About
Second-year engineering student at IMT Atlantique in software development, after two years of intensive math & CS prep (CPGE) at Lycée Al-Zahrawi in Rabat. I learn by building stuff from scratch — implementing protocols from their RFCs, writing network tools in C, and running my own production infrastructure.
This site runs on a server I hardened from scratch: SELinux, least-privilege users, automated deployment with rollback. The blog documents every decision. I also contribute to open-source — notably yt-dlp (100k+ stars).
Looking for a 4-month internship starting April 2026 in software development, DevOps, or cybersecurity.
Projects
ibnbattuta Server
A hardened Linux server hosting this site — built from scratch to learn infrastructure by doing it.
websocketC
A zero-dependency WebSocket server in C implementing RFC 6455 from scratch, including manual SHA-1 and Base64.
Lodestone
A high-performance network packet capture and analysis tool written in C with zero-copy mmap support.
vm16bit
A 16-bit virtual machine with a custom instruction set and assembler, built from scratch in Python.
3D Object Reconstruction
Multi-view 3D reconstruction of small objects using geometrical optics and matrix decomposition in Python.
Skills & Technologies
Languages
Frameworks & Libraries
Developer Tools
Infrastructure & DevOps
Security & Systems
Databases
Writing
Can't Monitor Yourself
Closing the blind spot where my server's own monitoring fails silently — external uptime checks and dead man's switches.
When Deploys Go Wrong: Building a Rollback Mechanism
Upgrading the deployment pipeline with automated backups, four-layer validation, and a rollback script that restores code, dependencies, and application state.
Hardening Nginx: Security Headers and Rate Limiting
Adding browser-enforced security policies and request rate limiting to nginx — and understanding what each one actually defends against.
Deploying Flask the Hard Way: Git Hooks and Unix Sockets
I built a deployment pipeline from scratch using a bare Git repo, a post-receive hook, and five carefully scoped users. It broke in every way possible. That was the point.
Monitoring and Automated Response
Fail2ban for automated defense, a custom monitoring script for everything else, and the one failure mode neither can cover.
HTTPS or Nothing: Setting Up Nginx with TLS
Configuring nginx with Let's Encrypt, automated renewal, and why plaintext HTTP should never be an option.
Designing User Roles: Least Privilege in Practice
Three users, three roles, three blast radii. How I scoped permissions so compromise doesn't cascade.
Two Firewalls Are Better Than One
Defense in depth applied to network access — OCI Security Lists and firewalld working in tandem.
Hardening SSH
Within minutes of going live, bots were already knocking. Here's how I locked them out.
Choosing the Platform: Oracle Cloud and Oracle Linux
Why I picked Oracle Cloud's free tier and Oracle Linux for a production-style home lab.
Get in Touch
Looking for a 4-month internship starting April 2026. Open to collaborating or just talking shop about infrastructure.