01
I go from binary protocol to CSS in a day.
WebRTC SDP munging, SQLite WAL on DrvFs, GLSL shaders, Cloudflare Workers, Tailwind, CMake JUCE. No fear of going up or down the stack.
19 years old · Biella · IT Technician at ITIS Q. Sella. I build software that works on the first run: realtime protocols, end-to-end encrypted knowledge platforms, C++ audio plugins, serverless edge backends.
Five things you see reading the code, not hearing the pitch.
WebRTC SDP munging, SQLite WAL on DrvFs, GLSL shaders, Cloudflare Workers, Tailwind, CMake JUCE. No fear of going up or down the stack.
HALCYON: 65+ green tests, GPL-3, public release. K-Quest: Stripe payments, edge D1, Turnstile anti-bot, 10 languages. Not "I made a repo", but "I built a system".
K-Perception: AES-256-GCM, zero-knowledge, real-time E2EE via Y.js CRDT. HALCYON: peer-to-peer mesh, DTLS-SRTP encrypted audio, no cloud. I can write software you are the only one to read.
Every project has an ARCHITECTURE.md with explicit tradeoffs. No "magic": every choice is written, every discarded alternative documented. That's called engineering.
While most write todo-apps, I have 4 C++20 JUCE audio plugins, an open-source realtime platform, an edge SaaS with real payments and a closed industrial product. Graduating ITIS Q. Sella June 2026.
I build RAG pipelines, decompose tasks across agent sessions, validate every output, persist context across weeks. The result: production-grade systems shipped in days instead of months. The skill 2026 hiring managers fight over.
Sixteen PRs across thirteen upstream open-source projects. Two merged at Anyproto in three days: #2233 (date picker, four hours, zero review comments) and #2234 (URL truncation, closed #2163), both accepted and merged by @ra3orblade. One closed for capacity (not merit): Joplin #15544, where Laurent declined for review bandwidth (12/12 jest tests green, CodeRabbit approved, tech-spec resubmission invited). Twelve open in active states, with concrete maintainer engagement on the strongest cases: mediasoup #1812 where @ibc and @penguinol cleared the tuple-keyed-map design that closes #1805 (IPv4 /30 and IPv6 XOR hash collisions in `PortManager`); Tutanota #10881 where core maintainer @charlag confirmed the bug as "slightly infuriating" before shipping; PennyLane #9532 personally reviewed by @astralcai with two review rounds addressed (a53cd62 + ccf12e7a5 cascade of 148 docstring updates), escalated to code-owner Marcus Edwards; Tangelo #419 reviewed by @alexfleury-sb with two fixes actioned in 1eb1da6; Bitwarden #20867 prefixed with an internal PM ticket and 43/43 importer tests passing across four clients; Element-HQ #33632 labeled T-Defect, CLA signed, CI green. Eleven cold mails sent to verified GitHub commit emails (never scraped). One public technical comment on the ComfyUI thread (#14076). One silent contribution against pysim via fork plus mailing-list-aware mail. Every card below documents the bug, the root-cause analysis, the fix shape, and the maintainer signal.
Sharded safetensors metadata, 3 → 2 HTTP requests per shard.
Real fix for huggingface.js #1979. New private helper that bypasses fileDownloadInfo and issues two direct range requests against the resolve URL. Reproduces the upstream benchmark where DeepSeek-Math-V2 (163 shards) stops failing 100% of runs. Three offline vitest unit tests with mocked fetch, PR-shaped README, every safety invariant of the previous path preserved.
Pre-flight diagnostic for Docker RFC1918 ICE leak.
Real fix for mattermost-plugin-calls #1143. Detects the misconfiguration shape that today silently drops calls minutes after they connect (Docker 172.x advertised as ICE host candidate, coturn rejects with 403). Zero behaviour change: one loud LogError at activate when ALL four conditions hold. Three Go unit tests over 13 boundary IPs, RFC1918 + RFC6598 + IPv6 ULA coverage.
Design alignment before code, because the lifecycle is fragile.
Comfyanonymous's model_unload + free_memory drops the only Python handle on evicted models, GC reclaims the CPU weights, every prompt re-reads from disk. A drive-by patch would silently break at least three other systems (pin-budget under racing requests, the weakref.finalize chain, MPS/ROCm offload semantics). The branch ships a failure trace pinned to line numbers, the fix shape, and four direct questions for the maintainer.
Came in for the bug, found their fix already merged, kept reading.
