online · Colombo, LK · 07:51:55 UTC+05:30 · uptime 2y 6m

Thathsara
Madusha.

Building full-stack systems and the DevOps plumbing that keeps them honest — from Kubernetes clusters to AI-powered platforms.

studying · BSc CS (Hons.) @ UCSC researching · DDoS-aware autoscaling building · homelab + open source GPA · 3.66 · Director’s List ×2

[07:00] homelab k8s cluster health: all nodes ready, uptime 47d [07:07] research ddos-autoscaling: methodology draft in review [08:14] github smile: PR merged — AI recommendation engine v2 [08:21] ucsc GPA: 3.66 — Director’s List 2023 & 2024 [09:28] research syn-dpi-bypass: feasibility analysis 60% complete [09:35] github pixel-ai: Ballerina API exam module deployed [10:42] homelab grafana: 0 critical alerts, prometheus scrape 30s [10:49] coffee v60 #2 brewed, focus level nominal [11:56] homelab k8s cluster health: all nodes ready, uptime 47d [11:03] research ddos-autoscaling: methodology draft in review [12:10] github smile: PR merged — AI recommendation engine v2 [12:17] ucsc GPA: 3.66 — Director’s List 2023 & 2024 [13:24] research syn-dpi-bypass: feasibility analysis 60% complete [13:31] github pixel-ai: Ballerina API exam module deployed [14:38] homelab grafana: 0 critical alerts, prometheus scrape 30s [14:45] coffee v60 #2 brewed, focus level nominal

// quick nav

↳ about ↳ projects (ml) ↳ open source ↳ writing ↳ stack ↳ timeline (cv) ↳ now ↳ try the terminal ↓

// reach

email thathsaramadhhusha@gmail.com

github @nova9

twttr @thathsara_m

pgp A5F8 2C0D 9E11 4B73

// PSST

there are a few hidden things on this page.
try typing help, secrets, or the konami code. ↑↑↓↓←→←→ba

about

whoami.md active

Software engineer at UCSC building full-stack systems and the DevOps plumbing that keeps them honest — from Kubernetes clusters to AI-powered platforms.

I’m a software engineer at the University of Colombo School of Computing. I work across the stack: backend services in Go, React frontends, container orchestration with Kubernetes, and cloud infra on AWS and GCP.

I’ve shipped production features as a full-stack intern at WSO2, built freelance Laravel apps from 2022–2024, and run a self-hosted homelab exposed to the public internet. I like building things that actually run and don’t fall over.

Currently researching DDoS-aware autoscaling in cloud environments and data exfiltration via TCP SYN packets. Previously: Organizing Committee VP at AIESEC Insight 2024. I hold the Director’s List Award for academic excellence in 2023 and 2024.

✦ Otherwise: homelab tinkering at odd hours, a half-finished research paper about TCP SYN packets, and coffee. Open to internships, weird collaborations, and projects that ship.

profile.jsonverified

nameThathsara Madusha handle@nova9 roleSoftware Engineer & DevOps Practitioner locColombo, LK · UTC+05:30 statusshipping stack gotsphppy domains webdevopsai pgpA5F8 2C0D 9E11 4B73

        ▒▒▒▒▒▒▒▒▒▒        
     ▒▒░░░░░░░░░░░░▒▒     
   ▒▒░░░░░░░░░░░░░░░░▒▒   
  ▒░░░░▓▓░░░░░░░░▓▓░░░░▒  
  ▒░░░░░░░░░░░░░░░░░░░░▒  
  ▒░░░░░░░░░░██░░░░░░░░▒  
  ▒░░░░░░██████████░░░░▒  
   ▒▒░░░░░░░░░░░░░░░░▒▒   
     ▒▒░░░░░░░░░░░░▒▒     
    ▓▓▓▓▓░░░░░░░░▓▓▓▓▓

projects.ml

projects/ 5 active · 12 archived

homelab

secoss

Self-hosted infrastructure lab running production-grade services on commodity hardware, exposed to the public internet. Kubernetes for container orchestration, Nginx as reverse proxy with TLS termination. Full observability via Grafana and Prometheus dashboards.

lang · YAML, Shell shipped · 2024 ★ — stack · Kubernetes · Nginx · Grafana +3

// live

cluster: Kubernetes
proxy: Nginx + TLS termination
observability: Grafana + Prometheus
exposed: public internet

