INITIALIZING
NODE: DL-017
BAT
82%
RSSI -67 dBm
SNR 9.2 dB
HDG 247.3°
SPD 0.0 km/h
POS 39.7392°N 104.9903°W
ALT 1,609m
MESH STATUS
NODES 20 online
PKTS 14,328
UPTIME 847h 23m
LAST 2.3s
Nathan Brewer
NATHAN BREWER

FULL STACK IOT

from bare metal to orbital links

SILICON FIRMWARE RF MESH ORBIT CLOUD ZERO TRUST
↓ SCROLL
// PROXIMITY OPEN WGM

From Schematic to Production

// 02 — THE MESH

The RF Layer

How data moves across terrain without infrastructure. LoRa chirp modulation, 20+ live mesh nodes, encrypted packets, GPS-tracked and battery-monitored in real time.

// LoRaWAN PHYPayload ├── MHDR (1B) msg type + major ├── MACPayload │ ├── FHDR (7B) DevAddr + FCtrl + FCnt │ ├── FPort (1B) application port │ └── FRMPayload AES-128 encrypted └── MIC (4B) AES-CMAC integrity
dftz.net — live mesh platform → droplink — solar mesh hardware →
// deep dive

LoRaWAN Protocol Stack

LMIC · IBM reference MAC · The Things Network — Amsterdam, 2015
The Things Network

June 2015 — Wienke Giezeman walks into an Amsterdam hackerspace. Jonathan Carter shows him a LoRaWAN gateway. One router. €1,200. 10km range. Thousands of devices.

Six weeks later, they'd convinced enough Amsterdam residents to buy gateways and host them on rooftops. One city. Crowdfunded. Community-owned. No telco. No subscription.

The story hit Hacker News, then the IoT blogs. Within months, communities in São Paulo, Boston, Cape Town, Sydney, and Manchester were spinning up their own networks. The Things Network became the largest community-driven IoT infrastructure project in the world.

  • 10,000+ gateways deployed across 150+ countries
  • Community-owned infrastructure — no carrier fees
  • Open-source network server (The Things Stack)
  • Proved LoRaWAN could scale without enterprise budgets
Uplink Frame
// Class A uplink — device-initiated ┌──────────┬──────────────────────┬─────┐ │ PreamblePHYPayloadCRC │ │ 8 sym │ N bytes │ 2B │ └──────────┴──────────────────────┴─────┘ ┌─── MHDR (1B) │ ├── MType: Unconfirmed/Confirmed Up │ └── Major: LoRaWAN R1 ├─── MACPayload │ ├── FHDR (7-22B) │ │ ├── DevAddr (4B) │ │ ├── FCtrl (1B) ADR|ACK|FPending │ │ ├── FCnt (2B) frame counter │ │ └── FOpts (0-15B) MAC commands │ ├── FPort (1B) 0=MAC, 1-223=app │ └── FRMPayload AES-128-CTR encrypted └─── MIC (4B) AES-128-CMAC(NwkSKey)
Downlink Windows
// Class A RX windows after uplink TX ━━━━━━━┓ ┃ ┣━━ RX_DELAY1 ━━━━━━━━━┓ ┃ (1 second) ┃ ┃ ┣━ RX1 window ┃ ┃ same freq, DR_down ┃ ┃ ┣━━ RX_DELAY2 ━━━━━━━━━┫ ┃ (2 seconds) ┃ ┃ ┣━ RX2 window ┃ ┃ 923.3 MHz, DR8 ┗━━━━━━━━━━━━━━━━━━━━━━━┛
US915 Frequency Plan
UPLINK CHANNELS (64 × 125kHz + 8 × 500kHz) CH 0-7 DR0-DR3 902.3 — 903.7 MHz │ sub-band 1 CH 8-15 DR0-DR3 903.9 — 905.3 MHz │ sub-band 2 ← CH 16-23 DR0-DR3 905.5 — 906.9 MHz │ sub-band 3 CH 24-31 DR0-DR3 907.1 — 908.5 MHz │ sub-band 4 CH 32-39 DR0-DR3 908.7 — 910.1 MHz │ sub-band 5 CH 40-47 DR0-DR3 910.3 — 911.7 MHz │ sub-band 6 CH 48-55 DR0-DR3 911.9 — 913.3 MHz │ sub-band 7 CH 56-63 DR0-DR3 913.5 — 914.9 MHz │ sub-band 8 CH 64-71 DR4 903.0 — 914.2 MHz │ 500kHz wide DOWNLINK CHANNELS (8 × 500kHz) CH 0-7 DR8-DR13 923.3 — 927.5 MHz │ 600kHz spacing DATA RATES DR0 SF12/125kHz 250 bps ← max range DR1 SF11/125kHz 440 bps DR2 SF10/125kHz 980 bps DR3 SF9/125kHz 1760 bps DR4 SF8/500kHz 12500 bps ← max throughput
LMIC Event Loop
  • Event-driven MAC layer — no blocking, no threads
  • os_runloop() — cooperative scheduling on bare metal
  • OTAA join: DevNonce → JoinRequest → JoinAccept → session keys
  • ABP: pre-provisioned DevAddr + NwkSKey + AppSKey
  • Duty cycle tracking per sub-band (1% / 0.1%)
  • Automatic RX window timing — μs precision
  • ADR: network commands SF/TxPower based on uplink SNR
// A hackerspace in Amsterdam proved you don't need a telecom to build a network. You just need rooftops, radios, and a community that gives a shit.
// deep dive

