brtkwr.com

Making hot sauce is more engineering than cooking

Thu, 09 Apr 2026 21:00:00 +0100

TL;DR — I did a hot sauce making course at Easton Chilli in Bristol. Came home with eight bottles and a new appreciation for the art and science behind it.

Why I signed up Link to heading

I like hot sauce. I go through bottles faster than I’d care to admit, but making my own had never crossed my mind. My partner got me an Easton Chilli course for Christmas. It got rescheduled once, then I sat on it for months before booking. Four months later, I finally went.

Switching OpenClaw to CLI backends for Claude and Codex

Thu, 09 Apr 2026 09:00:00 +0100

TL;DR: OpenClaw can call Claude and Codex through their CLI tools instead of hitting APIs directly. CLI backends give you better session handling and remove API key management. Switching over requires cleaning up some wizard-generated config. Extra usage billing still applies for Claude.

Why CLI backends Link to heading

OpenClaw supports two ways of talking to model providers: the embedded API (sends HTTP requests using an API key or token) and CLI backends (shells out to the provider’s CLI tool, e.g. claude or codex).

Migrating OpenClaw from Jetson Nano to a VPS

Wed, 08 Apr 2026 11:00:00 +0000

TL;DR: I moved my OpenClaw setup from a Jetson Nano to a VPS. Persistent block volume for state, Node 24 LTS instead of a hand-compiled Node 22, and the whole migration took about 20 minutes once I stopped fighting ARM constraints.

Why leave the Jetson Link to heading

I’ve been running OpenClaw on a Jetson Nano since February. It worked, but the maintenance cost kept climbing. The Nano runs Ubuntu 18.04 with an ancient glibc, so I had to compile Node 22 from source (27 hours). Bun global installs broke when OpenClaw tightened plugin manifest validation. Upgrades were a gamble.

Fixing the post-quantum SSH warning

Wed, 08 Apr 2026 09:00:00 +0000

OpenSSH 10.2 warns you when a connection isn’t using post-quantum key exchange. On the client side (macOS), it works out of the box. On the server side, you might need to upgrade OpenSSH, which on Ubuntu 18.04 means building from source.

The warning Link to heading

I SSH’d into my Linux box and got this:

** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

The warning comes from the client. OpenSSH 10.2 shows it when the negotiated key exchange algorithm is classical, which usually means the server doesn’t support post-quantum algorithms.

GCS uniform bucket access silently breaks project owner reads

Thu, 02 Apr 2026 13:00:00 +0100

TLDR: Enabling uniform_bucket_level_access on a GCS bucket disables the legacy role bindings that project owners rely on for object access. Your Terraform SA with roles/owner will get 403s reading objects it could read moments earlier. Add explicit roles/storage.objectViewer bindings on the bucket before flipping the setting.

I’d recommend uniform bucket-level access for most buckets. Without it, GCS uses two overlapping permission systems: bucket-level IAM and per-object ACLs. You can’t see object ACLs in get-iam-policy, so auditing access means checking two places. With uniform access, you manage all permissions through bucket-level IAM. Google recommends it for new buckets, and you can enforce it project-wide via org policies.

What we can all learn from the Claude Code source

Wed, 01 Apr 2026 09:00:00 +0000

TL;DR: Anthropic accidentally shipped the Claude Code source map; I went through it looking for patterns worth borrowing. The codebase reads like accumulated postmortem residue — the compaction circuit breaker exists because telemetry showed sessions burning 250K tokens on doomed retries, the LRU cache was rewritten after it leaked 300 MB, the keychain code references a specific CrowdStrike incident. Nothing was designed from scratch. The findings that weren’t widely covered:

Migrating from kube-prometheus-stack to Google Managed Prometheus

Fri, 27 Mar 2026 06:00:00 +0000

I spent a couple of days migrating our monitoring stack from self-hosted kube-prometheus-stack (KPS) to GKE’s native Google Managed Prometheus (GMP). The end result is simpler, cheaper, and removes about 2 TiB of persistent storage we no longer need. But the migration had enough non-obvious gotchas that I wanted to write it all down.

Why migrate? Link to heading

kube-prometheus-stack bundles Prometheus, Alertmanager, Grafana, node-exporter, kube-state-metrics, and the Prometheus operator into one Helm chart. It works well, but on GKE you’re duplicating what the platform already provides:

Why VPA ignores single-replica pods

Sun, 22 Mar 2026 10:00:00 +0000

TLDR: VPA’s updater defaults to requiring 2 replicas before it will evict a pod. Single-replica deployments are silently excluded from auto-healing — even if they’re crashlooping. You can override this with minReplicas: 1 in the VPA spec, no cluster upgrade needed.

I had a pod stuck in CrashLoopBackOff for 20 hours with 192 restarts. VPA had pushed its memory limit down to ~157Mi — too low for a Python service — and the pod was OOMing on every start.

Getting my Apple Watch workout history into Garmin

Sat, 21 Mar 2026 15:00:00 +0000

TL;DR — I switched from an Apple Watch to a Garmin and wanted to bring my workout history with me. Apple’s data export turned out to be surprisingly lossy — heart rate gets aggregated into 15-minute chunks. I ended up building an iOS app to read HealthKit directly, a Python converter to produce FIT files, and an upload script to push everything to Garmin Connect. 255 workouts, full-resolution heart rate, running dynamics, GPS — all transferred.

Fixing Spotlight Search for Applications on macOS

Tue, 17 Mar 2026 12:00:00 +0000

TL;DR: If Spotlight can’t find your apps, rebuild the Launch Services database with lsregister. It takes a few seconds and doesn’t require a reindex of your entire drive.

The problem Link to heading

Spotlight stopped finding some of my applications. Searching for apps I knew were installed returned nothing, or surfaced web results instead. Finder search was equally useless.

What didn’t work Link to heading

My first instinct was to reindex Spotlight for /Applications:

jj for Git Users: A Practical Walkthrough

Sun, 08 Mar 2026 22:30:00 +0000

TL;DR: jj (Jujutsu) is a Git-compatible version control system with some interesting ideas — automatic change tracking, universal undo, and a different take on history editing. It works on top of your existing Git repos, so you can try it without committing to anything.

Why I’m trying it Link to heading

The v0.39.0 release hit Hacker News and I finally decided to give it a proper go. I’ve been a happy Git user for years — worktrees, rebases, filter-branch rewrites, the lot. I’m not looking to replace Git, but jj takes some interesting approaches to things like history editing and conflict handling that I wanted to explore.

Why Jetson Nano Still Matters in 2026

Fri, 06 Mar 2026 15:55:00 +0000

TL;DR: Jetson Nano is old and stuck on Ubuntu 18.04-era software, but it’s still a great always-on host for bounded edge workloads like OpenClaw. Treat it like an appliance, not a modern dev workstation.

Frank Kelly, who also owns a Jetson Nano, asked my OpenClaw bot to write a blog post about it as a test. It politely replied that it would draft something and wait for my approval before posting. That first draft turned into this post after some back-and-forth in the Telegram group chat.

Mutating webhooks and ghost affinity on StatefulSets

Fri, 06 Mar 2026 09:00:00 +0000

TLDR: Mutating admission webhooks that inject scheduling rules (nodeSelector, tolerations, affinity) persist on StatefulSet pods even after you clean the StatefulSet template. The webhook re-fires on every pod CREATE and can read stale metadata to re-inject what you removed. The fix is to scale to 0 and back up — rollout restart doesn’t work.

I was decommissioning a GKE ComputeClass. ComputeClasses let you define scheduling profiles — node selectors, tolerations, affinity rules — and apply them to namespaces via labels. Under the hood, GKE enforces them with a mutating admission webhook (warden-mutating.config.common-webhooks.networking.gke.io).

Bulk cleaning stale git worktrees and branches

Fri, 06 Mar 2026 05:00:00 +0000

I use git worktrees heavily for parallel development. One worktree per ticket, across dozens of repositories. They’re especially useful if you work with AI coding agents — each agent gets its own isolated worktree, so it can run tests, install dependencies, and make changes without stepping on your work or another agent’s. The downside is that worktrees accumulate fast. I ended up with 256 of them consuming 28GB of disk, 700+ stale local branches, and 70% of it all referencing branches that were merged months ago.

Rewriting Git History with an LLM for Conventional Commits

Mon, 02 Mar 2026 20:21:00 +0000

TL;DR: Feed your entire git log + file lists into a single LLM call to generate a bash hash map of conventional commit messages, then apply it with git filter-branch in seconds. 143 commits rewritten in 6 seconds, one API call, ~$0.05.

Why bother? Link to heading

Good commit messages are documentation you get for free — but only if they’re actually meaningful. My repo had months of auto: update 2026-03-01T14:00:02 from a dumb cron job, mixed with inconsistently worded agent-written messages. Running git log was useless. I couldn’t grep for feature additions, distinguish fixes from docs changes, or understand what happened on any given day without reading diffs.

Upgrading OpenClaw to Latest on Jetson Nano with Node 22

Mon, 02 Mar 2026 06:45:00 +0000

This is a follow-up to my original post, Installing OpenClaw on a Jetson Nano, where I got things working with Bun on Ubuntu 18.04. That setup ran fine for a few weeks — until I tried to upgrade.

Why upgrade? Link to heading

The original Bun-based install (2026.2.6) was working fine, but I wanted access to newer features — improved Telegram handling, cron job fixes, better model fallback chains, and the new adaptive thinking defaults for Claude. OpenClaw moves fast, and staying weeks behind means missing meaningful improvements.

Go containers and the OOM killer

Tue, 24 Feb 2026 12:30:00 +0000

TLDR: Go doesn’t auto-detect container memory limits. Without GOMEMLIMIT, the GC lets the heap double freely until the OOM killer strikes. Read the cgroup limit at startup and set GOMEMLIMIT to ~85% of it via an entrypoint script so it adapts automatically when VPA adjusts your limits.

