Notes April to June 2026

Published June 01, 2026 • Updated June 07, 2026

Github Pages

getting familiar with github pages
https://docs.github.com/en/pages
    created this blog
    
read up on creative commons license
https://creativecommons.org/licenses/

blog and github profile updated
    adding some features to blog
        search - done
        rss feed - done
        pagination - done
        giscus comments - maybe later
        
reviewing https://xmonader.github.io/nimdays/day12_resp.html
    
    this is mostly a nim tutorial - day 1 demidecode parser
    man dmidecode - interesting tool, shame its output is "unreliable"
    sudo dmidecode -q
    
installed a fedora 43 vm with kde
    going to use this for trying nim code
    
    sudo dnf group install c-development development-tools
    curl https://nim-lang.org/choosenim/init.sh -sSf | sh
    
    (optional) sudo dnf install --nogpgcheck --repofrompath '
    terra,https://repos.fyralabs.com/terra$releasever' terra-release
    
    sudo dnf install file-devel
    nim c -r main.nim
    
opentofu - an open source alternative to terraform (which was open source until 2023)
    https://github.com/opentofu/opentofu
    iac templates for azure
    https://github.com/infra-at-scale/organization-template
    
setup scrcpy
    https://github.com/genymobile/scrcpy

trying nim

published my first nim program, more to follow
    https://github.com/dofahy/nim-explore

getting kate setup for nim
    enabled plugins
    nimble install nimlsp
    nimble install nph 
        run formatting in cli
    kate defaults to python indentation for nim
        change to none
        settings > editing > indentation - set none and untick auto detect
    
    formatting in kate
        create external tool
        Name: Format Nim
        Exec: nph
        Args: %{Document:FileName}
        
        create shortcut for tool
        ctrl+alt+f
        
add markdown preview to kate
    sudo apt install markdownpart

bencode (bee-encode)
    the encoding use by torrent files as part of bittorrent spec
    https://en.wikipedia.org/wiki/Bencode
    
    integers, byte strings, lists and dictionaries
    a couple drawbacks:
        not human-readable encoding format. values often contain binary data, 
        so decoding by hand may be error prone. a hex editor or bencode editor is needed.
        does not store any metadata about the size of list or dictionary, 
        requiring all elements to be read sequentially. not be suitable for 
        large data where random access is required. 
        
nim - parsing bencode
    create nim-bencode, a library to encode/decode bencode torrent files
    
pushed code for nim-bencode
    can create more tests and improve bencode.nim to be closer to spec
    encoding and decoding are not robust

pushed code for nim-dmidecode
    nim c main.nim
    sudo dmidecode > dmi.txt
    ./main dmi.txt

    output
    Physical Memory Array => 6
    End Of Table => 0
    System Information => 8
    Processor Information => 22
    System Boot Information => 1
    Memory Array Mapped Address => 5
    Chassis Information => 15
    Memory Device => 21
    BIOS Information => 10
    
pushed code for nim-linkschecker
    a simple http utility using sequential or async
    
installed markdown preview for kate
    https://apps.kde.org/markdownpart/

viewing debian iputils package
    https://salsa.debian.org/debian/iputils/-/tree/master/ping?ref_type=heads

came across sourcehut, a lightweight alternative to github
    https://sourcehut.org/
    https://news.ycombinator.com/item?id=33607098

nim has a robust config file parser module parsecfg
    https://nim-lang.org/docs/parsecfg.html
    https://github.com/nim-lang/Nim/blob/devel/lib/pure/parsecfg.nim

created a smaller version that works on an ini file taken from wiki's ini article
    https://en.wikipedia.org/wiki/INI_file
    
    pushed code for nim-configparser
    
pushed code for nim-urlshort
    a simple url shortener
curl -X POST http://localhost:5000/short -H "Content-Type: application/json" -d '{"url":"example.com"}'
    {"id":"tzjgq"}

mythos model

SANS NewsBites email
    discussions on soon to be released mythos model - powerful but high token cost

watched dave's take on mythos
    https://www.youtube.com/watch?v=vELETrEp27k
    concern over malicious use - "offence moves at machine 
    speed while defence moves at corporate speed"
    cybersecurity areas that are now more important - asset inventory, 
    patch discipline, logging, lease privilege, dependency hygiene 
    and supply chain security."