Meshtastic + Community PKI

Open-source encrypted mesh · raw LoRa modulation · no infrastructure required
Origin

Meshtastic started in 2020 as a side project by Kevin Hester — a simple idea: use cheap LoRa radios to create long-range, off-grid text communication with zero infrastructure.

It's grown into one of the most active open-source mesh networking projects in the world. Thousands of nodes. Community-driven. No company. No subscription. No tower.

  • Raw LoRa modulation — NOT LoRaWAN (no gateway needed)
  • ESP32 / nRF52840 / RP2040 hardware platforms
  • BLE + WiFi client interface (phone, web, CLI)
  • Protobuf serialization — efficient wire format
  • Store-and-forward mesh relay with TTL
  • GPS position sharing + range testing
My Deployment

20+ radios across the Front Range. Live encrypted telemetry. GPS, battery, signal quality — all routed through MQTT to a WireGuard-tunneled broker.

  • Heltec V3, T-Beam, RAK WisBlock nodes
  • Solar-powered repeaters at elevation
  • MQTT bridge → Mosquitto → Node-RED → Timestream
  • Real-time dashboard: position, battery, RSSI, SNR
  • Custom channel configs per use case
  • Range tested to 20+ km line-of-sight
Encryption Model
// Meshtastic channel encryption Channel Key Derivation: PSK = SHA-256(channel_name + channel_key) Encryption: AES-256-CTR Per-packet nonce: packetId + fromNode PKI Mode (v2.3+): Each device generates Curve25519 keypair Public key shared via channel DM encryption: ECDH shared secretAES-256-CTR per-message key Key Hierarchy: └── Device Identity (Curve25519) ├── Channel PSK (AES-256, shared) └── DM Sessions (ECDH, per-pair)
Community PKI

Meshtastic's PKI evolution mirrors the broader challenge of decentralized device identity — how do you establish trust without a central authority?

  • Device-generated Curve25519 keypairs — no CA
  • Public key exchange via shared channel (TOFU model)
  • Trust-on-first-use with manual verification
  • No certificate chain — trust is peer-to-peer
  • Community key servers emerging for node discovery
  • Node identity tied to hardware — not an account

This is infrastructure-free security. No cloud. No CA. No subscription. Just math and mutual trust between radios.

// 20 nodes. Encrypted. GPS-tracked. Battery-monitored. Running right now across the Colorado Front Range.
// CUSTOM HARDWARE

Designed. Fabricated. Deployed.

// OPENCV FACIAL RECOGNITION · ~2016
// REAL-TIME FACE DETECTION · PYTHON + OPENCV
// 03 — THE ORBIT

Orbital Links

When terrestrial infrastructure doesn't exist. LEO satellite pass prediction, Doppler compensation, and store-and-forward scheduling that gets data out from anywhere on the planet.

When there's no tower, no cable, no infrastructure — there's still an orbit window.
// 04 — THE CLOUD

The Infrastructure

Where edge telemetry becomes enterprise intelligence. MQTT brokers, device shadows, per-device policy authorization, and serverless pipelines that scale from 10 devices to 10 million.

// IoT Policy — per-device topic auth { "Effect": "Allow", "Action": ["iot:Publish"], "Resource": "arn:aws:iot:*:*:topic/dt/${iot:Connection.Thing.ThingName}/*" }
Every device gets its own identity, its own policy, its own shadow. No shared secrets. No ambient authority.
// deep dive

The MQTT Evolution

From oil pipeline telemetry to hyperscale IoT — the protocol that won
Origin Story

1999 — Andy Stanford-Clark (IBM) and Arlen Nipper (Eurotech) needed to monitor oil pipelines via satellite. TCP was too heavy. HTTP was a joke. They built MQTT: a pub/sub protocol for unreliable networks with minimal overhead.

