Blog

Welcome to my blog, a bit about me...
By day, I'm a Principal Data Scientist at MassMutual focusing on Cybersecurity and Enterprise Technology. I lead the Cybersecurity & Fraud Data Science Team and drive enterprise-wide AI transformation initiatives. I also hold a PhD in Computer Science from the University of Vermont, with research in computational finance and cybersecurity. That said, you'll probably find me writing about completely unrelated side projects that caught my curiosity. Like building compilers and running a home-lab. I love exploring new technical challenges and sharing what I learn along the way.


The Gap Between Claude and Local Can a Self-Hosted Coding Agent Compete?

Posted on by John • Last modified
LLMs Claude Qwen Local Inference LM Studio Agentic Coding

I set out to find how big the gap between a Claude subscription and a self-hosted setup actually is, and whether a local coding agent is viable for real work. The experiment ran in two phases. First, five arms (four local open-weight variants chosen to span the capability/context/speed tradeoff, against Claude Opus 4.7 as the cloud baseline) each designed a complete Playwright E2E test suite for a real Laravel + Livewire app from scratch. Then the best plan was handed back out to be built: Claude Code against the strongest local arm, head-to-head on the same plan. It's as much a practical guide to getting real work out of a 24 GB card as it is a contest: how to choose the model, the quant, and the context window so a long agent run has the room to finish without compacting, the agentic-coding tips I use and teach professionally, and one structural advantage Claude has that doesn't show up in any model card.

This is not meant to be a fair fight. Quant levels and context windows are chosen to fit 24 GB of VRAM under realistic conditions, not to give each model its theoretical best precision. The point isn't “who wins a level playing field”; it's “given the constraints anyone would actually face, what does the gap look like for real work?”


Small Brains, Big Test Can Small LLMs Pass the CISSP?

Posted on by John
LLMs Local Inference Qwen Cybersecurity Claude Ollama

I've been meaning to prep for and take the CISSP exam for a while now. This work does not advance that goal, but it's easy to pretend it does. Sixteen small open-weight models, 1,303 practice questions, 64 configurations. The results reveal a clean capability ceiling, a contamination pattern hiding in plain sight, and a handful of questions that stumped every single model, including the ones that probably cheated.


NCC: Not Complete, but Capable A C Compiler in Rust

Posted on by John
Compilers ust Systems Programming Computer Science

I recently reached a major milestone in the development of my hobby compiler Not Completely C. In this post, I share the journey that brought me here, demonstrate how NCC can compile non-trivial programs, and provide a detailed walkthrough of the compiler's architecture; from lexing source code to emitting machine code and linking executables.


When 5 + 5 Equals 11 Reflections on Writing a C Compiler, Part One

Posted on by John • Last modified
Compilers ust Systems Programming Computer Science

How complex can a five character expression be? The seemingly innocent i + i++ produces different results on different compilers, exposing one of C's most insidious features: undefined behavior. In this post, I'll explore how something as fundamental as the order of expression evaluation became a minefield in C, why modern compilers still disagree on basic operations, and how I'm addressing these issues in my hobby compiler NCC. Along the way, we'll peek under the hood at compiler intermediate representations and discover why "simple" languages can be surprisingly complex.


A Subtle Python Threading Bug That Isn't About Threading

Posted on by John
Python Programming Languages Computer Science

I recently encountered a puzzling bug in code that uses Python's threading module for parallel processing. The code looks perfectly reasonable, but produces completely wrong results. Can you spot the issue?


Secure, Scalable Home Web Hosting with HAProxy, pfSense, Let's Encrypt & Cloudflare

Posted on by John
Networking Cybersecurity Web Development

In this article, I'll walk you through a comprehensive setup for self-hosting web applications. This configuration is ideal for both homelabs and small production environments, enabling you to host multiple websites on a single IP address and port. We'll focus on security, flexibility, and centralized management.

Using pfSense as our base operating system, router, and firewall, we'll leverage the ACME protocol for automated SSL certificate management, HAProxy for reverse proxying, and Cloudflare for DNS and CDN services.

I'll explain the role of each component and guide you through every step of the process-including how to avoid some common gotchas. By the end, you'll have a secure, scalable setup for hosting multiple services using domain and subdomain-based routing, with centralized SSL and traffic management.