↗ github

smile

mloss

Volunteer management platform with an AI-powered event recommendation engine. Matches volunteers to opportunities using OpenAI embeddings + cosine similarity over Google Maps data. Real-time messaging between volunteers and organisers, plus AWS Rekognition for identity verification.

lang · PHP, JavaScript shipped · 2025 ★ — stack · Laravel · Livewire · Volt +3

// live

rec engine: cosine similarity
embeddings: OpenAI
verification: AWS Rekognition
comms: real-time messaging

↗ github

pixel-ai

mloss

Comprehensive e-learning platform with AI-driven content generation. React/TypeScript frontend backed by a Ballerina microservices API covering user management, content delivery, exam management, and progress tracking. OpenAI for generation, MySQL for persistence, AWS SES for auth.

lang · TypeScript, Ballerina shipped · 2025 ★ — stack · React · TypeScript · Ballerina +3

// live

services: user, content, exam, progress
auth: AWS SES
content gen: OpenAI
API: RESTful modular

↗ github

talent-pipeline

mlsec

Cloud-native recruitment platform that processed 12,000+ résumé PDFs using OpenAI. Deployed on Kubernetes via Terraform with a React/Laravel stack. AI-driven features connecting candidates, employers, and recruiters for career guidance and streamlined hiring at scale.

lang · TypeScript, PHP shipped · 2025 ★ — stack · React · Laravel · Kubernetes +3

// live

resumes processed: 12,000+
infra: Kubernetes via Terraform
stack: React + Laravel
features: AI matching, career guidance

↗ github

launchpad

osssec

Internship management system built on a custom MVC PHP framework written from scratch — routing, middleware, and ORM included. Established automated test coverage with Pest for unit tests and Selenium for end-to-end browser testing.

lang · PHP shipped · 2024 ★ — stack · PHP · Custom MVC · Pest +2

// live

framework: built from scratch
routing + ORM: custom
unit tests: Pest
E2E tests: Selenium

↗ github

open source

github.com/nova9 live data

987

contributions this year

public repositories

followers

top repos shown

lite-dl

Python script to download any literotica story

Python ★ 10 ⑂ 1

madura_api

An API to access online madura dictionary

Python ★ 6 ⑂ 0

project34

—

Blade ★ 2 ⑂ 0

smile

—

Blade ★ 1 ⑂ 0

seer

An LLM written using Rust.

Rust ★ 0 ⑂ 0

thathsara.lk

—

Astro ★ 0 ⑂ 0

writing

blog/access.log rss available

# tail -f ~/blog/access.log · 8 entries

2026-05-01 STDY

DDoS-Aware Autoscaling: distinguishing legitimate vs. malicious traffic

Research notes on EDoS attacks and resource allocation under adversarial load.

cloudsecurityresearch

2025-12-10 HACK

Bypassing Deep Packet Inspection via Data-in-SYN Packets

Technical feasibility and economic viability of embedding data in TCP SYN packets.

networkingsecurityresearch

2025-09-14 NOTE

Building a volunteer matching engine with OpenAI embeddings

Cosine similarity over embeddings + Google Maps for event-volunteer matching.

mlembeddingslaravel

2025-08-20 INFO

Processing 12,000 résumés with OpenAI on Kubernetes

Lessons from building a scalable AI recruitment pipeline on a student budget.

k8sopenaicloud

2025-07-05 HACK

Ballerina as a backend language: a React dev’s perspective

What it’s like to wire up a Ballerina microservices API for the first time.

ballerinabackendapi

2025-02-14 NOTE

WSO2 internship: shipping persistent storage across 6 codebases

Full-stack feature delivery through senior review, CI, and integration validation.

goreactwso2

2024-11-03 INFO

Building a PHP MVC framework from scratch

Routing, middleware, and ORM — what I learned skipping the framework.

phpmvcarchitecture

2024-06-20 HACK

Homelab on commodity hardware: Kubernetes, Nginx, and public internet exposure

Running production-grade infra at home without spending production-grade money.

