Type - A locked-down Linux workstation for classified communications. Smartcard login instead of the OS login, isolated workspaces, post-quantum VPN.
My role - Primary owner of the desktop application. This is my current project - I'm redesigning it and removing technical debt with the right architecture.
Stack - Python, Qt, smartcard auth, Linux internals, VPN, pytest, Playwright.
DDD
architecture
~74
test files
PQC
post-quantum VPN
What I worked on
- The desktop application end to end
- A domain-driven re-architecture of a UI monolith
- Smartcard authentication and the lock-screen flow, with its security fail-safes
- The networking domain and VPN-gated workspaces
- OS-level integration and boot hardening
- A testing strategy that made a Qt desktop app testable
- A full dashboard redesign
The hardest problem
- A stolen smartcard had to be useless to an attacker, without ever risking the card locking itself.
- I designed a fail-safe that makes that state impossible to reach.
What I've learned
- Automated agents can do almost anything. We had agents deploying and testing over SSH on the real laptop. AI is just a skill issue.
- Security features need a fail-safe bias. When in doubt, shut down early.
- Hardware is not software. The design has to absorb physical-world failures.
- DDD made a desktop monolith understandable and testable.
- Infrastructure needs one source of truth.
- Never underestimate documentation. Document everything, even the parts you build solo. The next person who needs it is usually you.