I was investigating a pod that had been crashlooping for 25 hours. The usual suspects — liveness probe failures, connection resets, CrashLoopBackOff. After deleting the pod and watching it come back healthy on a different node, I assumed it was a flaky spot instance. But looking closer, it was OOMing.

Stop re-running BigQuery queries when paginating

Mon, 23 Feb 2026 22:00:00 +0000

I recently learnt something about BigQuery pagination that I wish I’d known sooner. If you’re paginating BQ results with LIMIT/OFFSET in the SQL, you’re probably paying full slot cost on every single page request — even though BQ already has the results sitting there.

The problem Link to heading

BigQuery has a query cache, but it only kicks in when the SQL text and parameters are identical. If OFFSET changes on every page, every request is a cache miss.

Happy — controlling Claude Code from your phone

Wed, 18 Feb 2026 10:00:00 +0000

Happy lets you control Claude Code sessions from your phone. You run happy instead of claude, scan a QR code, and your session shows up on your phone. I’ve been using it for a few days — approving permissions on the go, watching output while making coffee, or talking to it with voice input. It’s open source (MIT) and free to use — there’s an optional £19.99/month subscription that gets you early access to new features.

How Cloudflare proxy mode silently breaks SendGrid email delivery

Mon, 16 Feb 2026 14:00:00 +0000

TLDR: If you manage SendGrid DNS records in Cloudflare, make sure PTR-related records are set to DNS-only. Proxying them silently breaks reverse DNS verification and causes email delivery failures with no alerts or warnings.

The setup Link to heading

If you use SendGrid with a dedicated IP, you’ll have a PTR record so receiving mail servers can verify your identity through reverse DNS.

The way this works: when a mail server receives a connection from your IP, it does a reverse lookup (dig -x <your-ip>) to get a hostname, then a forward lookup on that hostname to check the IP matches. This is called FCrDNS — forward-confirmed reverse DNS. If it doesn’t match, the server assumes you’re suspicious and rejects or defers your email.

Switching from Poetry to uv

Sun, 15 Feb 2026 10:00:00 +0000

I migrated a few Python projects from Poetry to uv. The conversion is mostly mechanical, so this focuses on what changed and why it was worth doing.

TLDR Link to heading

uv is generally faster than Poetry for dependency resolution and installation
Private registry auth goes from “install a keyring plugin” to “mount a credentials file”
Your pyproject.toml moves to PEP 621 standard format — no more [tool.poetry]
Use >= lower bounds in pyproject.toml, let the lockfile handle exact pinning

Why switch Link to heading

Speed. Poetry’s resolver can be slow. In Docker builds, the poetry install layer often took 60–90 seconds. With uv, the same layer is usually much faster. uv is written in Rust, resolves in parallel, and downloads packages concurrently.

Kubernetes health probes for stateful Python services

Fri, 13 Feb 2026 14:00:00 +0000

TLDR: If your entrypoint script doesn’t use exec, SIGTERM never reaches your Python app and graceful shutdown silently does nothing. Docker compose masks this entirely.

I use a single /health endpoint for all three Kubernetes probes — startup, liveness, and readiness. The difference in behaviour comes from failureThreshold in the probe config, not from separate code paths.

One endpoint, three probes Link to heading

The key insight is that failureThreshold controls how tolerant each probe is. All three probes hit the same /health endpoint, but they react differently to failures:

Fixing slow Docker builds on ephemeral CI runners

Thu, 12 Feb 2026 22:00:00 +0000

TLDR: --mount=type=cache makes RUN layers non-deterministic. On ephemeral runners the mount is always empty, so BuildKit can’t match layers from registry cache. Removing cache mounts, switching to registry cache with dynamic fallback, gating exports to deploy branches, and restricting triggers dropped builds from ~27 min to ~2 min — and cut redundant builds entirely.

I’d been ignoring slow Docker builds on a project for a while — around 27 minutes per build on ephemeral GCP runners, most of that spent in uv sync downloading Python dependencies from scratch. Every single build. Even though BuildKit caching was configured.

SSH fallback hosts with ProxyCommand

Mon, 09 Feb 2026 09:00:00 +0000

I have a Jetson Nano at home that I SSH into from my laptop. At home it’s on a local IP, but when I’m out I reach it via a public IP. I got tired of switching between ssh jetson-home and ssh jetson-www depending on where I am.

A VPN like Tailscale or WireGuard would also solve this, but I don’t always remember to switch it on. I wanted something that just works without thinking about it.

Installing OpenClaw on a Jetson Nano

Sun, 08 Feb 2026 21:00:00 +0000

The idea of messaging an AI assistant from my phone while I’m out walking and having it write code that I can steer — “try this approach instead”, “add tests for that edge case”, “actually scrap that, let’s do X” — is genuinely exciting. OpenClaw makes this possible by bridging Telegram (or WhatsApp) to Claude Code, so you can kick off and guide coding sessions from anywhere.

I wouldn’t run it on my main laptop though. OpenClaw gets broad system access — filesystem, shell, network, credentials — and there’s been a steady stream of security issues, including a one-click RCE vulnerability (CVE-2026-25253) and hundreds of exposed instances found via Shodan with no authentication. I had a Jetson Nano lying around doing nothing, so I used that instead — if something goes wrong, the blast radius is limited to a cheap ARM board.

Fixing HDMI resolution on a Jetson Nano

Sun, 08 Feb 2026 20:00:00 +0000

I connected my Jetson Nano to an external projector and the console text was microscopic. The framebuffer was running at 3840x2160 (4K) on a display where I could barely read anything. Here’s how I fixed it.

The problem Link to heading

The Jetson Nano auto-negotiates resolution via EDID when an HDMI display is connected. If your monitor or projector supports 4K, it’ll default to 4K. On a console TTY with the default 8x16 font, that means tiny, unreadable text.

Running HPA and VPA together on Kubernetes

Sat, 07 Feb 2026 10:00:00 +0000

TLDR: HPA handles horizontal scaling on CPU, VPA right-sizes memory. Split their concerns with controlledResources: ["memory"] so they don’t fight. Drop CPU limits. Match memory requests to limits for Guaranteed QoS. Only create PDBs when you have 2+ replicas. Don’t run HPA in staging.

I’ve been writing about autoscaling on GKE for a while now. It started with debugging HPA scaling, then understanding the four layers of GKE autoscaling, then optimising node costs with ComputeClass, and most recently hitting the VPA resourcePolicy trap when templating VPA in Helm.

Batch updating files across GitHub repos without cloning

Fri, 06 Feb 2026 14:00:00 +0000

I needed to roll out the same GitHub Actions workflow change across a bunch of repositories. Doing it repo by repo via clone-edit-commit-push sounded painful.

Turns out you can read, modify, and commit files directly through the GitHub API without ever cloning a repo. The technique works for any file, but workflow YAML is where I’ve found it most useful — shared CI config that lives in every repo and needs to stay in sync. I’d recommend doing the whole thing in Python rather than shell — the base64 encoding, JSON payloads, and regex transformations are much less painful than trying to wrangle them with bash quoting.

Pulling Twilio Usage Data into Google Sheets

Wed, 04 Feb 2026 09:45:00 +0000

I needed to track daily Twilio costs in a spreadsheet. The Twilio console has usage data but no easy export, and I wanted it updating automatically.

The solution: Apps Script + Secret Manager Link to heading

I wrote an Apps Script that:

Fetches Twilio credentials from GCP Secret Manager (not hardcoded)
Pulls daily usage data via the Twilio API
Only fetches missing dates (incremental updates)
Handles pagination automatically

The full script is here: twilio-usage-appscript

Using Google Sheets API with gcloud ADC

Wed, 04 Feb 2026 09:30:00 +0000

I wanted to pull data from a Google Sheet using curl and my existing gcloud credentials. Should be simple, right?

The naive approach (doesn’t work) Link to heading

gcloud auth application-default login \
 --scopes=https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/cloud-platform

curl "https://sheets.googleapis.com/v4/spreadsheets/YOUR_SPREADSHEET_ID" \
 -H "Authorization: Bearer $(gcloud auth application-default print-access-token)"

This gets you the dreaded “app is blocked” screen:

The problem is that Google Workspace APIs (Sheets, Drive, etc.) are “sensitive scopes” and the default gcloud OAuth client isn’t verified to use them.

Getting VPA resourcePolicy right in Helm charts

Sun, 01 Feb 2026 10:00:00 +0000

TLDR: Templating VPA minAllowed from deployment resource requests prevents VPA from reducing resources. Popular charts make these fields optional and static. After fixing this in our charts: 93% CPU reduction on one service (200m → 15m).

I was debugging why our pods were still over-provisioned after months of VPA running in Initial mode. VPA recommendations looked reasonable - suggesting 15m CPU when we were requesting 200m - but nothing was changing.

gcloud auth application-default login for kubectl

Fri, 30 Jan 2026 09:30:00 +0000

For four years I thought kubectl required gcloud auth login. But I also needed ADC for scripts and apps, so every time my tokens expired I’d authenticate twice - once for the CLI, then again with gcloud auth application-default login. Two browser windows, two OAuth flows, same Google account.

Yes, gcloud auth login --update-adc exists, but it doesn’t let you specify scopes. I needed spreadsheets access for some scripts.

Turns out you can make kubectl use ADC directly. One auth with custom scopes, everything works.

Pruning Claude Code conversation history

Thu, 22 Jan 2026 09:30:00 +0000

A few days ago I cleaned up 200GB from my Mac and deliberately kept my Claude Code history at 2.3GB. Four days later it had grown to 9.5GB. Here’s how I pruned it back to 1.1GB without breaking conversation continuity.

This also broke ccs - my fuzzy finder for Claude conversations. Parsing 3GB JSONL files was taking forever. I’ve since added --max-size filtering to ccs (defaults to 1GB), but that just hides the problem. Better to prune the files themselves.