k8shomelabdevops

# [end of log] — older entries: archive/

stack

skills.toml self-reported, biased

Languages

2024

JavaScript / TypeScript

2022

PHP

2022

Python

2023

C / C++

2023

SQL

2022

Web

Laravel

2022

React

2023

Vue.JS

2023

NodeJS

2022

Livewire / Volt

2024

Ballerina

2025

Tools & DevOps

Docker

2023

Kubernetes

2024

Terraform

2025

GitHub Actions

2023

Grafana / Prometheus

2024

Git

2022

Platforms

Amazon Web Services

2024

Google Cloud Platform

2025

Nginx

2024

MySQL / PostgreSQL

2022

Linux / Shell

2022

Selenium / Pest

2024

operating philosophy

ship it, then observe it. I'd rather have a Grafana dashboard that tells me something broke than an architecture diagram that says it won't. I'd rather write the migration than the slide deck. The most satisfying work is code that runs in prod without anyone noticing.

# things I will fight you on:
frameworks exist to be replaced · a custom ORM teaches you more than using one · observability is not optional · Kubernetes is worth the pain.

timeline

git log --author=thathsara 3 entries · 1 current

2025 — 2026

Intern Software Engineer @ WSO2 LLC

Designed and shipped a full-stack feature for persistent storage attachment to cloud applications. Backend services in Go handling volume lifecycle management and deduplication. React/TypeScript marketplace UI for shared storage resources. Coordinated across 6 codebases and 3 teams.

PRs: 7 mergedlang: Go + React/TSscope: 6 codebases

2023 — now

BSc Computer Science (Hons.) @ UCSC, Colombo

GPA 3.66. Director’s List 2023 and 2024. Researching DDoS-aware autoscaling and TCP SYN data exfiltration. AIESEC Organizing Committee VP for Insight 2024.

GPA: 3.66awards: Director's List ×2research: 2 ongoing

2022 — 2024

Freelance Web Developer @ Remote

Delivered Laravel-based CMS and web applications for multiple clients. Owned backend architecture, deployment, and ongoing maintenance. Improved client search visibility through SEO best practices and structured data markup.

stack: Laravel + PHPfocus: CMS & web appsextras: SEO + performance

2020

$ git init

First commit. A PHP script to scrape exam results. Lost the repo, kept the habit.

now

~/.now updated may 27 2026

currently running PID 0–6

pidcmdcpumem

0x01 research --topic ddos-autoscaling --status ongoing 62% 2G

0x02 research --topic syn-packet-dpi-bypass --status ongoing 45% 1G

0x03 study UCSC Year 3 Semester 1 80% 4G

0x04 homelab --cluster k8s --status running --uptime 47d 12% 512M

0x05 read Computer Networking: A Top-Down Approach 3% 64M

0x06 brew --method v60 --beans local-roast 70% ∞

Pretraining a 350M-param policy model on a year of CloudTrail traces. Writing chapter 3 of Verifiable ML in Regulated Clouds (early 2027, manning). On-call primary this rotation; pager has been quiet — I’d like to keep it that way.

reading curr / done / next

⏵

Computer Networking: A Top-Down Approach

Kurose & Ross

cur

⏵

Cloud Native DevOps with Kubernetes

Arundel & Domingus

cur

✓

The Phoenix Project

Gene Kim et al.

done

○

Designing Data-Intensive Applications

Martin Kleppmann

todo

○

Clean Architecture

Robert C. Martin

todo

inbox 4 unread

●

Semester results: GPA 3.66 maintained

from ucsc-portal

LO 2d

●

homelab CI: cluster health check green

from github-actions

LO 4h

●

DDoS autoscaling: feedback on methodology draft

from research-supervisor

MD 1d

●

Daily digest: cs.NI + cs.CR (18 papers)

from arxiv

LO 6h

ThathsaraMadusha.

// quick nav

// reach

about

projects.ml

homelab

smile

pixel-ai

talent-pipeline

launchpad

open source

lite-dl

madura_api

project34

smile

seer

thathsara.lk

writing

stack

Languages

Web

Tools & DevOps

Platforms

operating philosophy

timeline

Intern Software Engineer @ WSO2 LLC

BSc Computer Science (Hons.) @ UCSC, Colombo

Freelance Web Developer @ Remote

$ git init

now

currently running PID 0–6

reading curr / done / next

inbox 4 unread

Thathsara
Madusha.