Archimedes

Interactive computational geometry in Rust + WASM + WebGPU

• Algorithms: Andrew's monotone-chain convex hull, Bowyer-Watson Delaunay triangulation, polygon boolean ops via i_overlay
• Semiconductor: Critical-area analysis — Minkowski-style dilation for VLSI yield prediction (Papadopoulou & Lee, 1999)
• Robustness: Side-by-side naive f32 vs Shewchuk adaptive-precision predicates on near-degenerate input
• Stack: egui + wgpu rendering, trunk for wasm build, runs in-browser via WebAssembly

→ live demo

Gretun

GRE tunnel management CLI

• Networking: Site-to-site VPN tunnels for cloud VPC interconnection
• Low-level: Direct netlink integration for kernel network configuration
• Features: Tunnel creation, health probing (ICMP), route table manipulation
• Cloud-native: Multi-cloud support (AWS, GCP, Azure virtual networks)

→ read more

Sensor-Bridge

Lock-free sensor fusion pipeline

• Throughput: 2.2B items/sec with ~20ns end-to-end latency
• Optimization: Cache-padded SPSC buffers to avoid false sharing
• Lock-free: Sub-nanosecond ring buffer ops using atomics (no CAS loops)
• Embedded: no_std compatible for bare-metal environments

→ read more

ServiceMesh

L7 proxy with circuit breakers

• Throughput: 52M ops/sec using lock-free atomics + DashMap
• Protocols: HTTP/2 and gRPC with full streaming support (Hyper/Tonic)
• Reliability: Circuit breaker with configurable thresholds, exponential backoff
• Observability: Prometheus metrics, graceful shutdown, connection pooling

→ read more

Container-runtime-rs

OCI-compliant container runtime in Rust

• Isolation: Linux namespaces (PID/mount/UTS/IPC/net), cgroups v2 with memory/CPU/PID limits
• Storage: OverlayFS for layered images, OCI image pulling and layer extraction
• Security: Seccomp BPF filters, capability dropping, no_new_privs, user namespaces
• Architecture: 900+ source files, full OCI runtime spec compliance, Docker-comparable lifecycle

→ github

Nodix

Real-time compute graph for robotics

• Real-time: <1ms p99 latency with EDF/Rate Monotonic scheduling
• Throughput: 5,000+ iterations/sec for sensor fusion pipelines
• Concurrency: Zero-copy data flow using Arc and lock-free channels
• Correctness: DAG validation with topological sort and cycle detection

→ read more

Network-Beacon

C2 beacon detection via traffic analysis and TLS fingerprinting

• Detection: CV-based jitter analysis, JA4 TLS fingerprinting, DNS tunneling, HTTP beaconing patterns
• Pipeline: Multi-threaded async (Tokio) packet processing with libpcap; live capture and PCAP replay
• Output: Ratatui TUI dashboard, webhook + syslog alerting, Prometheus metrics, JSON/JSONL for SIEM
• Configuration: TOML profiles (paranoid/balanced/relaxed), GeoIP enrichment via MaxMind

→ github

keysmith

Kubernetes operator for automated secret rotation

• Operator: SecretRotationPolicy CRD reconciled by controller-runtime; immutable RotationRecord audit trail per attempt
• GitOps: declarative rotation policies live next to workload manifests; Kustomize overlays + single-manifest deploy
• Providers: pluggable interface — AWS Secrets Manager, HashiCorp Vault, built-in crypto/rand generator
• Observability: Prometheus metrics, OpenTelemetry tracing, rolling restarts of Deployments/StatefulSets/DaemonSets

→ read more

Sentinel

Embedded SIEM log pipeline

• Ingest: Suricata EVE, Cowrie honeypot, C2 beacons, syslog (RFC 5424/3164), arbitrary JSON
• Enrichment: GeoIP lookups, threat intel feed matching, MITRE ATT&CK mapping
• Detection: TOML-driven rule engine with correlation — reconstructs kill chains across sources
• Output: Ratatui TUI dashboard, HMAC-signed webhooks, Prometheus metrics, REST API with CSV/JSON export

→ read more

UDP-Relay

MAVLink v2 telemetry aggregator

• Ingest: UDP listener on :14550 with MAVLink v2 frame parsing and CRC-16/MCRF4XX validation
• Registry: Thread-safe drone registry tracking position, attitude, battery, and flight mode for 250 vehicles
• Streaming: Non-blocking pub/sub hub fans events to filtered WebSocket subscriptions
• Ops: Prometheus metrics, token bucket rate limiting, IP/CIDR whitelisting, distroless Docker image

→ read more

Go-Hunter

Multi-cloud attack surface management

• Scale: 1,000 assets/min across 5 cloud providers (AWS, GCP, Azure, Cloudflare, DO)
• Architecture: Multi-tenant SaaS with encrypted credential storage and audit logging
• Performance: Concurrent goroutine workers with per-provider rate limiting
• Security: SHA256 drift detection, age encryption, row-level tenant isolation

→ read more

Forge-DB

SIMD-accelerated vector database

• Performance: 13K QPS at 75us latency with AVX2/AVX-512 optimization
• Efficiency: 32x memory compression via 8-bit quantization, 95%+ recall
• Portability: Pure Rust, zero external dependencies, no_std compatible
• Algorithms: IVF-PQ indexing + HNSW graph search for similarity queries

→ read more

PID Motor Control

Closed-loop PID controller on STM32F411RE with IMU feedback

• Control: 1kHz PID loop in TIM2 ISR with derivative-on-measurement and integral anti-windup
• Sensing: MPU-6050 IMU at 400kHz I2C, complementary filter (alpha=0.98)
• Actuation: TB6612FNG motor driver, 20kHz PWM, sign-magnitude drive (-1.0 to +1.0)
• Tuning: UART CLI for live Kp/Ki/Kd adjustment, step response CSV capture for plotting

→ view project

FreeRTOS STM32

5-task preemptive firmware on STM32F411RE @ 100MHz

• Pipeline: Queue-based sensor → processing → UART TX with ISR-safe xQueueSendFromISR
• Watchdog: Supervisor task (P=4) feeds IWDG only when all tasks check in — resets on hang
• Persistence: Config struct in flash with CRC32 validation, safe fallback to defaults
• CLI: UART shell (status, config get/set, task suspend) via ISR-fed rx_char_queue

→ view project