Extracting Travel Data from macOS Photos Library

Sun, 18 Jan 2026 13:30:00 +0000

I was updating my about page and wanted to add a timeline of places I’ve travelled to. I’ve got thousands of geotagged photos in my Photos library spanning over a decade, and manually going through them would’ve been painful. Here’s how I extracted the data using Python and SQLite.

The Challenge Link to heading

Photos.app doesn’t have a built-in way to export a list of countries from geotagged photos. I needed to:

Using Claude to free 200GB from a nearly full disk

Sun, 18 Jan 2026 12:00:00 +0000

My Mac was close to 100% full. macOS was complaining and I couldn’t install updates. Here’s how I used Claude to analyse my disk usage and safely free 200GB.

System specs Link to heading

Machine: MacBook Pro M4 Pro (24GB RAM)
Disk: 494GB SSD
macOS: 26.1 (developer preview)
Before: 487GB used (98.5% full, 7GB free)
After: 274GB used (55% full, 220GB free)

TLDR Link to heading

Freed 200GB by cleaning:

Making bumpver play nice with uv

Wed, 14 Jan 2026 15:00:00 +0000

I was setting up automated version bumps for a Python project using bumpver and uv. The problem: when bumpver updates the version in pyproject.toml, the uv.lock file also needs updating - and those changes need to be included in the same commit.

The naive approach Link to heading

My first thought was to use bumpver’s pre_commit_hook to run uv lock:

# bumpver.toml
[tool.bumpver]
current_version = "26.01.14"
version_pattern = "0Y.0M.0D[-INC0]"
commit = true
tag = true
push = true
pre_commit_hook = "uv lock"

This fails immediately - bumpver expects a path to a script, not a command:

Migrating from a GitHub bot user to a GitHub App

Tue, 06 Jan 2026 12:00:00 +0000

We had a dedicated “bot” user account for GitHub automation - creating PRs, pushing commits, merging branches. It worked, but it always felt like a hack. The account consumed a licence seat, used a long-lived PAT that someone had to rotate manually, and the audit trail was confusing because it looked like a real person.

I finally migrated everything to a GitHub App. This touched 30+ repositories and 6 custom GitHub Actions across the org. Here’s the full process.

CCS: Search for Claude Code conversations

Mon, 05 Jan 2026 00:00:00 +0000

I’ve accumulated hundreds of Claude Code sessions and kept losing track of where I solved specific problems. The built-in /resume shows recent sessions, but anything older than a few days? Gone.

So I built CCS (Claude Code Search) to fix that.

TLDR Link to heading

brew install agentic-utils/tap/ccs
ccs

Type to search, Enter to resume. That’s it.

The problem Link to heading

Claude Code stores conversations in ~/.claude/projects/ as JSONL files. Each session gets its own file:

My Neovim setup in 2025

Sun, 28 Dec 2025 10:00:00 +0000

I’ve been using Neovim full-time for a couple of years now. Here’s my current setup - built on LazyVim with a focus on Python development using the Astral toolchain.

Why LazyVim Link to heading

I started with a custom config but maintaining it became tedious. LazyVim gives me sensible defaults while still allowing customisation. The key benefits:

Batteries included - LSP, treesitter, telescope all preconfigured
Lazy loading - plugins load on demand, keeping startup fast
Easy updates - LazyVim handles plugin compatibility

~/.config/nvim/
├── init.lua # Bootstraps lazy.nvim
├── lazy-lock.json # Lockfile for reproducible installs
└── lua/
 ├── config/ # Options, keymaps, autocmds
 └── plugins/ # Custom plugin configs

Python setup: ty + ruff Link to heading

The interesting part of my config is the Python tooling. I’ve switched from pyright to ty - Astral’s new type checker (the same folks behind ruff and uv).

Python tools I used in 2025

Sat, 27 Dec 2025 11:00:00 +0000

I’ve overhauled my Python development setup over the past year. The ecosystem has improved dramatically - faster tools, better defaults, and less configuration. This post describes my current workflow and links to the detailed posts on each tool.

The stack Link to heading

Purpose	Tool	Replaces
Package management	uv	pip, pip-tools, poetry, virtualenv
Linting & formatting	ruff	flake8, black, isort, pylint
Type checking	pyright / ty	mypy
Testing	pytest	unittest
Pre-commit	pre-commit + ruff	manual linting

The theme: fewer tools, each doing more. uv replaced four tools. Ruff replaced three. Less config, fewer version conflicts, faster CI.

Kubernetes debugging in 2025

Sat, 27 Dec 2025 10:00:00 +0000

My Kubernetes workflow changed a lot this year. The biggest shift: I started using LLMs as a debugging partner. Combined with a few CLI tools I can’t live without, debugging got noticeably faster.

Aliases that stuck Link to heading

First, the obvious ones:

alias k="kubectl"
alias kdrain="kubectl drain --ignore-daemonsets --delete-emptydir-data"

k saves thousands of keystrokes a year. kdrain saves me from forgetting the flags every time I need to drain a node.

Developing Magento plugins on Kubernetes with git-sync

Mon, 22 Dec 2025 12:00:00 +0000

This is Part 2 covering plugin development. Part 1 covers setting up Magento on Kubernetes.

With Magento running on Kubernetes, you can use git-sync sidecars for live plugin development - push to your repo and see changes within 60 seconds. This post covers the git-sync setup, Magento CLI quirks you’ll encounter, and debugging tips.

TLDR Link to heading

Git-sync: use --link mode to handle worktree hash changes automatically
Git-sync: create symlinks in both init and postStart (OOMKill safety)
Git-sync: consider --exechook for auto cache flush on code changes
Core setup belongs in init containers (blocking), customizations in postStart (async)
Bug #35751: design/theme/theme_id can’t be set via CLI for store scope
Run app:config:import before config:set to avoid “command unavailable” errors

Magento CLI quirks Link to heading

Bug #35751: Store-level theme config fails Link to heading

Setting a theme for a specific store view should be simple:

Deploying Magento to Kubernetes

Thu, 18 Dec 2025 12:00:00 +0000

This guide covers deploying Magento 2.4.8 to Kubernetes with MariaDB and OpenSearch as sidecars.

The key benefit: disposable environments. Database corrupted? Config in a weird state? Just delete the PVC and redeploy - you’re back to a clean Magento install with sample data in under 5 minutes. No more debugging broken dev environments.

Part 2 covers developing Magento plugins using git-sync for live code updates.

TLDR Link to heading

Don’t wait for sidecars in postStart hooks (deadlock)
Magento 2.4.8 dropped Elasticsearch 7 support entirely
Use startup probes with generous timeouts
Run bin/magento commands as www-data from the start, not just chown at the end
Configure SSL offloader header or you’ll get redirect loops
Enable store codes for multi-store URL paths
Reload Apache after DI compile to clear opcache
Sample data needs catalog:images:resize after copying media files
Or just use my Helm chart and skip the pain

The architecture Link to heading

This setup uses a Magento image with a couple of proprietary extensions. The deployment is a single pod with five containers plus two init containers.

Git worktree helper with fzf

Wed, 17 Dec 2025 11:00:00 +0000

I use git worktrees constantly for parallel development, but typing git worktree list, copying the path, and cd-ing got tedious. So I wrote a shell function.

The function Link to heading

Add this to your .zshrc:

# Git worktree selector with fzf
wt() {
 local create=false
 local delete=false
 local copy_envrc=false
 local name=""
 local target=""

 _wt_usage() {
 cat <<USAGE
Usage: wt [-c <name>] [-e] [-d [path]] [-h]

Options:
 -c <name> Create a new worktree with branch name <name>
 -e Copy .envrc from root and run direnv allow (use with -c)
 -d [path] Delete a worktree (fuzzy select if no path given, use '.' for current)
 -h Show this help message
USAGE
 }

 while [[ $# -gt 0 ]]; do
 case "$1" in
 -c) create=true; name="$2"; shift 2 ;;
 -e) copy_envrc=true; shift ;;
 -d) delete=true; shift; [[ $# -gt 0 && ! "$1" =~ ^- ]] && { target="$1"; shift; } ;;
 -h) _wt_usage; return 0 ;;
 *) _wt_usage; return 1 ;;
 esac
 done

 if ($create || $copy_envrc) && $delete; then
 echo "Error: -c/-e and -d are mutually exclusive"; return 1
 fi

 if $create; then
 [[ -z "$name" ]] && { echo "Error: -c requires a name"; return 1; }
 local root=$(git rev-parse --show-toplevel)
 local new_path="$root/$name"
 git worktree add "$new_path" -b "$name" && cd "$new_path"
 if $copy_envrc && [[ -f "$root/.envrc" ]]; then
 cp "$root/.envrc" "$new_path/.envrc"
 direnv allow
 fi
 elif $delete; then
 local to_delete
 if [[ -n "$target" ]]; then
 to_delete=$(realpath "$target")
 else
 to_delete=$(git worktree list | fzf --height 40% --reverse | awk '{print $1}')
 fi
 [[ -z "$to_delete" ]] && return 0
 local main_wt=$(git worktree list | head -1 | awk '{print $1}')
 if [[ "$to_delete" == "$main_wt" ]]; then
 echo "Error: cannot delete main worktree"; return 1
 fi
 [[ "$(realpath .)" == "$to_delete"* ]] && cd "$main_wt"
 git worktree remove "$to_delete"
 else
 local selected=$(git worktree list | fzf --height 40% --reverse | awk '{print $1}')
 [[ -n "$selected" ]] && cd "$selected"
 fi
}

Usage Link to heading

# Fuzzy select and cd to a worktree
wt

# Create a new worktree with branch name
wt -c feature-x

# Create worktree and setup direnv
wt -c feature-x -e

# Delete a worktree (fuzzy select)
wt -d

# Delete current worktree
wt -d .

Why -e matters Link to heading

I use direnv for environment variables in each repo. Without -e, I’d have to manually copy .envrc and run direnv allow every time I create a worktree. Now it’s automatic.

