Italian paperwork. Security tools. Writing.
Maths background. I help Italian families with UK and international bureaucracy through Resinaro, run Corviado, a UK company that documents how Italian law and consular bureaucracy actually work, and build security and data tools in the time between.
Things I run
Resinaro
resinaro.comHelp with Italian consular paperwork for families around the world. Passport appointments, AIRE and citizenship registration, document translation. It is all paperwork you can do yourself; we try to make it less painful.
Corviado Ltd
UK companyUK company that documents how Italian law and consular bureaucracy actually work. Citizenship, AIRE, passports, the official machinery people only meet when they are stuck in it. Writing and research, not services. Nothing is sold.
Independent technical work
/workSecurity review, threat modelling, OPSEC for sensitive data. Sometimes data analysis. Fixed-fee, scoped in writing, taken when there is capacity.
Applied mathematics. Tested code.
Seven open-source projects in security and applied mathematics. Information theory, statistical modeling, graph analysis - different problems, same method. The test suites verify mathematical properties, not just code paths.
Production system thinking is in the writing. /writing/dispute-defense covers scoring models, rolling-window monitoring, and idempotent webhook handlers from a real Stripe deployment.
Stack
Each chip → project or writing where the skill is shown.
How it fits together
Featured
21 browser-only PDF tools. Nothing leaves the browser — CSP blocks all network access, three concurrent monitors feed a tamper-evident HMAC chain, and the VPE audit report is cryptographically signed. Passkey authentication, offline entitlements via ECDSA tokens.
Security scanner for business websites. Seven scanners check TLS, headers, email authentication, exposed files, third-party tracking, forms, and cookies. Every finding maps to a documented breach — 115 precedents from ICO enforcement, FBI IC3, and court filings. Industry profiles adjust severity: no DMARC on an immigration agency is critical, not just high.
Other projects
Attribution investigation. Dempster-Shafer evidence fusion, Shannon entropy anonymity quantification, Fellegi-Sunter identity correlation. Court-ready forensic reports citing 12 UK statutes. 421 tests.
Identity exposure quantification. Shannon entropy, Fellegi-Sunter record linkage, data broker supply chain as a directed graph. 303 tests.
Cryptocurrency transaction privacy. Eight attack surfaces, Dempster-Shafer evidence fusion, inverse-OSPEAD for Monero ring analysis. Started as a maths dissertation. 364 tests, 18 papers cited.
OSINT reconnaissance tool. 17 data source plugins, spectral graph clustering, Lévy stable request timing to resist statistical detection. 331 tests.
Encrypted document exchange. AES-256-GCM with HMAC key commitment (MEGA-class attack prevention), PBKDF2 passwords, AAD-bound metadata. Key in URL fragment. Nine research documents before code. 43 tests.