irishvpn dev

installed mailpit
    sudo sh < <(curl -sL https://raw.githubusercontent.com/axllent/mailpit/develop/install.sh)

installed stripe-cli
    https://github.com/stripe/stripe-cli/releases
    
    stripe login
    if using gpg signing
        gpg --full-generate-key
    auth is good for 90 days
    
setup mariadb-10.11.16

used sdkman to get java 21

installed latest nvm and node
    curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash
    
fixed bug in temp password generation
    code did not gaurantee at least one letter, number and special
    

python interview prep

revise relevant topics for interview
    python, azure, saas, devops ci/cd, linux, postgresql, sqlalchemy
    webapp/api for authenticated to access content
    
authentication for api
    api keys
    basic auth with https
    bearer token (jwt)
    oauth
    digest authentication
    hmac

api vulnerabilities
    private resource leak
    predictable serial number attack
    session hijacking

python questions
    meta class

    decorators
        dataclass

    horizontal inheritance
    https://www.geeksforgeeks.org/python/multiple-inheritance-in-python/

    list comprehension

    generator function
    https://www.geeksforgeeks.org/python/generators-in-python/

    context manager
    https://www.geeksforgeeks.org/python/context-manager-in-python/

    concurrency
    threads
    asyncio

    the threads within each python process cannot truly run in parallel
    for parallelism you have to create multiple processes
    multiprocessing module

    containers
    sockets
    queues

regulations api

installed latest postgresql
/postgresql-18.3/bin/initdb -D ~/databases/data/pg18.3-casino-reg-ie --encoding=UTF8 --locale=en_IE.UTF-8
    
pushed code for regulations app
    working example for basic post and get
    can refactor main.py to fill in the be

added helpers to the casino regulations api
    commit checks
    test coverage
    ruff - linting and formatting

coverage in README is static
    can make it dynamic (later)
    codecov.io

need to use --no-verify until the imports are sorted

need to use underscores for python and postgres 
    dashes cause issues but they are only needed for 
        the apps name and cmd line starting
            everywhere else in code should be underscores

desktop froze twice - gpu gtx 1070 issue - driver (nvidia 580.126.09) or wayland
    audio was still playing
    alt+prt screen+b to force reboot
    see if it goes away with x11
        sudo apt install plasma-session-x11

added logging, can switch to json format when needed
    toggle sqlalchemy

network changes and kate support

made network changes
    removed ISP device. it is not needed
    set owned device to PPPoE
        vodafone@vodafone.ie
        broadband
    set vlan 10
    speeds tests are similar but stability has noticeably improved 
    
added additional support in kate
    https://github.com/python-lsp/python-lsp-server
    pip install python-lsp-server
    
    https://github.com/redhat-developer/yaml-language-server
    npm install -g yaml-language-server
    yaml-language-server --version => 1.22.0

    https://github.com/artempyanykh/marksman
        mv marksman-linux-x64 ~/.local/bin/marksman
        chmod +x ~/.local/bin/marksman
        echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
        source ~/.bashrc
        marksman --version => release 2026-02-08
        
Also, Tools > Spelling > Auto spell check

matrix protocol and sqlalchemy

matrix protocol
    https://en.wikipedia.org/wiki/Matrix_(protocol)
    A communications protocol that can bridge instant messaging apps into a single app. 
    The messaging app developed by the matrix team is called Element.

gerrit - free web-based team code collaboration tool.

renamed app to regulate-ie
    created github action for a production ci workflow
    may use poetry 
    can install with pipx
    
reading docs for version 2
    https://docs.sqlalchemy.org/en/20/tutorial/dbapi_transactions.html
    

pip, fortune and rogue

Went with pip-tools instead of poetry
    note on poetry setup:
        sudo apt install pipx
        pipx install poetry
        pipx upgrade poetry
        poetry completions bash >> ~/.bash_completion
        generate a project -> poetry init
        
sudo apt install fortunes
pipx install cowsay -> v6.1 original is 1999 perl program
(https://github.com/VaasuDevanS/cowsay-python)
cowsay -t "$(fortune)" -c "tux"
        
    pip-tools -> https://pypi.org/project/pip-tools/
    can install it in project venv or using pipx
    pip install pip-tools
    pip-compile --version
        pip-compile, version 7.5.3
    pip-compile -o requirements.txt pyproject.toml --strip-extras
    pip-compile --extra dev -o requirements-dev.txt pyproject.toml --strip-extras

1980 text game
    https://en.wikipedia.org/wiki/Rogue_(video_game)
    https://en.wikipedia.org/wiki/Roguelike
    

openwrt router

firmware version: OpenWrt 21.02
kernel version: 5.4.238

OpenWrt - Linux operating system targeting embedded devices
    https://openwrt.org/