Cleaning up Docker

Tue, 16 Dec 2025 09:00:00 +0000

My disk was filling up with old Docker images. I got a low disk space warning and traced 80GB back to Docker. Here’s how to reclaim space.

How much space can you reclaim? Link to heading

First, see what Docker is using:

docker system df

This shows you a breakdown by images, containers, and volumes. In my case:

TYPE TOTAL ACTIVE SIZE RECLAIMABLE
Images 47 12 35.6GB 28.4GB (79%)
Containers 8 3 127.3MB 84.2MB (66%)
Local Volumes 15 2 2.1GB 1.8GB (85%)
Build Cache 0 0 0B 0B

Nearly 30GB reclaimable. Worth the cleanup.

Deploying to Cloudflare Pages with wrangler

Sun, 14 Dec 2025 10:00:00 +0000

I was deploying a SvelteKit app to Cloudflare Pages and wanted to do it from the command line rather than connecting to GitHub. Wrangler makes this straightforward.

Why Cloudflare Pages over Vercel/Netlify Link to heading

I evaluated all three for hosting a SvelteKit app:

Vercel - Excellent Next.js integration, but I found the pricing confusing for non-hobby projects. The free tier is generous, but the jump to Pro felt steep for what we needed.

Silencing alerts properly in Alertmanager

Wed, 10 Dec 2025 10:00:00 +0000

I was doing planned maintenance on a Kubernetes cluster. Within seconds of starting the work, my phone was buzzing with PagerDuty alerts. I needed to silence them, but not blindly - only the specific alerts related to the maintenance work.

Via the UI Link to heading

Go to http://alertmanager:9093/#/silences and click “New Silence”.

The UI is actually good for this - you can see which alerts will match your silence before creating it. The UI works well for one-off silences and amtool for scripted ones.

Fix gcloud PATH in shell

Tue, 09 Dec 2025 10:00:00 +0000

After installing gcloud, the gcloud command wasn’t found. The PATH wasn’t set up properly. This happened after I upgraded macOS and my shell config got reset.

Check if gcloud is installed:

ls ~/google-cloud-sdk/bin/gcloud

Add to your shell config (~/.zshrc or ~/.bashrc):

# Google Cloud SDK
if [ -f ~/google-cloud-sdk/path.zsh.inc ]; then
 source ~/google-cloud-sdk/path.zsh.inc
fi

if [ -f ~/google-cloud-sdk/completion.zsh.inc ]; then
 source ~/google-cloud-sdk/completion.zsh.inc
fi

Reload your shell:

source ~/.zshrc

Or just manually add the path:

export PATH="$HOME/google-cloud-sdk/bin:$PATH"

Check it works:

OpenSSL certificate testing with SNI

Thu, 04 Dec 2025 10:00:00 +0000

I was debugging why HTTPS requests to app.example.com were failing with certificate errors. The certificate on the server was valid, but clients were getting “certificate name mismatch” errors. Turns out the server hosted multiple domains on the same IP, and I was getting the wrong certificate. SNI solved it.

What is SNI? Link to heading

Server Name Indication (SNI) is a TLS extension that lets a server host multiple SSL certificates on a single IP address. The client sends the hostname in the initial TLS handshake, and the server responds with the correct certificate.

GitHub PR commands with gh

Mon, 01 Dec 2025 10:00:00 +0000

Using gh for PR work is much faster than the web UI, and allows staying in the terminal. It eliminates the need to constantly reach for the browser to check PR status, view diffs, or create new PRs.

View the current PR in browser:

gh pr view --web

Create a PR:

gh pr create

Create a PR against a specific base branch:

gh pr create --base main

View PR diff:

Advent of Code tips

Mon, 01 Dec 2025 06:00:00 +0000

I started Advent of Code 2025. Here are some tips I’ve picked up.

My solving workflow Link to heading

Read the problem twice - I often miss details on first read
Work through the example by hand (pen and paper for complex ones)
Write the naive solution first
If it’s too slow, then optimise

I’ve wasted time optimising prematurely. Get it working, then make it fast.

Accessing secrets in GKE

Sat, 29 Nov 2025 10:00:00 +0000

I needed to check what was in a GCP secret to debug why an application wasn’t starting. Here’s how we inject secrets into GKE workloads, plus some CLI commands for debugging.

Debugging secrets with gcloud Link to heading

These commands are useful for checking secret values during debugging - not how you’d access them in production.

List all secrets:

gcloud secrets list

Filter by name:

Viewing Docker container logs

Thu, 27 Nov 2025 09:00:00 +0000

I left a container running over a long weekend and came back to find it had consumed 50GB of disk space with logs. The application was logging every request at DEBUG level. That’s when I learnt about log rotation and the --since flag.

Basic log viewing Link to heading

View logs:

docker logs my-container

Follow logs in real time:

docker logs my-container -f

Search through logs:

Getting your public IP with curl

Wed, 26 Nov 2025 10:00:00 +0000

I needed to find my public IP to add it to a firewall allowlist.

curl ifconfig.me

That’s it. Returns just your IP address.

Why you need to check your public IP Link to heading

Your local machine’s IP address (like 192.168.1.x or 10.0.0.x) is different from your public IP. Your public IP is what the internet sees when you make requests.

Common reasons I need to check it:

PostgreSQL WAL monitoring

Tue, 25 Nov 2025 14:00:00 +0000

At 2am, I got an alert: database disk usage at 85%. Logged in, checked the usual suspects (tables, indexes, temp files), and everything looked normal. Then I checked /var/lib/postgresql/data/pg_wal/ and found 40GB of Write-Ahead Logs. That’s when I learned to monitor WAL properly.

What triggered WAL monitoring? Link to heading

The incident that made me care about WAL was a replica that fell behind during a large data import. PostgreSQL kept accumulating WAL files because it couldn’t confirm the replica had received them. Disk filled up, writes stopped, production went down. Good times.

Connecting to Cloud SQL with gcloud

Tue, 25 Nov 2025 11:00:00 +0000

I needed to connect to a Cloud SQL instance to debug a data issue. Here’s the quick way to get a psql session without fiddling with IP allowlists or VPN connections.

Using a service account:

gcloud beta sql connect my-instance \
 --project my-project \
 --user=my-user \
 -d=my-database

Using IAM authentication (your Google account):

gcloud sql generate-login-token | pbcopy && \
gcloud beta sql connect my-instance \
 --project my-project \
 --user=me@example.com \
 -d=my-database

The pbcopy puts the token in your clipboard so you can paste it as the password.

Running local stacks with Docker Compose

Mon, 24 Nov 2025 16:00:00 +0000

I use Docker Compose for local multi-service environments because it keeps runtime config in one file and makes startup/teardown repeatable.

My typical docker-compose.yml structure Link to heading

Here’s what a typical development setup looks like for me:

services:
 postgres:
 image: postgres:16
 environment:
 POSTGRES_PASSWORD: localdev
 POSTGRES_DB: myapp
 ports:
 - "5432:5432"
 volumes:
 - postgres_data:/var/lib/postgresql/data
 healthcheck:
 test: ["CMD-SHELL", "pg_isready -U postgres"]
 interval: 5s
 timeout: 5s
 retries: 5

 redis:
 image: redis:7-alpine
 ports:
 - "6379:6379"
 volumes:
 - redis_data:/data

volumes:
 postgres_data:
 redis_data:

I always include health checks for databases - they prevent your application from trying to connect before the database is ready. Learnt that the hard way after debugging race conditions on startup.

Searching code across GitHub with gh

Mon, 24 Nov 2025 10:00:00 +0000

I needed to find all the places in our GitHub org that were using a deprecated GitHub Actions runner label. We were migrating from runs-on: self-hosted to runs-on: ${{ vars.RUNNER_STANDARD }}, and I needed to find every workflow file that still used the old pattern. The gh search code command is perfect for this kind of organisation-wide search.

Basic search:

gh search code 'pattern' --owner my-org

Search in a specific path:

Troubleshoot stuck ArgoCD syncs

Thu, 20 Nov 2025 10:00:00 +0000

I was debugging why a Kubernetes deployment wasn’t updating after merging a PR. The manifest was in git, but the cluster was still running the old version. Turns out ArgoCD was stuck in a sync loop. Here’s what I learned.

My GitOps workflow Link to heading

A typical ArgoCD workflow looks like this:

Open PR with manifest changes (Helm chart, kustomize, or raw YAML)
Merge to main
ArgoCD detects the change (polls every 3 minutes by default)
Auto-sync deploys to cluster (if enabled)

When auto-sync is disabled, I manually trigger syncs. This is common for production environments where you want explicit control.

Web scraping with Selenium: quick setup

Wed, 19 Nov 2025 14:00:00 +0000

I needed to scrape property listings from a real estate site that heavily relied on JavaScript to load content. The page source was empty until React rendered everything, so traditional tools like requests + BeautifulSoup wouldn’t work. Selenium was the answer.

What I was scraping Link to heading

Property data from a site that dynamically loaded listings as you scrolled. I needed to:

Load the page
Scroll to trigger lazy loading
Wait for listings to appear
Extract the data

The site had no public API, and while I could have reverse-engineered their internal API calls, using Selenium meant I didn’t have to worry about authentication or rate limiting logic.

Cost-optimising GKE with ComputeClass

Wed, 19 Nov 2025 10:00:00 +0000

TLDR: I built gkecc to generate cost-optimised GKE ComputeClass specs from live pricing data. It sorts by total cost (CPU + RAM), not just CPU, and intelligently interleaves spot and on-demand instances.

I was manually maintaining ComputeClass specs for our GKE clusters. Every few months I’d check GCP pricing docs, update the priority order, and hope I got it right. It was tedious and error-prone.

