Dealing with a pilot strike at the airport in the manner of our forefathers: day drinking (whilst sending emails)

Keeping up to date on pollen level of the capital by measuring the level of suffering in this thread.

Things are coming together

100 Jumps Hold to charge, release to jump. Land on 100 platforms to win — but one miss and it's over. How many attempts will it take you?

100jumps.org is addictive and annoying

_Euston Station_

Do itttttt

The Tour de PyData: Challenging Myself to Speak at Every PyData Meetup in the UK and Ireland # I have a habit of setting myself ambitious if slightly wacky goals: riding the London to Brighton bike ride, building an ASCII art photobooth, pursuing a career in devl rel etc and my latest is no exception. One of my aims for 2026 was to give back to the Python community and to that end I’m helping to organise meetups for PyData London, running socials at this year's PyData London conference (literally organising a piss up in a brewery) but I wanted to do more. > PyData, for those who are unaware, is the educational/community arm of NUMFocus, an organisation that supports many open-source scientific and data science Python projects like Scipy and Pandas. PyData has groups all over the world hosting regular meetups on a variety of topics.As I covered in my blog post on the topic I’ve long been equally inspired and frustrated by the map of PyData Meetups: frustrated by its inaccuracies (and, as I’ll dig into, incompleteness), and inspired to visit some of those groups. After a few months of careful preparation, tentatively reaching out to other PyData organisers across the UK, and ultimately making my own map(s) of PyData groups I was ready to begin my journey. ## The Tour de PyData So here’s the plan: I’m going to try and speak at as many PyData Meetups across the UK and Ireland as possible this year. My plan for this little adventure is both to see some places I’ve never visited before (after two years in dev rel I’ve been to Charlotte airport more than I’ve been to Scotland) and to help promote something really cool: across the UK and Ireland are more PyData groups than anywhere else in the world. I’ll be documenting my journey here and doing my best to showcase the depth and breadth of the wonderful PyData community. What better time to call attention to our awesome community than in 2026 with community budgets tightening across the board and volunteers needed more than ever? Above is yet another map I cooked up, this one listing all the PyData groups I’m scheduled to speak at and charting my progress. To make this challenge even close to possible I’m limiting the list of groups I plan to speak at to groups that are regularly hosting events, bringing the total number of groups down from 21 to 15. A huge thank you to all the PyData organisers who have invited me to speak at their groups already! ## Another Problem With The Meetup Map When I last spoke about this project I outlined four major issues I had with the official PyData group map on Meetup: it’s impossible to see how many meetups are in the same city, several groups are in the wrong location, it’s unclear if groups are still active, and every group is shown dozen of miles north of its actual location. After the talk Stelios Christodoulou raised an issue on my GitHub repo for the project that would expose a fifth, even more significant, problem. Stelios pointed out I was missing PyData Edinburgh from my map. Initially I kicked myself, wondering what I’d missed in my webscraping code that had caused me to miss a group as large as Edinburgh, before realising this was in fact a symptom of a wider problem: **_not every PyData group is included in the official map!_** I was able to write a hacky script to run through every major city on Earth looking for PyData groups and turned up some interesting results: 7 PyData groups are missing from the official map: Tokyo, Abu Dhabi, Vilnius, Krakow, Poznan, Basel, Lausanne, and of course, Edinburgh. Why are these groups missing from the official map? It’s unclear but all of these groups have been inactive for a while, which might explain why. My search also turned up some interesting _former_ PyData groups like Software Talks Lancaster, which still have “PyData” group URLs but seem to have moved onto new topics. ## Grand Depart I’m set to get started on my Tour de PyData later this week: starting off with the wonderful PyData Manchester, the UK’s second largest PyData group, and PyData Hull, the newest. Of course the obvious question is what do I plan on speaking about 15 times? The PyData mapping project! A little meta though it may be this project is a great fit for PyData events, as it features: data engineering, web scraping, geoencoding, and of course Python. Now, with my map of PyData groups more complete than ever, I’m excited to share it with the community. I’m really looking forward to spending some time with the PyData community this year, and hopefully to help encourage some folks to support their local PyData group. Groups always need support in the form of speakers, organisers, venues, sponsors, and in general just people to show up and build the community. Are you up for the challenge of speaking at every PyData Group in the UK and Ireland in a year? Feel free to fork my map and create your own if you like. I’ll be updating on the progress of my journey here, watch this space and see you at a local PyData soon!

I have a habit of setting myself ambitious if slightly wacky goals: riding the London to Brighton bike ride, building an ASCII art photobooth, pursuing a career in devl rel etc and my latest is no exception. One of my aims for 2026 was to give back to the Python community and to that end I’m […]

Anyone in London want a solo ticket to Death Cab for Cutie on September 26th? I had to purchase a different ticket to sit w/a friend and now I have a solo ticket to offload 😅

Securing My Homelab With Tailscale Follow up video to my blog on my homelab getting hacked, covering how I secured Umami with Tailscale. Photo credit Ellie Geddis.

Follow up video to my blog on my homelab getting hacked, covering how I secured Umami with Tailscale.

Photo credit Ellie Geddis.

I suffer for my art

Not Llamas on the way to Hursley? :)

Today is my last day with the Deno team 🦕💖💔

I know they're gonna keep making awesome things.

But now *I* need to make awesome things for someone else! If you're looking for a DevRel with a JS focus and extra sparkle, get in touch!

Scheduling was never my strong suit

Finishing running an online workshop before sprinting for a train to do AV at AI Signals tonight

Dream podcast

I wonder if by the end of the week we'll reach 2,000 tickets gone 👀

🎟️ ➡️ ti.to/codebar/code...