LuCI - OpenWrt Configuration Interface 
    https://github.com/openwrt/luci/wiki/
    
ddns config
    https://openwrt.org/docs/guide-user/services/ddns/client
    
to configure ddns
    from router home page go to LuCI
    click System > software
    update list
    filter for ddns
    install  ddns-scripts and luci-app-ddns
    optional wget-ssl and ca-certificates, or curl and ca-bundle for SSL
    ddns-scripts-noip ddns-scripts-cloudflare 
    full reload page
    go to services > ddns
    delete defaults
    add new connections
    ca cert path -> /etc/ssl/certs
    for cloudflare the username is Bearer and pw is api key
    logs are auto truncated

create backup of current config
    system > backup > generate archive
    
setup ssh key only from lan
    use vpn to lan
   
ash
    https://en.wikipedia.org/wiki/Almquist_shell
    
opkg
    https://openwrt.org/docs/guide-user/additional-software/opkg
    
created layer 3 segmentation
    the web server is on its own network
    it can be accessed from the management network
    the firewall restricts it to reject input and forward
    custom input for dhcp and dns
    port forwarding setup 

updating dependencies and depracted code

mvn dependency:tree
mvn versions:display-dependency-updates

in addition to stable release this also shows candidate, milestone, snapshot, beta, alpha versions
only go with stable or milestone for production

This is too heavy but could run it as part of CI
https://dependency-check.github.io/DependencyCheck/dependency-check-maven/index.html

pom.xml updated with 
    org.springframework.boot 
    version 3.5.13
    
    jsonwebtoken
    https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-api
    latest 0.13.0
    
    stripe 32.0.0
        reverted to 30 as major version upgrade introduced breaking changes in 
        how objects are deserialized or how the Session object is constructed.
    
updating jjwt depracted code
    https://github.com/jwtk/jjwt#installation
    https://javadoc.io/doc/io.jsonwebtoken/jjwt-api/latest/io/jsonwebtoken/package-summary.html
    
    the JwtService class now has cleaner and more readable code.
    added issuer validation
    The "iss" (issuer) claim identifies the principal that issued the
    JWT.  The processing of this claim is generally application specific.
    The "iss" value is a case-sensitive string containing a StringOrURI
    value.  Use of this claim is OPTIONAL.
    https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.1
    

netbeans and dependency artifacts

netbeans has an option to auto download the source and javadoc for dependencies.
however this can cause slow startup times.

better to use maven
mvn dependency:sources
mvn dependency:resolve -Dclassifier=javadoc

they are needed for IDE features like code navigation, refactoring, and doc lookup.

network tester and KVM

network tester
    Bufferbloat and Internet Speed Test
    https://www.waveform.com/tools/bufferbloat

shopping list
    Remote KVM
        https://www.gl-inet.com/campaign/kvm/
    
kde tips
    can copy the clock in plasma to get a timestamp, useful for jekyll date requirements.

setting up local build system

setting up a local build system
    https://about.gitea.com/
    https://github.com/go-gitea/gitea
    
    can set up so that i push to it and github
        it will run tests and local repo
        github will just store private for remote acccess and as backup
        
    it's also called a forge
        https://en.wikipedia.org/wiki/Forge_(software)
        
setting up a forgejo system

    using a pi 5 as a prototype
    writing iac instructions as project progresses
    
    using:
        podman
        cockpit, cockipit-podman
        forgejo, forgejo-runner
        postgres
        caddy
        
    the container files specify config to run as systemd services
        systemd manages lifecycle/restarts
        podman exec for entering and running commands inside
        folders on the host persist and provide access to pod data
        like
            mkdir -p /srv/forge/data/caddy/{config,data,site}
        
    creating a rootful version first then try rootless.

caddy

https://en.wikipedia.org/wiki/Caddy_(web_server)
setup involved making a container, creating a Caddyfile and copying the cert to client 
devices then importing the authority cert in browser.
result is i can navigate to forge.home.arpa with no browser warnings.

pi EEPROM

https://en.wikipedia.org/wiki/EEPROM
electrically erasable programmable read-only memory is a type of non-volatile memory. 
It is used in computers, usually integrated in microcontrollers such as smart cards 
and remote keyless systems, or as a separate chip device, to store relatively small 
amounts of data by allowing individual bytes to be erased and reprogrammed.

Raspberry Pi EEPROM stores critical bootloader firmware on Pi 4/5 models, non-volatilely 
maintaining data without power.
https://github.com/raspberrypi/rpi-eeprom

sudo rpi-eeprom-update -a

ubuntu 26.04

steps to update
    logout
    ctrl+alt+f3
    sudo systemctl stop sddm
    cp .config backup-config
    rm -r .config
    sudo do-release-upgrade
        follow prompts
    reboot
        restore any config
        clean up any startup services
    systemd-analyze blame
    sudo systemctl disable NetworkManager-wait-online.service
    sudo systemctl disable qemu-kvm.service
    
    add to nextcloud service
    [Service]
    ExecStartPre=/bin/sleep 5
    systemctl --user daemon-reload
    systemctl --user restart com.nextcloud.desktopclient.nextcloud.servic