulation | NetLogo | when the system is the question |
| writing | Typst | over Word, every time |
Comfortable in Java, Kotlin, Python, TypeScript, C++.
These shape how I build, not just what I import.