The design constraints of a satellite-linked SCADA system in 1999 became the foundation of modern IoT:

  • 2-byte fixed header — minimal wire overhead
  • QoS 0/1/2 — fire-and-forget to exactly-once
  • Last Will & Testament — broker detects dead clients
  • Retained messages — new subscribers get last state
  • Keep-alive heartbeat — half-open connection detection
  • Topic-based routing — hierarchical, no queues
Protocol Evolution
MQTT VERSION TIMELINE 1999 v1.0 │ IBM internal, oil pipeline SCADA 2010 v3.1 │ Royalty-free release, open spec 2014 v3.1.1 │ OASIS standard, UTF-8, $SYS topics 2019 v5.0 │ Properties, shared subs, auth flow WHAT v5.0 ADDED Reason Codes granular error reporting User Properties key-value metadata per packet Shared Subs load balancing across consumers Topic Aliases reduce repeated topic strings Flow Control per-connection receive maximum Auth Packets enhanced auth handshake (SCRAM) Session Expiry configurable persistent sessions
AWS IoT Core — The Commercial Layer

AWS didn't just host an MQTT broker. They wrapped it in an identity-aware, policy-driven authorization layer that turned a 1999 telemetry protocol into an enterprise-grade device management platform.

// The key insight: topic = resource, verb = action Traditional MQTT ACL (Mosquitto): user device01 → allow publish dt/device01/# user device01 → deny publish dt/device02/# // flat file, per-user, no variables AWS IoT Policy (IAM-style): { "Effect": "Allow", "Action": "iot:Publish", "Resource": "topic/dt/${iot:Connection.Thing.ThingName}/*", "Condition": { "Bool": { "iot:Connection.Thing.IsAttached": true } } } // dynamic variables, conditions, per-device scoping
IoT Policy Variables

This is where it gets powerful. AWS IoT policies use connection-context variables — the device's own identity becomes the access boundary.

  • iot:Connection.Thing.ThingName — device identity from cert CN
  • iot:Connection.Thing.ThingTypeName — device class/type
  • iot:Connection.Thing.Attributes[key] — custom attributes
  • iot:Connection.Thing.IsAttached — cert-to-thing binding
  • iot:ClientId — MQTT client ID from CONNECT

One policy template. A million devices. Each one scoped to its own topics, its own shadow, its own data path. Zero per-device configuration.

Rules Engine Pipeline
MQTT MESSAGE FLOW Device → MQTT Publish → IoT Core Broker │ ┌─────────┼─────────┐ ▼ ▼ ▼ Rules Engine Shadow Registry SQL SELECT reported/ thing attrs WHERE ... desired groups │ ┌────────┼────────┬────────┐ ▼ ▼ ▼ ▼ Lambda Kinesis S3 Timestream compute stream archive time-series
// A protocol designed for satellite-linked oil pipelines in 1999 now runs billions of device connections. The constraints haven't changed — bandwidth is still expensive, batteries still die, networks still drop. MQTT just got it right the first time.
// EDGE GATEWAY

WiFi. BLE. MQTT.

// 05 — THE GATE

Zero Trust

Security isn't a feature — it's the architecture. X.509 device identity, private CA infrastructure, mutual TLS at every hop, and hardware roots of trust that can't be cloned.

// Certificate chain of trust ROOT CA (offline, air-gapped) └── INTERMEDIATE CA (online, automated) └── DEVICE CERT (provisioned at mfg) └── PRIVATE KEY (secure element) └── ATECC608B — never extractable
If a device can't prove its identity with cryptographic certainty, it doesn't get on the network. Period.
// HARDWARE ROOT OF TRUST

Secure Element. Private Key. Never Extractable.

I Build The Full Stack

From register maps to IAM policies.
From chirp modulation to orbital mechanics.
From secure boot to certificate rotation.

If you need someone who architects IoT systems end-to-end —
not just configures platforms — let's talk.

→ LET'S CONNECT → DFTZ.NET — LIVE MESH PLATFORM → DROPLINK — SOLAR MESH HARDWARE
// ENTERING THE NEBULA

The IoT builds the edge.
AI builds everything else.

What happens when a generalist engineer points the most capable AI models on the planet at real problems — for 73 days straight?

