⚡AInimus Peregrinus —+
Portable local AI on external USB SSD. Debian headless · Ollama · OpenWebUI · multilayer RAG. Boots on any x86, no cloud, no subscription.
Debian headless · Ollama · OpenWebUI · SearXNG · Docker · nomic-embed-text
// public technical profile
Pako Autarkes
pseudonym · public technical identity · those who know me, recognize me
20+ years in telecommunications, software development and cybersecurity. From the NOC to the code⚡from the incident to the binary. Lazarus/FPC · Linux · PurpleTeam · ENS/NIS2 · Vigo/Galicia.
Veritas fulgens: oculos peto, non ducatum.
✦
Technical Domain
Telecommunications
17 years in NOC managing massive incidents across FTTH, HFC, xDSL, VoIP and IPTV. Real pressure: thousands of customers down and money burning. Direct communication with field operators and technical escalation to management without intermediaries.
Development
Lazarus/FPC and C/C++. Native Win64/Linux executables with no runtime, no dependency zoo. REST APIs with authentication and real-world throughput applied to internal operations and monitoring tools.
Cybersecurity
BlueTeam first, PurpleTeam with offensive mindset. Threat modeling and responsible disclosure. Real TTP analysis applied to defensive hardening. ENS · NIS2 · ISO 27001
Linux Systems
LMDE · Debian. Administration, hardening, bash scripting. Reproducible, audited and portable infrastructure.
Local AI
LLMs on own hardware. Ollama · OpenWebUI · RAG pipelines over internal technical documentation. Total data sovereignty, no cloud dependency.
Operational Philosophy
KISS. Minimal dependencies. Code readable in 3 years. A 50-line bash script that works beats a 12-microservice cloud architecture that doesn't scale. Native binaries without runtime over a dependency zoo.
Latest: Done & Burning
⚡Purple-n-Green — Portable security workstation —+
Analysis and response environment on external USB SSD. Boots on any x86 without touching the host system. Kali Linux VM for controlled offensive work.
LMDE7 Host · Kali Linux VM · VirtualBox · CherryTree
⚡SM-Soda — Native static HTTP server —+
Single executable, zero dependencies: serves static files from any directory. Drop-in replacement for python3 -m http.server — without Python, without imports, without virtual environments. Dual implementation for cross-behavior validation.
Lazarus/FPC · C/C++
Responsible Disclosure — Consellería de Educación (Xunta de Galicia) —+
Identification of critical physical security vulnerabilities in educational equipment assigned to minors. Coordination with DPO, CCN-CERT and CSIRT-Galicia. Technical mapping to ENS/RGPD/LOPIVI (Spanish National Security Scheme / GDPR).
ENS RD 311/2022 · RGPD Art.32 · LOPIVI · CCN-CERT · CSIRT-Galicia · physical security
Responsible Disclosure — Registered political entity —+
Identification and reporting of vulnerabilities in the web infrastructure of a registered political party. Responsible disclosure process coordinated with INCIBE-CERT and hosting provider.
INCIBE-CERT · Critical CVEs (CVSS 9.8) · RGPD Art.9 · Passive OSINT
Multichannel fashion SME — Management & Reporting System —+
Native Win64 application: role-based authentication, reports from Shopify API and ClassicGes/DBF via Samba, AES-256 encrypted secrets. Zero-install deployment. Technical documentation and secret delivery to management.
Lazarus/FPC · Supabase/PostgreSQL · Shopify API · AES-256 · Fernet · PyInstaller · DBF/ClassicGes · Samba