Verified PR #6624 closed the original task-error silent-swallow targeted by issue #5523. Then traced the sibling pattern still present in calculateScores lines 505-509: when a metric throws (not the task), the error is logged-only with no entry in scoreResults, the same UX failure mode the issue was opened against, one layer deeper. Cold mail leads with the diligence, not a duplicate PR. Stack overlap with opik-frontend is 1:1.
Same circuit, two devices, two drawings, closed the asymmetry.
Issue #7807: `default.qubit(wires=3)` rendered with the grouping brackets, `default.qubit()` rendered without. Root cause in `pennylane/drawer/_add_obj.py`: the `len(m.wires) == 0` branch of `_add_measurement` forgot to call `_add_grouping_symbols`. Fix mirrors the `_add_global_op` pattern, single-wire devices untouched, two snapshot tests updated and the remaining drift documented for the maintainer to pin-up against pytest.
One bug, four identical instances in the same file.
`Circuit([Gate("H", 0)] * 2).simplify()` returned None. The fix touches four methods, simplify, remove_redundant_gates, remove_small_rotations, merge_rotations, not one, because they all wrap a top-level function and splat its result into `self.__dict__` with no `return self`. Two of the four even documented a Returns clause the implementation never matched. One line per method, plus a regression test that pins the issue's exact failing line and three analogous cases.
Structural memory leak at the API boundary, fixed in 8 lines.
Issue #298: RSS climbed linearly during VITS synthesis in a loop. Root cause was structural, `BaseTTS.synthesize` returned a dict containing the full inference output (eight tensors, none detached). Upstream only reads `outputs["wav"]` when VITS is the model, so the other seven tensors lingered in the caller's frame until Python GC ran. A small `_release` helper that does `detach().cpu()` on every tensor before the dict crosses the function boundary closes the leak without API changes.
PortManager silently merged unrelated bindings whenever two IPv4 addresses shared a /30 block, or any two IPv6 addresses XOR-folded to the same 32 bits. Replaced the lossy hash with an exact-tuple struct key.
Real fix for versatica/mediasoup #1805. The legacy GeneratePortRangeHash mangled the bind address before placing it in a uint64_t hash: IPv4 dropped the bottom two bits ((address >> 2) << 2), IPv6 XOR-folded the 128-bit address into 32 bits (a[0] ^ a[1] ^ a[2] ^ a[3]). Downstream, mapPortRanges.find(hash) treated a hit as "same range" and Unbind(hash, port) released ports against whatever PortRange the hash mapped to. Result: in a multi-tenant or multi-interface deployment with nearby IPv4 addresses (sequential container IPs) or word-swap-colliding IPv6 addresses, two unrelated bindings get silently merged into one PortRange; Unbind then frees ports from the wrong tenant's range. Replaced with PortRangeKey struct ({Protocol, sockaddr_storage, minPort, maxPort}) keyed in absl::flat_hash_map<PortRangeKey, PortRange, PortRangeKeyHash>. Map equality is exact-tuple; the hash function (absl::HashOf over protocol, family, raw address bytes, range bounds) is for bucket distribution only. Even on hash collision, key equality keeps distinct tuples in distinct entries. API change (per @ibc clearance: "no need to keep the uint64_t token") propagated through six caller sites (UdpSocket, TcpServer, PipeTransport, PlainTransport, WebRtcServer, WebRtcTransport). Co-authored-by penguinol who drafted the struct shape in the issue thread.
Linux click-to-update notification kept dropping its click handler before the user could click. Retained the JS-side reference until interaction.
Real fix for tutao/tutanota #10844. The Tuta Mail desktop client on Linux had a click-to-update notification that the core maintainer (@charlag, Willow) described on the issue as "sometimes works, sometimes not, slightly infuriating". Root cause: DesktopNotifier.showOneShot discarded the Dismisser returned by the notification factory, so the JS-side electron.Notification became eligible for V8 garbage collection as soon as the call returned. GTK does not strongly retain the JS wrapper across the click round-trip, which is why the bug surfaced on Linux only (macOS Cocoa and Windows Toast both retain the wrapper through their native bindings). The fix mirrors the retention pattern already used by showCountedUserNotification in the same file: keep the dismisser in a Set, wrap the click handler so it dismisses the OS notification and releases the reference once the user-supplied callback has run. Two regression tests cover the new contract, all four existing DesktopNotifierTest cases continue to pass.