Chapter 01 // The Generalist
Master of all technology.
Lazy coder.
14 years on GitHub. 9 languages. Hardware, firmware, mobile, web, infrastructure. The kind of engineer who can build anything from a PCB to a Kubernetes cluster — but always built just enough to prove it worked, then moved on.
GitHub Contributions // 2022-2025 (pre-AI era)
70
2022
189
2023
210
2024
1,052
2025-26
← 5x jump
C++C JavaScriptTypeScript SwiftKotlin PythonPHP HTML/CSSEagle CAD KiCadESPHome PulumiTerraform Docker
Chapter 02 // The Inflection
Same brain. Infinite throughput.
The generalist skillset wasn't the weakness — it was the latent advantage. Knowing a little about everything meant knowing exactly where to point the most capable AI models on the planet. The lazy coder became the most efficient one.
Before // Pre-AI
Daily output50-100 LoC
Projects/day1 (maybe)
Contributions/yr~150
Context switchesPainful
BreadthWide but shallow
Weakness"Lazy coder"
After // AI-Native
Daily output4,123 LoC
Projects/day3.2 average
Contributions/yr1,052+ (accelerating)
Context switches64% of days, no friction
BreadthWide AND deep
SuperpowerDirected inference
Chapter 03 // The Receipt
12.6 billion tokens.
73 days. 48 repos. 358K lines.
Not vanity metrics. Actual inference consumed building production systems — infrastructure-as-code, IoT platforms, customer-facing applications, mobile apps, and everything in between. Running 87% on Opus, the most capable model available.
12.6B
Tokens Processed
124,622
API Calls
4,123
LoC / Day
48
Production Repos
87%
OPUS
Opus (87%) — Maximum capability
Sonnet (11%) — Fast iteration
Haiku (1%) — Quick lookups
Inference by Domain
Platform/Backend
47.7%
Infrastructure
28.8%
IoT / Hardware
10.6%
Frontend / Mobile
7.1%
Other
5.8%
Chapter 04 // The Vector
The trajectory is vertical.
Monthly GitHub contributions overlaid with daily token consumption. The green is what the world can see. The magenta is the engine underneath.
Weekly Token Velocity (Last 4 Weeks)
Week of Jan 26Week of Feb 2Week of Feb 9Week of Feb 16
Chapter 05 // The Lab
Currently shipping.
PCBs. Firmware. Mobile apps. Cloud platforms. Smart contracts. All of it real. Most of it live.
DropLink
Meshtastic remote release mechanism. PCB design to iOS app to shipping product.
HardwareKiCadFirmwareiOS
Off-Grid Radio Network
People-powered mesh radio. Off-grid comms for everyone. Token economy in the works.
MeshtasticLoRaWeb3MQTT
AI Dev Platform
Self-hosted AI dev platform. Talk to it, build what you want. Every project gets its own container.
NuxtJSDockerClaude Codexterm.js
IoT Platform
Full-stack IoT platform. AWS IoT Core, hardware crypto chips, Pulumi/Terraform IaaC. Lambda, ECS, EC2, RDS, S3, EventBridge. Production.
AWS IoT CorePulumiKotlinNodeLambdaECS
🔒
BLE Lock Protocol
Reverse-engineered smart lock BLE protocol. 73 opcodes. Full Swift SDK and iOS app. No cloud.
SwiftBLEReverse EngineeringiOS
Mesh Client
Native iOS, iPadOS & macOS client for Meshtastic. SwiftUI, BLE, mesh networking.
SwiftSwiftUIBLEmacOS
🏃
Walking Pad + AI
MCP server that lets Claude control your walking pad. AI picks the speed based on task complexity.
PythonMCPClaude CodeBLE
Ω
Ohm School
Bluetooth multimeter companion for iOS & Apple Vision Pro. Yes, visionOS.
SwiftVision ProBLEvisionOS
HID-HOP
nRF52840 BLE-to-USB HID bridge. Custom firmware, Android app, iOS app. Published on both app stores.
nRF52840C++AndroidiOSApp Store
📡
Mega-Sensor Beacon
ESP32 sensor platform. Air quality, presence, scale, IMU, ToF, color, CO2, LoRa. One board.
ESP32C++PlatformIOLoRa
🔏
Access Controller
STM32 access control firmware. Signed auth protocol, BLE provisioning, calendar rules, OTA updates.
STM32PlatformIOMbed OSBLE
🎤
On-Device Whisper
Native macOS menu bar speech-to-text. Local Whisper model. Hotkey triggered. Zero cloud.
SwiftmacOSWhisperOn-Device AI
🔮
Voice Clone Engine
Local AI voice synthesis. F5-TTS model in memory for 1-3s inference. Embeddings + semantic search.
PythonF5-TTSChromaDBApple MPS
Mesh Token Economy
Smart contracts. Token economy for mesh network participation. Minting my own future.
SolidityWeb3Smart Contracts
📽
NoFlixGiven
Decentralized media lending. Own it. Lend it. Never kneel. Smart contracts, IPFS, WASM streaming.
SolidityIPFSWASMSmart Contracts
🛡
Hardware Security Research
Reverse-engineered commercial IoT device. Found API exposing BLE credentials for entire fleet.
SecurityReverse EngineeringBLEAPI
// this is not a portfolio. this is a tuesday.
Chapter 06 // Work With Me
Hire Me.

One engineer. Full-stack output. Infrastructure to IoT to frontend. I bring the AI compute, the context, and 14 years of building everything from circuit boards to cloud platforms.

172M
Tokens / Day
3.2
Projects / Day
1,707
API Calls / Day
GitHub
© 2026 Brewer Systems • Directed Inference Engineering
12,557,009,344 tokens • 358,862 lines of code • and counting