The breaking point: I discovered our “cost-optimised” spec was recommending instances that were actually 30% more expensive than alternatives. The problem? I’d been sorting by CPU price alone, ignoring RAM pricing entirely.

direnv Python path issues

Wed, 19 Nov 2025 10:00:00 +0000

I was setting up a new Python project with direnv to manage environment variables. Suddenly python wasn’t found, even though it was definitely installed. Here’s what happened and how I fixed it.

The problem Link to heading

I’d been using direnv happily for months, managing API keys and secrets per project. Then I added a custom PATH in my .envrc and broke everything:

# This was the problem
export PATH=/some/custom/path

Running which python returned nothing. Even python3 was gone. My shell couldn’t find Python at all.

Content Security Policy headers

Tue, 18 Nov 2025 10:00:00 +0000

TLDR: Start with default-src 'self' and add exceptions as needed. Use report-only mode first to avoid breaking your site.

I added CSP to a production site recently and immediately broke half of it. Inline scripts stopped working, external fonts disappeared, analytics failed silently. Here’s what I learned debugging it.

A reasonable starter CSP Link to heading

This is a solid starting point for most projects:

pytest-asyncio mode configuration

Mon, 17 Nov 2025 14:00:00 +0000

I was getting warnings about pytest-asyncio decorators. Here’s the fix.

Why async tests are tricky Link to heading

Async tests need an event loop to run. pytest-asyncio handles this, but there are gotchas:

Each test gets its own event loop by default
Fixtures need to match the test’s async-ness
Session-scoped async fixtures are fiddly

The old way (deprecated):

@pytest.mark.asyncio
async def test_something():
 result = await some_async_function()
 assert result == expected

The warning says to configure asyncio_mode instead.

Pydantic v2 migration tips

Mon, 17 Nov 2025 10:00:00 +0000

Pydantic v2 is a ground-up rewrite with a Rust core, and it shows - validation is noticeably faster. But the migration isn’t trivial. I spent about a day migrating a medium-sized FastAPI project, and here’s what I learned.

Use bump-pydantic first Link to heading

Before doing anything manual, run the automated migration tool:

pip install bump-pydantic
bump-pydantic .

This handles about 80% of the changes automatically. It renames methods, updates imports, and converts the obvious stuff. Review the diff carefully though - it occasionally makes mistakes with complex validators.

Migrating from Redocly to Docusaurus

Wed, 12 Nov 2025 10:00:00 +0000

I was evaluating Docusaurus as a replacement for our Redocly docs site. We had around 200 documentation pages and needed more flexibility than Redocly could offer. Turns out Docusaurus was exactly what we needed.

Why Docusaurus over other doc tools Link to heading

I looked at a few options:

Redocly - Excellent for pure OpenAPI reference docs, but limited customisation and no good way to add interactive examples
GitBook - Nice UI but expensive for teams, and you’re locked into their platform
VitePress - Very fast but Vue-focused, and we already had React components we wanted to reuse
Nextra - Good Next.js integration, but Docusaurus has better versioning and plugin ecosystem
MkDocs - Python-based, which would have meant learning Jinja templates

Docusaurus won because:

FastAPI patterns for production APIs

Sat, 08 Nov 2025 10:00:00 +0000

FastAPI has a few defaults that make API services easier to maintain: request validation, typed contracts, and built-in docs. These are the patterns I reuse most.

Quick start Link to heading

pip install fastapi uvicorn

from fastapi import FastAPI

app = FastAPI()

@app.get("/items/{item_id}")
def read_item(item_id: int, q: str | None = None):
 return {"item_id": item_id, "q": q}

uvicorn main:app --reload

That item_id: int type hint isn’t just documentation - FastAPI validates it. Hit /items/abc and you get a 422 with a clear error message. No more manual type checking.

GKE cluster autoscaler

Tue, 21 Oct 2025 14:00:00 +0000

GKE has four layers of autoscaling that work together: HPA, VPA, cluster autoscaler, and NAP. Understanding how they interact saves a lot of debugging time.

The four layers Link to heading

HPA - scales pods horizontally (more replicas) based on CPU/memory/custom metrics
VPA - scales pods vertically (bigger requests/limits) based on actual usage
Cluster Autoscaler - scales existing node pools when pods are pending
NAP (Node Auto Provisioning) - creates new node pools when no existing pool fits

HPA and VPA solve different problems: HPA for handling more traffic, VPA for right-sizing resource requests. Don’t use both on CPU/memory for the same workload - they’ll fight. VPA is great for workloads where you don’t know the right resource requests upfront.

Sentry DSN configuration

Tue, 21 Oct 2025 10:00:00 +0000

I was setting up Sentry for a new Python service. The first time I ran it locally without a DSN configured, the app crashed at startup. Sentry’s SDK doesn’t gracefully handle missing configuration. Here’s what I learned about setting it up properly.

The problem Link to heading

Sentry throws errors if initialised without a valid DSN. This breaks local development unless everyone has a Sentry DSN configured (spoiler: they won’t).

Debug Helm charts before deploy with helm template

Fri, 17 Oct 2025 10:00:00 +0000

I was trying to figure out why my Helm chart wasn’t rendering correctly. A missing if condition meant a ConfigMap wasn’t being created in production. helm template showed me exactly what was (and wasn’t) being generated.

Basic usage Link to heading

See what Helm will generate without installing:

helm template my-release ./my-chart

Show extra rendering details:

helm template my-release ./my-chart --debug

With values files:

helm template my-release ./my-chart -f values.yaml -f values-prod.yaml

Show specific templates Link to heading

Only render one template:

Debugging Kubernetes HPA scaling

Wed, 15 Oct 2025 10:00:00 +0000

I’d been using HPAs for a while without really understanding them. They worked, so I never looked closely. Then I noticed a service was running way more replicas than the load justified — and I realised I didn’t actually know how to read what HPA was doing or why. Here’s what I learned debugging it.

What I saw Link to heading

kubectl get hpa

NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
my-app Deployment/my-app 124%/70% 1 10 6 45m

Six replicas for a service that barely had any traffic. The utilisation was showing 124%, which seemed wrong — the pods weren’t under heavy load at all.

Kubernetes tolerations and node selectors

Sun, 12 Oct 2025 10:00:00 +0000

Pods were stuck in Pending and I couldn’t figure out why. kubectl describe showed “0/12 nodes are available: 12 node(s) had taint that the pod didn’t tolerate.” I’d added spot instance nodes to the cluster but forgot they come pre-tainted. Once I added the right toleration, everything scheduled immediately.

Real use cases Link to heading

Common use cases for taints include:

GPU nodes - gpu=true:NoSchedule so only ML workloads land there
Spot/preemptible nodes - cloud.google.com/gke-spot=true:NoSchedule for batch jobs that can handle interruption
High-memory nodes - workload=data-processing:NoSchedule for memory-intensive jobs

The pattern is: taint nodes with special characteristics, then add tolerations to pods that should use them.

Querying GCP logs with gcloud

Sat, 11 Oct 2025 10:00:00 +0000

I needed to search Cloud Logging for specific events from the command line. The CLI is much faster than clicking through the Console when you know what you’re looking for.

Basic query Link to heading

gcloud logging read 'resource.type="cloud_function"' --project=my-project

Filter by time Link to heading

gcloud logging read 'timestamp>="2025-10-11T10:00:00Z" timestamp<="2025-10-11T11:00:00Z"' \
 --project=my-project

Filter by resource Link to heading

Cloud Functions:

Keeping Homebrew packages up to date

Fri, 10 Oct 2025 16:00:00 +0000

I hadn’t run brew upgrade in a couple of months and suddenly gh started failing with cryptic errors. Turned out I was three major versions behind. Now I upgrade weekly - it’s less painful than debugging version mismatches.

Basic commands Link to heading

Update Homebrew itself:

brew update

Upgrade all packages:

brew upgrade

Upgrade a specific package:

brew upgrade gh

See what’s outdated:

brew outdated

Install a cask (GUI app):

Moving commits between branches with cherry-pick

Fri, 10 Oct 2025 14:00:00 +0000

I’d been working on a feature branch and accidentally committed a bug fix to it instead of main. The fix needed to go out now, but the feature branch had three other commits that weren’t ready. I didn’t want to merge the whole thing.

Basic usage Link to heading

Cherry-pick a commit:

git cherry-pick abc123

If there are conflicts, resolve them and continue:

git cherry-pick --continue

Or abort:

Replacing venv script workflows with uv run

Fri, 10 Oct 2025 09:00:00 +0000

When sharing quick Python scripts, the old workflow is usually: create a venv, install dependencies, and document setup steps. uv run replaces that with a single command and script-local metadata.

Inline dependencies (the killer feature) Link to heading

PEP 723 introduced a standard way to declare dependencies directly in a Python script using a special comment block:

# /// script
# requires-python = ">=3.12"
# dependencies = ["requests", "rich"]
# ///

import requests
from rich import print

response = requests.get("https://api.github.com")
print(response.json())

When you run this with uv run script.py, uv reads the metadata, creates an isolated environment with those exact dependencies, and runs the script. No requirements.txt, no pyproject.toml, no venv activation. Just run it.

Debugging cert-manager in Kubernetes

Sat, 20 Sep 2025 10:00:00 +0000

TLDR: Certificate not ready? Check resources in this order: Certificate → CertificateRequest → Order → Challenge. The issue is usually at the Challenge level.

Debugging cert-manager feels like archaeology. You start at the surface (Certificate) and dig down through layers of resources until you find where things went wrong. I’ve wasted hours staring at a Certificate stuck at “False” before learning this flow.

The debugging hierarchy Link to heading

cert-manager creates a chain of resources when you request a certificate:

Setting up Dependabot for uv projects

Mon, 15 Sep 2025 10:00:00 +0000

After migrating a project to uv, I noticed Dependabot PRs were still being created but CI was failing. Dependabot was updating pyproject.toml but not regenerating uv.lock, so the lockfile was out of sync. Here’s how I got it working.

