Luka Golubovic

Software engineer in Belgrade. I work across backend systems and web delivery, and most of my attention lately goes to application security, not as a separate phase, but as part of how the code gets written.

I spend a lot of time thinking about the distance between software that works and software that's hard to misuse. This site is where I write about that, and where I keep the projects that came out of it.

Writing

All posts

March 17, 2026·2 min read

The developer identity crisis

AI anxiety is real, but it's pointing at something bigger: a structural shift in what developers do and what the role becomes.

aicareerreflection

March 13, 2026·2 min read

Context is king

The highest-leverage thing you can do with AI coding tools isn't writing better prompts. It's giving them better context.

ai-toolsworkflowproductivity

March 12, 2026·1 min read

The reality of working and studying at the same time

It's genuinely hard. You're not alone. And it does end.

personalcareeruniversity

Projects

All projects

Full-stack e-commerce platform

An Angular storefront backed by Hasura GraphQL. Catalog browsing, cart management, checkout: the standard e-commerce flow, but built with a focus on keeping client state and backend truth in sync.

Security focus: Making sure the purchase flow can't drift. Server-side validation on cart and checkout state, auth checks on protected operations, tighter client-server consistency.

AngularHasura GraphQLTailwindCSSPrimeNGTypeScript

Source Live

Real-time distributed chat system

Built to figure out what breaks when WebSocket traffic has to live across multiple servers. Go backend, React frontend, Redis pub/sub for cross-instance messaging, a custom load balancer, and the whole thing runs in containers.

Security focus: Trust boundaries between services: which component gets to trust which messages, connections, and identities. WebSocket session constraints, separated responsibilities, container isolation.

ReactGoWebSocketRedis Pub/SubDocker

Source

Project aeon: local-first assistant platform

An assistant platform where your data never leaves your machine. Vector search over local documents, a local LLM runtime through Ollama, and clean boundaries between the API, vector store, and UI.

Security focus: Making the privacy guarantees real instead of aspirational. All data flows stay local by default, service boundaries are enforced, and runtime configuration is locked down.

FastAPIChromaDBVue 3TypeScriptNaive UIOllama