What's the meal deal combo @ohhelloana.blog? The people want to know

A Homelab Cautionary Tale: How Crypto Scammers Hacked My Analytics Dashboard # I've been into homelabbing for a few years now. For those unaware, a homelab is a self managed IT environment, typically used for hosting apps and learning, which in practice usually means a hodgepodge of compute, storage, and networking. Here's my homelab: Here's the parts of my homelab actually plugged in and doing meaningful(ish) work: In my defence the desktop is the only Windows box in my flat and I'm damned if I'm unracking that UPS, even if the batteries have long since ceased to hold charge. The three clustered Raspberry Pi 4s provide me with a decent enough environment to play around. I use my homelab to self-host things like my website, HomeAssistant, personal projects, and analytics to see if anyone is using any of the former. I had fun gradually bodging this together over the years until eventually my lacklustre approach to system administration best practices came back to bite me. ## **Discovering the Hack** Cryptocurrency and all other financial instruments with the crypto prefix are in my view at best ponzi schemes and legal sleight of hand to dodge gambling regulations and at worst climate destroying instruments of global corruption and crime. I'd thoroughly recommend _Molly White's_ writing if you’re interested in what a mess the crypto industry is. With all that said, you could imagine I was particularly annoyed when checking my web analytics dashboard to find that not only had someone hacked my homelab: they had somehow managed to inject a crypto casino ad into the web app html. I didn't actually get a screenshot of this but it looked a little something like this: After recovering from the digital equivalent of finding a stranger in my living room, I started digging into how exactly this happened. ## **The Vulnerability** A quick web search turned up _an issue on GitHub describing exactly what I was seeing_. In short, a vulnerability in _Next.js_ (_CVE-2025-29927_) allowed attackers to access compromised systems with Umami installed. Two things became immediately clear: one, that I had been very lucky, the scope of the impact on my homelab was very limited; two, I was late to the party–I hadn't noticed this issue until late February 2026, despite the vulnerability having been known about since December 2024. ## **Assessing the Blast Radius** I deployed apps to my homelab with Docker, which limited the attacker's access to the Umami container. Whilst the attacker gained authenticated access to my Umami dashboard, which allowed them to insert the gambling popups visible to anyone viewing that dashboard, the host server was not compromised. After stopping the container, and carefully inspecting its contents, I could see that the attacker had injected a malicious _middleware.ts_ file into the file system. This file seemingly would have caused more serious issues, but luckily the injection was partially blocked by file permission restrictions on the container. I'd like to chalk this up to me implementing **_robust zero-trust across best practices™_** across my entire homelab but this was mostly dumb luck. After figuring out how the attack had compromised my Umami container I stopped it and did some digging around in the filesystem to understand the impact. Having seen in the GithHub issue evidence of malware more serious than just adding ads to my dashboard, I gave the host a thorough check to make sure it hadn't been compromised: I looked for evidence of this in the form of new shell profiles, cron jobs, and any newly created files. All in all, after a tense couple of hours spent inspecting my homelab I was able to confirm that the hosts and other containers were completely unaffected. The analytics data in the Umami database showed no evidence of tampering, and visitor data across my personal projects had not been accessed. ## **Remediation** Thanks to Docker limiting the spread of the attack, remediation was fairly simple. I deleted the compromised container, rotated my Umami database credentials, and pulled the patched image: docker rm umami docker image pull umami I then recreated the container with the direct port 3000 exposure removed from my Docker Compose file and updated the admin password. I also checked in on all my other containers for any other outstanding CVEs and updated them across the board. ## **Lessons Learned** Despite having spent years being the "_pin your versions_" guy at work, I was running containers on :latest tags with no update monitoring, which led to being five months behind on the patch that would have protected me from this issue. Whilst Docker container isolation was the key factor that prevented this from being a full server compromise, I learned that I need to be more careful with my homelab security: no more default passwords for me! Some next steps to further secure my homelab are adding a basic nginx authentication layer in front of my Umami dashboard and other private services, and setting up container update monitoring (potentially with _Diun_, which looks promising) to avoid missing another CVE for the best part of six months.

I've been into homelabbing for a few years now. For those unaware, a homelab is a self managed IT environment, typically used for hosting apps and learning, which in practice usually means a hodgepodge of compute, storage, and networking.

Here's my homelab:

Here's the parts of my homelab […]

Every time the job market is bad I have fantasies of throwing in the towel and doing something with my hands. An electrician maybe? Retraining is no joke but looks like work I could get on with.

Grafana & Friends Manchester Inaugural Event: SQL + OpenTelemetry eBPF, Thu, Mar 19, 2026, 6:00 PM | Meetup 🗒️ **Details** Join us for an observability-focused meetup hosted at **Autotrader** **Manchester!** This event is an opportunity to dive deep into advanced Grafana feature

#Manchester - want to learn about SQL Expressions in @grafana.bsky.social and be part of our first ever Manchester Meetup? We also have a talk about Beyla and Open Telmetry. Thursday at Autotrader Hawkshaw St. We'll have food and swag. www.meetup.com/grafana-frie...

Is this anything?

Performative male girlfriend divine feminine boyfriend

"Let's take this to the white board" the white board:

Writing process for latest blog immediately descending into chaos

Happy Birthday @nearestnabors.com !

i actually don't ever want a beer that tastes like a chocolate cake

Deeply satisfying

A gap in my ducts! If only there were some kind of tape for this.

👌