The Colophon

Notes on what runs this site, and why.

What runs here

An edge worker serves three hostnames: aroessner.com (this bio), git.aroessner.com (the public technical showcase), and www.aroessner.com (a redirect to the apex). A separate worker serves the private infrastructure dashboard. The git remote at forge.aroessner.com is sovereign — kept on dedicated hardware in one room, reachable through a tunnel, mirrored to encrypted offsite storage on a regular cadence and verified by a monthly restore drill.

There is no client-side JavaScript on the wire. Every page arrives as static HTML, server-rendered at the edge, with no hydration step. The fonts are self-hosted; nothing else travels beyond the HTML.

Live data

A signed webhook fires from the sovereign git on every push, so commit activity reaches the Atom feed and the showcase pages within seconds. A small periodic collector keeps slower-moving metrics current. Both write into the same edge key-value bus, which is read by every worker that renders a page. One bus, multiple readers — no separate database, no separate write paths.

The architecture is a deliberate inversion of the conventional "web app" pattern. KV is the database. The workers are the API. The browser receives finished HTML.

Stack, end to end

Front of house — Cloudflare Workers, KV, Tunnel, R2, Email Routing
Back of house — sovereign git on dedicated hardware, deduplicated encrypted offsite mirror, external watchdog
Type — Cormorant Garamond by Christian Thalmann (regular, italic, medium, semibold)
Palette — parchment #f6f3ec, ink #14110d, hairlines #bfb097
Grain — SVG turbulence filter rendered as a tile, multiplied over the background. No raster image.

Privacy posture

No third-party JavaScript. No analytics service. No fonts on a CDN. No pixel trackers, no fingerprinting, no consent banner — there is nothing to consent to. A strict Content-Security-Policy disallows all script and frame-ancestor traffic; HSTS is preloaded. The site is, on the wire, almost entirely text.

Visitor analytics are a deliberate omission. The metric I optimize for is whether the email arrives, not whether the page was viewed.

Sovereignty

All source for this site lives on a self-hosted git remote, on hardware physically present in one room, with encrypted snapshots mirrored offsite and verified by a monthly restore drill. No third-party platform can revoke access to the codebase that runs this domain. That is the load-bearing property; everything else is implementation.

Performance

Pages arrive as small, server-rendered HTML; fonts are cached aggressively. Time-to-first-byte from a typical US connection is well under a quarter second. Cache-Control is short on HTML so the live numbers stay live, longer at the edge so the workers stay cheap.

What is intentionally not here

A "subscribe" call-to-action
A cookie banner
A blog with periodic content marketing
Stock photography
An "About" page that buries the work under personality
A web framework or build tool — the Worker is hand-written

Source

The Worker code that runs aroessner.com and git.aroessner.com lives in my sovereign git. The dashboard Worker, the collector script, and the backup-empire orchestration also live there. None of it is public; questions are welcome.

Influences

Two lenses I deliberately consult. Neither has read this site.

Trae Stephens

Anduril, Founders Fund. Ship before ready; conviction-backed deployment over consensus-checked planning. The work is the brand — manifestos and Substacks are testimony, not evidence.

Naval Ravikant

Specific knowledge cannot be taught, only earned. Permissionless leverage compounds the most where the work is illegible to the people who would otherwise gatekeep it.

Questions or quibbles — alex.roessner@landseed.earth