URL menu actions in the object header could surface the displayed truncated string. Pinned the data-flow contract to the underlying record value.
Second PR to Anytype, 24h after #2233 merged. Real fix for anyproto/anytype-ts #2163. The URL / Email / Phone relation menu (Go / Copy / Reload) was reading its value from childRef.current.getValue(), which exposes whatever the child cell renders. In the featured-relations header the cell renders with shortUrl=true and textLimit=150, so the visible string can be a truncated form like github.com/an...issues. Even where today's text-cell implementation does not propagate truncation back through getValue(), the contract left the door open. Fix: read record[relation.relationKey] directly. The record value is authoritative for URL targets; the cell is a display surface only. +7/-1 LOC, biome+tsc clean, no behaviour change for the click direct path (already used the record value).
Settings date-format picker showed identical labels on 12 days a year. Switched to a fixed asymmetric sample.
Real fix for anyproto/anytype-ts #2208. The settings *Language & Region → Date Format* picker built every option preview by formatting `now()`. On May 5 (and 11 other days a year where day == month), `Short` (d/m/Y) and `ShortUS` (m/d/Y) both render to `05.05.2026`, two radio buttons with the same visible string. Switched the preview sample to a fixed asymmetric timestamp (Jul 30, 2020, already the convention used in the `DateFormat` enum comments). Five-line change in `menu.ts` plus two unit tests in `date.test.ts`: positive guard (asymmetric sample → distinguishable) and negative documentation (symmetric date → bug reproduced), both passing locally under vitest. Maintainer signal: @ra3orblade (Andrew Simachev) dominates the file's commit history and recently shipped JS-9098 fixing month-first date formats elsewhere.
Esc didn't close hover-opened popovers. Handler was in a portal, not the trigger's subtree. Moved it.
Real fix for jitsi/jitsi-meet #17374 + #17373. An external accessibility audit filed six related bugs the same day. The reactions menu and three-dot menu opened on hover but couldn't be closed by Esc, because the `Popover.web.tsx` component attached its `_onEscKey` handler to the inner `.popover-content` div, which renders into a `DialogPortal` separate subtree. Focus stays on the trigger after a hover open, Esc bubbles up through the outer container that has no key handler, and the event dies. Three-line fix: attach `_onEscKey` to the outer container and tighten the visibility guard so it doesn't swallow Esc for unrelated handlers when the popover is closed. TS + ESLint clean on the patched file. The other four cluster issues (#17365 to #17368) need separate fixes in different components, listed explicitly in the PR body with offer to follow up.
Non-urgent toast inline link was invisible on light theme. Pin'd to white, scope-isolated.
Real fix for element-hq/element-web #33494. The `requests` inline link inside the `Your server isn't responding to some requests` toast was invisible on light theme because `AccessibleButton kind="link_inline"` inherits `var(--cpd-color-text-primary)` which is dark on light theme, but the toast itself hard-codes its background to `#17191c` "in all themes" (per the existing comment). The fix scopes a `color: #fff` override to `.mx_NonUrgentToastContainer_toast .mx_AccessibleButton_kind_link_inline`, matching the container's intentional theme-independence without leaking to any other inline link in the app. Selector specificity (0,4,0) cleanly overrides the upstream (0,2,0), no `!important` needed.
1Password 1pux import silently dropped every archived entry. Fixed across all 4 clients.
Real fix for bitwarden/clients #20694. `OnePassword1PuxImporter` had an early-return that skipped every item exported with `state: "archived"` from 1Password, contradicting the help-center docs that promise everything is imported. The existing unit test explicitly enforced the buggy behaviour. The fix removes the early-return, lets archived items flow through the import pipeline, and stamps `cipher.archivedDate = new Date()` so `isArchived` returns true, Bitwarden's canonical archive marker. The fix lands in `libs/importer/` shared by browser / desktop / cli / web (exactly the labels on the issue), so one change, four clients fixed. Old test renamed and corrected; new regression guard added that asserts active items stay unarchived.
WYSIWYG link dialog: focus the URL field, not the pre-populated "Text to display".