Basic setup Link to heading

Create .github/dependabot.yml:

version: 2
updates:
 - package-ecosystem: "pip"
 directory: "/"
 schedule:
 interval: "weekly"
 groups:
 python-packages:
 patterns:
 - "*"

The groups section batches updates into single PRs - much better than 20 individual PRs.

Psql connection patterns I use for debugging

Fri, 12 Sep 2025 10:00:00 +0000

I needed to connect to a PostgreSQL database for debugging production issues. After years of copying connection commands from Slack, I finally wrote down the patterns I actually use.

Connection methods Link to heading

Connect to localhost:

psql -h localhost -U myuser -d mydb

Connect to a specific port:

psql -h localhost -p 5432 -U myuser -d mydb

Connect via Cloud SQL proxy (commonly used in GCP environments - see Connecting to Cloud SQL with gcloud for setup):

Shelving changes with git stash

Mon, 08 Sep 2025 10:00:00 +0000

TLDR: git stash to save, git stash pop to restore. Use -m "message" if you’ll have multiple stashes.

I was halfway through a refactor when someone pinged me about an urgent bug in production. I needed to context-switch immediately, but my working tree was a mess of half-finished changes. I couldn’t commit them (they didn’t even compile), and I didn’t want to lose them.

Basic workflow Link to heading

Stash current changes:

Debugging APIs with curl and jq

Fri, 05 Sep 2025 11:00:00 +0000

I was debugging why a webhook wasn’t firing. The API was returning something, but staring at a wall of minified JSON in the terminal wasn’t helping. Piping to jq made the problem obvious - a nested field I expected to be an object was actually null.

Basic usage Link to heading

Basic request with formatted output:

curl 'https://api.example.com/data' | jq

Quiet mode (no progress bar):

curl -s 'https://api.example.com/data' | jq

Extract a specific field:

Undoing commits with git revert

Thu, 04 Sep 2025 10:00:00 +0000

I once pushed a commit that broke production. The fix was already in progress but would take an hour. git revert let me undo the damage immediately while keeping full history of what happened.

Basic usage Link to heading

Revert the last commit:

git revert HEAD

Revert a specific commit:

git revert abc123

This opens an editor for the commit message. Save and close to complete.

Setting up Claude CLI with MCP

Tue, 02 Sep 2025 10:00:00 +0000

I wanted Claude to help me manage Linear tickets without leaving my terminal. The Model Context Protocol (MCP) makes this possible. Here’s how I set it up.

Why Claude CLI with MCP? Link to heading

I spend most of my day in the terminal. Switching to a browser to check Linear tickets, update descriptions, or create new issues breaks my flow. With Claude CLI + MCP, I can:

Tmux session and pane commands

Tue, 02 Sep 2025 08:00:00 +0000

I started using tmux to keep terminal sessions running after disconnecting from SSH. Here’s what I use most.

Quick session workflow Link to heading

tmux new -s work
# do work
# Ctrl+b d
tmux attach -t work

Start a new session:

tmux

Start a named session:

tmux new -s work

Detach from session (keeps it running):

Ctrl+b d

List sessions:

tmux ls

Reattach to a session:

Managing tickets from the terminal with Linear CLI

Thu, 07 Aug 2025 16:00:00 +0000

I spend too much time switching between my terminal and Linear’s web app. The Linear CLI lets me manage tickets without leaving my editor. Here’s how I use it.

Installation Link to heading

Install via Homebrew:

brew install schpet/tap/linear

Authenticate (opens browser for OAuth):

linear config

This creates ~/.config/linear/config.json with your API token and default team/workspace.

My ticket workflow Link to heading

Here’s how I work with Linear tickets day-to-day:

Syncing files from GCS with gcloud storage

Thu, 07 Aug 2025 14:00:00 +0000

I needed to download a bunch of files from a GCS bucket to process them locally. gcloud storage rsync does the job, and it’s noticeably faster than the old gsutil for large syncs.

Sync a bucket to local directory:

gcloud storage rsync -r gs://my-bucket/path/ ./local/

Exclude certain files:

gcloud storage rsync -r -x ".*\.tmp$" gs://my-bucket/path/ ./local/

Copy specific files:

gcloud storage cp gs://my-bucket/path/*.csv ./local/

Copy recursively:

gcloud storage cp -r gs://my-bucket/path/ ./local/

The old gsutil still works but gcloud storage is the newer interface:

Alembic migration history

Thu, 07 Aug 2025 10:00:00 +0000

I was investigating a production issue where a table column was missing. Turned out someone had merged a migration that dropped it without updating the application code. This is where knowing your way around Alembic’s history commands becomes essential.

Basic history commands Link to heading

Show migration history:

alembic history

This dumps the entire migration tree, which can be overwhelming on older projects. I rarely use this without filtering.

DNS lookups with dig

Wed, 06 Aug 2025 10:00:00 +0000

When an endpoint times out, I check DNS early to rule it in or out quickly. dig gives a fast sanity check before digging into app or network layers.

Basic commands Link to heading

Basic lookup:

dig example.com

Get just the answer:

dig +short example.com

Specific record types Link to heading

A records (IPv4):

dig A example.com

AAAA records (IPv6):

Monitoring Kubernetes with watch and top

Mon, 04 Aug 2025 10:00:00 +0000

I was watching a deployment roll out and kept running kubectl get pods over and over like a nervous habit. Then I discovered watch and felt slightly embarrassed. Combined with kubectl top, these two commands handle most of my real-time cluster monitoring.

watch for live updates Link to heading

Basic watch:

watch kubectl get pods

Refreshes every 2 seconds by default. Faster refresh:

watch -n 0.5 kubectl get pods

Highlight differences:

Viewing Kubernetes pod logs

Fri, 01 Aug 2025 12:00:00 +0000

I spent 20 minutes staring at empty kubectl logs output wondering why a crashing pod had no errors. The container was restarting before I could catch the logs. Then someone showed me the -p flag - previous container logs. The actual stack trace had been there the whole time.

kubectl logs Link to heading

View current logs:

kubectl logs my-pod-abc123

View logs from a crashed container (the previous instance):

Kubectl debugging workflow

Tue, 29 Jul 2025 10:00:00 +0000

TLDR: My order is describe → logs -p → events → exec. Most failures show up in events or previous logs.

When a pod is in CrashLoopBackOff, plain kubectl logs can miss the useful output. kubectl logs -p is usually the first command that surfaces the failure.

My debugging workflow Link to heading

When something’s broken, I check in this order:

kubectl -n my-namespace describe pod/my-pod - Shows events, restart count, and why it failed
kubectl -n my-namespace logs my-pod -p - Previous container logs (the -p is crucial)
kubectl -n my-namespace get events --sort-by='.lastTimestamp' - Cluster-wide events
kubectl -n my-namespace exec -it my-pod -- sh - Only if I need to poke around inside

The most common issues I find: OOMKilled (check events), image pull failures (check events), config errors (check logs), and permission issues (check logs).

Rsync file sync patterns

Sat, 26 Jul 2025 10:00:00 +0000

Rsync is reliable for repeat syncs, but small flag mistakes can be destructive. I use a dry-run-first workflow, especially with --delete.

TLDR: Common rsync patterns Link to heading

# Basic sync (local to remote)
rsync -avz ./ user@server:/path/to/dest/

# Sync excluding common directories
rsync -avz --exclude .venv --exclude node_modules --exclude .git ./ user@server:/dest/

# Mirror (sync and delete removed files)
rsync -avz --delete ./ user@server:/dest/

# Dry run (preview changes)
rsync -avzn ./ user@server:/dest/

# Pull from remote to local
rsync -avz user@server:/path/to/source/ ./local/

# Copy between two remote servers (via local machine)
rsync -avz user1@server1:/source/ user2@server2:/dest/

Basic sync Link to heading

rsync -avz ./ user@server:/path/to/dest/

The flags:

Managing Kubernetes deployments

Fri, 25 Jul 2025 10:00:00 +0000

I once deployed a config change that crashed pods on startup. The rollout was halfway through before I noticed - half the replicas were healthy, half were in CrashLoopBackOff. kubectl rollout undo had us back to the previous version in seconds. That’s when I learnt to always watch rollouts and know how to revert quickly.

My deployment workflow Link to heading

At work, the recommended approach is GitOps (ArgoCD), so most changes go through git. But for quick debugging or emergencies:

Analysing Svelte build chunks

Wed, 23 Jul 2025 14:00:00 +0000

I was working on a SvelteKit dashboard application and noticed the initial page load was sluggish. After investigating, I found we had over 80 separate chunk files - way too many. Too many small chunks means too many HTTP requests, which kills performance on slower connections.

What was too big Link to heading

The biggest culprits were:

Chart.js and its adapters (~150KB) being pulled into multiple routes
Lodash utilities scattered across components instead of tree-shaken imports
Icon sets loading all icons instead of just the ones we used

My target was to get below 20 chunks and keep the initial JS bundle under 200KB. For a dashboard app with lots of interactions, I think anything under 300KB total is reasonable.

Formatting PHP with php-cs-fixer

Wed, 23 Jul 2025 11:00:00 +0000

I was working on a legacy PHP WooCommerce plugin that had inconsistent formatting - some files used tabs, others spaces, brace styles were all over the place. Rather than manually fixing thousands of lines, I used php-cs-fixer to enforce consistent PHP coding standards across the entire codebase.

Check for issues:

php-cs-fixer check .

Fix them:

php-cs-fixer fix .

You can also run it on specific directories:

php-cs-fixer fix Plugin/

To check PHP syntax without fixing anything:

Setting up pre-commit hooks

Wed, 23 Jul 2025 09:00:00 +0000

I was tired of catching trivial issues in PR reviews - trailing whitespace, missing newlines, formatting inconsistencies. Pre-commit hooks solved this by running checks before code even gets committed.