Real fix for laurent22/joplin #15521. When you select text + invoke "Insert hyperlink" in the Rich Text editor, TinyMCE's built-in link plugin pre-populates the text field but keeps focus on it, you have to tab before typing the URL. The fix adds a small pure-function predicate plus an `OpenWindow` event handler in TinyMCE.tsx that re-focuses the URL field exactly when the dialog has pre-populated text and no URL yet. Defensive try/catch around the dialog API so future TinyMCE upgrades degrade gracefully. Outcome: Laurent closed the PR 26 May with the note "sorry we are not considering new pull requests at this time as we do not have the capacity to review them. I would suggest for now to maybe create a tech spec from this PR and attach it to the issue, so that it can be considered at a later time." The patch passed 12/12 jest tests + CodeRabbit review, the technical work stands; only the timing was wrong. Tech-spec resubmission on the issue is the next move.
Decoding APDUs from MBIM PCAPs, a new ApduSource that slots into the pattern that already exists.
Issue #2 asked whether pysim can decode APDUs from a Wireshark capture of a cellular modem talking to an eSIM over MBIM. pysim already had pyshark_gsmtap.py and pyshark_rspro.py adapters; MBIM slots straight in. The new pyshark_mbim.py filters by the MS_UICC_LOW_LEVEL_ACCESS service UUID, reads mbim.cid, and routes APDU payloads into the shared ApduCommands pipeline. Open items (ATR from UICC_RESET, APDU fragmentation, LiveCapture variant) are called out explicitly in the README rather than shipped half-baked.
Numbers extracted from my GitHub repositories. No mockups, no fiction.
Seven real projects. Code consultable where possible. Otherwise, explicit motivation.
Notion-grade features. Signal-grade privacy.
Zero-knowledge end-to-end encrypted knowledge management platform. 7 production-ready editor modes, real-time collaboration via Y.js CRDT, client-side AES-256-GCM, offline-first, enterprise SSO, deployed on Cloudflare edge.
Self-hosted realtime mesh voice/video platform. Zero cloud, your LAN, your data.
Monolithic Node server, vanilla JS client with no build step, peer-to-peer audio/video via WebRTC mesh. SQLite persistent chat with markdown, URL-driven multi-room, screen sharing with system audio, codec preference AV1 → H.264 NVENC → VP9. 65+ green tests across unit (vitest) and e2e (Playwright).
Paid challenge marketplace. The community chooses, I execute.
Frontend React 18 + Vite + Tailwind + Framer Motion, i18n in 10 languages. Cloudflare Workers backend with Hono, D1 SQLite at-edge, KV for rate-limit, R2 for paid-only assets, PCI-compliant Stripe Checkout, Turnstile as anti-bot barrier. Separate admin panel behind TOTP.
Four C++20 audio plugins with the JUCE framework.
Binaura : stereo-to-3D binaural processor.
FXRack : modular VFX effects rack with dynamic routing.
StreamSauce : audio pre-processor for live streaming.
FRKX : VST3 template with idiomatic CMake build.
All with CMake build, JUCE framework, strict C++20, real-time signal processing.
Roguelite action-RPG in the browser. Vanilla ES, zero build.
Defend your data from waves of cyber threats. 10 unique weapons, 6 abilities, persistent progression. Zero framework: pure ES modules, GitHub Pages serves the entire experience. 60fps game loop with no dependencies.
Nine browser experiments, zero dependencies.
Collab, DataRun, Doc-Shredder, Gravity Sandbox, Interceptor, Magnet, Shredder, Speedtest, Privacy Warfare. Each is a small study on a mechanic: physics, networking, input, render. All single-file, served from GitHub Pages.
Two Progressive Web Apps for ITIS Q. Sella.
Capsula del Tempo: PWA from class 5B INF, 2 stars on GitHub. Service worker for offline, manifest, install prompt.
SISTEMI-5B-STUDIO: educational PWA with interactive chapters and text-to-speech, manifest, sw.js.
Items with the glowing dot are those I've used in production, not on paper.
I'm Francesco, 19 years old on June 4. I live in Biella, Piedmont. Finishing my fifth year at ITIS Quintino Sella, IT major. IT Technician diploma expected for June 2026.
I've been writing code every day since I was 13. The first serious project was a JUCE audio plugin, the latest is a knowledge management platform with end-to-end encryption. In between: Stripe payments in production, WebRTC mesh, browser mini-games, PWAs for my class.
I work with the same care on backend piping and the micro-easing of a hover state. Available for remote or on-site work full-time, part-time, internship, project collaborations.
Phone protected by anti-bot: click to reveal. Direct email always available.
klabindustries.hq@gmail.com
999purple999 · 11 repos
Biella · Piedmont · Italy
Remote or on-site
Looking for someone who writes software that works? Write me. I reply within 24h.