Installation Link to heading

Install it:

uv tool install pre-commit

My actual pre-commit config Link to heading

Here’s a solid starting configuration that balances thoroughness with speed:

repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
 rev: v4.5.0
 hooks:
 - id: trailing-whitespace
 - id: end-of-file-fixer
 - id: check-yaml
 args: ["--unsafe"] # Allow custom YAML tags
 - id: check-added-large-files
 args: ["--maxkb=500"]
 - id: check-merge-conflict
 - id: detect-private-key

 - repo: https://github.com/astral-sh/ruff-pre-commit
 rev: v0.8.0
 hooks:
 - id: ruff
 args: [--fix]
 - id: ruff-format

 # I don't run mypy in pre-commit anymore - it's too slow
 # Better to run it in CI where you can cache dependencies

Install the hooks:

Pytest tips: last failed and specific tests

Mon, 21 Jul 2025 16:00:00 +0000

I run pytest a lot. Here are the flags I use most.

My development workflow Link to heading

When I’m writing code, I typically:

Write the test first (or alongside the code)
Run just that test: pytest tests/api/test_order_api.py::test_create_order -v
Fix failures, re-run with -lf to only run failed tests
Once passing, run the full suite to check for regressions

For debugging, I always use -s -v --tb=short to see print output, verbose names, and shorter tracebacks.

GCloud workload identity for GitHub Actions

Mon, 21 Jul 2025 15:30:00 +0000

I was setting up GitHub Actions to deploy to GCP and needed to use workload identity instead of service account keys. Here’s how to manage the providers.

TLDR Link to heading

Workload identity lets GitHub Actions authenticate to GCP without storing service account keys. It’s more secure because:

No static credentials to rotate or leak
Fine-grained control over which repos can access what
Built-in audit trail of who authenticated when

The main gotcha: you need id-token: write permission in your workflow or auth fails silently.

Ruff, the fast Python linter

Mon, 21 Jul 2025 14:00:00 +0000

I switched to Ruff because it’s ridiculously fast. On a ~50k line Python codebase, Flake8 + isort + pylint took about 45 seconds. Ruff does it in under 2 seconds. It’s written in Rust and it shows.

Basic usage Link to heading

ruff check .

Fix issues automatically:

ruff check --fix .

Run specific rules only:

ruff check --select RUF001 # unicode issues
ruff check --select F403 # star imports

I wanted to see what errors I had the most of:

Import existing resources into Terraform without downtime

Mon, 21 Jul 2025 12:30:00 +0000

I migrated manually created GCP workload identity pools and GitHub repositories into Terraform so they could be managed consistently in code. The main friction point was provider-specific import ID formats.

Basic import Link to heading

terraform import module.my-app.github_repository.repo my-repo-name

Import blocks (Terraform 1.5+) Link to heading

For team workflows, I prefer import blocks because they’re reviewable in code:

import {
 to = module.my_app.github_repository.repo
 id = "my-repo-name"
}

Run:

Git worktrees for parallel development

Mon, 21 Jul 2025 11:00:00 +0000

I was constantly stashing changes to review PRs or fix urgent bugs on other branches. Stash, switch, fix, commit, switch back, pop stash, hope I didn’t mess something up. Git worktrees solved this entirely.

What’s a worktree? Link to heading

A worktree is a separate working directory with a different branch checked out, all linked to the same repository. Create one like this:

git worktree add ../fix-urgent-bug fix-urgent-bug

Now you have two directories - your main one stays on whatever branch you were on, and the new one has fix-urgent-bug checked out. No more stashing, no context switching, just cd between them.

Modern CLI tools: fd and ripgrep

Mon, 21 Jul 2025 10:00:00 +0000

I stopped using find and grep ages ago. fd and rg (ripgrep) are faster and have better defaults. Switching to these was probably one of the quickest productivity wins I’ve had.

Why they’re faster Link to heading

The main reason is .gitignore support by default. If you’re searching a monorepo with thousands of files, skipping node_modules and .venv automatically makes a massive difference. On my work codebase, rg is easily 5-10x faster than grep -r for common searches.

Publishing Python packages to Artifact Registry with uv

Sun, 20 Jul 2025 14:30:00 +0000

I spent way too long trying to get uv publish to work with Google Artifact Registry. The docs suggest using keyring, but that led me down a rabbit hole of authentication errors.

The error Link to heading

My first attempt was the keyring approach from the uv docs:

uv tool install keyring --with keyrings.google-artifactregistry-auth
uv publish --index my-registry dist/*

This gave me a 401:

error: Failed to publish `my-package-0.1.0.tar.gz` to my-registry
 Caused by: Upload failed with status code 401 Unauthorized

Even with gcloud auth application-default login configured, it just wouldn’t pick up the credentials.

Trustless pseudo-random number generation

Wed, 31 Jan 2018 00:00:00 +0000

I have been working on an Ethereum lottery Dapp with folks attending a meetup hosted by Strange Labs (Gloucester Road, Bristol - NOW CLOSED) and we faced a problem where we realised that Solidity does not have a built in random number generator and therefore picking a winner turned out to be more difficult that anyone imagined.

In order to make the system truly trustless, one of the ideas involved each participant generating their own random number and submitting it to the contract when they buy their lottery tickets. However I was concerned that taking a sum of of these numbers would result in a normal distribution allowing the early and late participants to have a built in disadvantage.

Permission issues with xpra when tunnelling through SSH

Wed, 15 Mar 2017 19:00:00 +0000

I often log into a remote SSH terminal to use an ipython shell. In doing so, it is necessary for me look at figures invoked by matplotlib as I am exploring and analysing data. For this, I have comfortably been using a combination of screen and xpra. However, I recently hesitantly upgraded my Ubuntu distribution from 14.04 Trusty Tahr to 16.04 Xenial Xerus. And with all upgrades, I expected minor breakages. Little did I realise that it would break xpra and interrupt my workflow sending me down a rabbit hole internet trawling for solutions. Turns out it is a known issue on on launchpad but the discussion has not been active for a while and the provided solutions were incomprehensible to a lay user. It appears that simply updating xpra to the latest version resolves the issue.

Enabling MathJax on a Jekyll server when offline

Wed, 08 Mar 2017 19:00:00 +0000

I like MathJax. It does a great job displaying equations on web pages written using $\rm\LaTeX$. However, I recently wrote a Jekyll blog post which uses MathJax and tried to view it on a locally deployed server while commuting on a train journey with no Internet connection. Then, I realised that it did not render the equations at all because it relied on sending AJAX requests to a remote server. Something had to be done and this is how I went about fixing it.

File/text was not valid utf8 encoded

Fri, 03 Mar 2017 19:00:00 +0000

In the process of writing my thesis, I had to frequently check that I was not exceeding the word limit by running the following command:

texcount thesis.tex -inc -nosub

And each time, I would get the following warning:

!!! File/text was not valid utf8 encoded. !!!

It was not until one of my supervisors noticed that something was causing strange artefacts to appear in the compiled PDF document in the feedback stage that I realised that it was to do with the Unicode characters hiding in the literature review chapter when I was copying block citation quotes from other publications. I was obviously not going to look through an entire chapter for Unicode characters so here is how I automated the process:

Getting Aimsun 8.1.3 to work on Ubuntu 16.04

Mon, 05 Sep 2016 19:54:00 +0000

After installing TSS’s Aimsun 8.1.3 on Ubuntu 16.04 (x64 build) on my machine, I tried to launch the program. However, the icon would appear briefly and close without any indication of what the problem was. The problem became obvious when starting up Aimsun through terminal using the following command:

/opt/Aimsun_8_3_0/Aimsun

Instead of starting normally, I got the following message instead:

Aimsun: error while loading shared libraries: libvpx.so.1: cannot open shared object file: No such file or directory

This was resolved by downloading version 1.3.0-3 of libvpx. To install, run the following dpkg command on terminal:

Presentation for Geomob

Thu, 21 Jan 2016 20:00:00 +0000

My presentation for Geomob in London:

Photography: Mundane, Surreal

Wed, 23 Dec 2015 16:34:00 +0000

Sometimes, the mundane assumes a surreal form and takes one by surprise. I had the pleasure of this encounter this morning and I felt the need to share it.

What me eat by Macka B

Fri, 18 Dec 2015 15:11:00 +0000

I love this song. Vegan solidarity!

Here is the lyrics borrowed from this site:

[Intro]
Selamta (Greetings in Amharic)
Ital (natural) we Ital and Vegan we Vegan
I and I (we) eat from the earth and leave the animals to give birth
No deaders (dead flesh) No fur No feathers
When I tell people I don't eat meat, fish or dairy
They look at me strangely
They don't realise I eat a very wide variety
Listen to Macka.B
Yo!

[Hook x2]
Wha me eat them a wonder wha me eat
When me tell them say me nu (don't) eat no fish nor no meat no
Wha me eat them a wonder wha me nyam (eat)
When me tell them say that I'm a vegan

[Verse 1]
Well me nu eat no meat no fish no cheese nor no egg
Nothing with no foot no eye no wing nor no head
Nothing with no lip no ears no toe nor no leg
Prefer fruit and vegetables instead
Me careful and me choosy about what I'm eating
My medicines my food my food is my medicine
When I tell people that me nu eat dem deh (those) things
The look at me and scratch their chin
And start wondering

[Hook 2]
Wha me eat them a wonder wha me eat
When me tell them say me nu eat no fish nor no meat no
Wha me eat them a wonder wha me nyam
When me tell them say that I'm a vegan
Wha me eat them a wonder wha me eat
When me tell them say me nu eat no fish nor no meat no
Wha me eat them a wonder wha me eat
Dou you want to hear wha me eat?

[Verse 2]
I eat
Callaloo, Ackee, Sweet Potato
Yam, Banana and Tomato
Cabbage, Spinach, Avocado
Cho Cho, Butter Beans and Coco
Courgettes, Millet, Plantain
Rice and Peas and Pumpkin
Mango, Dates and Guava
Chick peas and Cassava
Brussel sprouts and Caulifower
Onion, Fennel and Cucumber
Plum, Pear and Papaya
Aubergine and Soya
Lime , Lentils and Quinoa
Wholemeal Bread and Wholemeal Flour
Watercress and Okra
Tofu and Sweet Pepper
Cous Cous and Carrots
Broccoli and Coconut
Peaches, Apples, Apricot
Breadfruit, Jackfruit, Sour sop
Pistachios, Cashews and Almonds
Walnuts, Peanuts also Pecan
Sesame Seeds, Sunflower..., Lemon
Orange, Pineapple and Melon
Bulghar Wheat and Garlic, Kiwi, Corn and Turnip
Pap Choy and Pomegranite, Hijiki and Rocket
Berries, Cherries and Strawberries
Beetroot, Grapefruit and Celeries
You see the meat's not necessary
We tell them say

[Hook x2]

[Verse 3]
Look how me big and me say look how me strong
Some people can't believe that me a vegetarian
If you want a healthy body check the real Rastaman
Cause Rastaman will tell you about the right nutrition
Me get my Calcium ,my Sodium me get Potassium
Me get my Zinc,me get my Iron and my Magnesium
Instead of nyam(eat) the fish I nyam what the fish nyam
Like the Kelp and Irish Moss that grow in the ocean
Me get me Proteins and my Minerals, me get me Calories
The Vitamins A the B the C the D the E,the F the G
Essential fatty acids like the Omega 3
Me get me fibre and me Carbohydrates in my body
Don't forget your Water drink a few glasses a day
The toxins in your body just flush them away
Some of the things you eat stop in your body and decay
When it comes to food I don't play
We tell them say

[Hook x2]

[Verse 4]
A lot of people would stop eat the meat
If they had to kill the animals before they could eat
Look at the way the animals them get treat
The unsanitary conditions where some of them keep
If we were supposed to eat the meat we would have sharp teeth
You wouldn't need a Knife and fork can you see it
You can't eat it raw you have to cook it complete
And put on Vegetable seasoning to make it taste sweet

[Hook x2]

[Verse 5]
It's up to you you can eat what you want to
You can be a vegetarian and be healthy too
There's a lot of choice around many foods are on view
I just remember some more I forgot to tell you
The Nectarines and tangerines and clementines and guanabana
Lychhe, oats and ginger, kale and spirulina
Mung beans, wholemeal pasta etc

Use crontab to log CPU temperature on OSX!

Thu, 17 Dec 2015 15:16:00 +0000

I have just set up a way to automatically log temperature using OSX terminal because my computer was frequently overheating and I wanted to investigate why. Here is breakdown of how I did it.

First of all, I installed Temperature Monitor for OSX from this URL into the application folder.

On terminal, I entered the following command to edit crontab using vim text editor.

env EDITOR=vim crontab -e

In the editor, I entered the following line which creates and appends date, time and temperatures from all your built-in sensors at a minute interval to ~/Documents/temp.txt. Feel free to change this to whatever you like.

Find and delete files and folders in OSX terminal

Fri, 20 Nov 2015 10:54:00 +0000

Finding and deleting files and folders in OSX is simple. Open your terminal. In order to just find your files/folders (non destructive):

For files:

find . -name "Icon?" -type f

For folders:

find . -name "Icon?" -type d

For files and folders:

find . -name "Icon?" -type f -o -name "Icon?" -type d

In order to delete them, just add -delete operator to the end (DESTRUCTIVE):

For files:

find . -name "Icon?" -type f -delete

For folders (although you may get a warning message saying ‘No such file or directory’):

Converting raster files from one reference system to another

Mon, 19 Oct 2015 13:07:14 +0000

I had to convert lots of OSGB EPSG:27700 raster files to LonLat EPSG:4326 format and here is how I did it on my OSX terminal. I also wanted to change the format from *.asc to *.tif. Supposing you already have gdal libraries installed, just run the following code:

input_folder = ???
output_folder=../LonLat

cd input_folder
mkdir output_folder

for file in *.asc; do
 gdalwarp -s_srs "+proj=tmerc +lat_0=49 +lon_0=-2 +k=0.9996012717 +x_0=400000 +y_0=-100000 +ellps=airy +towgs84=375,-111,431,0,0,0,0 +units=m +no_defs" -t_srs "+proj=longlat +datum=WGS84 +no_defs" "$file" "$folder/`basename $file .asc`.tif";
done

To utilise all CPUs, add -wo NUM_THREADS=ALL_CPUS to the gdalwarp options.

Fastest way to access a list that is a subset of an even bigger list

Tue, 06 Oct 2015 10:13:14 +0100

Say I have a list of objects called agents with 100,000 objects.

I have a second list called agents_per_step which refers to 39,393 objects in agents.

Say I need to access the agents in the reference list. What is the fastest way to access these objects?

I ran three tests:

Loop through a list directly containing agent objects
Loop through a list of indices referring to agents objects on a list
Loop through a list of indices referring to agents objects on a dict

I present the results below:

Forum is Free: Housing and Energy

Thu, 12 Mar 2015 16:21:11 +0000

On 11 May, Bristol Green Party hosted a forum to discuss housing and energy at The Station in central Bristol.

The meeting was chaired by Darren Hall, Green Party candidate for Bristol West and Director of Bristol Green Week and on the panel were:

Oona Goldsworthy, Chief Executive of United Communities
Mike Roberts, Director of HAB housing owned by Kevin McCloud
Shankari Raj Edgar, Director of Nudge Group
Keith Cowling, Chair of Bristol Community Land Trust and Director of Community Buildings Federation

Bristol People’s Question Time

Thu, 12 Mar 2015 12:00:42 +0000

On 10th March, Bristol People’s Assembly hosted People’s Question Time at City Road Baptist Church in Stokes Croft.

In the panel were Rufus Hound (Comedian and Actor), Pastor Eric Aidoo (from the Church), Romaine Phoenix (Chair of The People’s Assembly), John McInally (Vice President, PSC Union) and Sauda Kyalambuka (Educator and Board member of African Voices Forum).

Hound opened with the remark that in this age of austerity, the rich got richer. He used the analogy of vampires living up in a high castle feeding on inhabitants of a village nearby idly standing by offering up members of their community as victims so that the rest can go on living. It would be unthinkable from our perspective to let that carry on happening and yet, the way that the corporations are leeching off our civilisation is exactly the same thing using austerity as an excuse. Therefore, he suggest that we ‘Kill the Vamps’!

Another Angry Voice

Wed, 11 Mar 2015 16:07:05 +0000

Another Angry Voice (AAV) aka Tom paid a visit to Bristol on 5th March.

AAV introduced himself as a regular guy and emphasized that if he can do a political blog then anyone can.

An example of an infographic by AAV.

AAV brings up the information war that left has been quite bad at communicating left wing ideas. Terms like Socialist, Anarchist, Communist, Green etc. are all loaded with distorted emotional meanings that people do not want to be associated with. He calls it ‘Tabloidesque` definition:

How well does population distribution predict evacuation time?

Tue, 10 Mar 2015 12:50:00 +0000

Previously, we tried to predict 90th percentile evacuation time $T{90}$ determined from ABM simulation using 90th percentile free flow clearance time $T90f$. Bigger the city, greater we can expect $T90f$ to be since it would take longer to traverse. Plotting $T90f$ vs $T90$ produces the figure below. $T90f$ under predicts $T90$ with a poor fit ($R=0.31$) but it is clear that $T90$ is never less than $T90f$!

First post!

Wed, 04 Mar 2015 14:29:13 +0000

I have just updated the website and finally acquired brtkwr.com for good which is now hosted on Github pages too which is an excellent free of charge service if I may say so. It has just the right amount of manual tweaking to make you think you have control over how the information is presented on the website but sufficient structures already in place, for example, using the Jekyll static pages generator to automate most of the unpleasantries of reinventing the wheel of coding another site from scratch. This website will simply serve as a place where I can put my thoughts out there for people to look at if they want to.

About Bharat Kunwar

Mon, 01 Jan 0001 00:00:00 +0000

I’m Bharat (although I usually go by brtkwr handle on the tinternet). I’ve lived in Bristol since 2012 - a city I love love love!

CV

Mon, 01 Jan 0001 00:00:00 +0000

Health Bridge — Privacy Policy

Mon, 01 Jan 0001 00:00:00 +0000

Last updated: 23 March 2026

Health Bridge is a free iOS app that syncs Apple Watch workouts to Garmin Connect. Your privacy matters — here’s how the app handles your data.

What data the app accesses Link to heading

HealthKit workout data: heart rate, GPS routes, running dynamics, and other metrics recorded by your Apple Watch during workouts.
Garmin Connect credentials: your Garmin account login is used solely to authenticate with Garmin’s servers for uploading workout data.

How your data is used Link to heading

Workout data is read from HealthKit, converted to FIT format, and uploaded directly to your Garmin Connect account.
All processing happens on your device. No workout data is sent to any server other than Garmin Connect.
No analytics, tracking, or telemetry is collected by this app.

Data storage Link to heading

Garmin authentication tokens are stored securely in your device’s Keychain.
Sync records (which workouts have been synced) are stored locally on your device using SwiftData.
No data is stored on external servers controlled by the developer.

Third-party services Link to heading

Garmin Connect: Workout data is uploaded to Garmin’s servers using their API. Garmin’s own privacy policy applies to data stored on their platform.
Apple HealthKit: The app reads data from HealthKit with your permission. Apple’s privacy policy governs HealthKit data.

Your control Link to heading

You can revoke HealthKit access at any time in Settings → Health → Health Bridge.
You can log out of Garmin Connect within the app.
Deleting the app removes all locally stored data, including sync records and Garmin tokens.

Contact Link to heading

If you have questions about this privacy policy, email health-bridge-app@googlegroups.com.