A little trust goes a long way

As a senior technical person, you will have certain professional authority. But to be effective, you need to build personal trust with your team and peers. That can happen only if you are approachable & transparent.

Set up 1:1 meetings with your team members and cross-functional team leads. Go on a listening tour and take your notes.

Be specific on how people can reach you and how you will communicate with them. Setup routine 1:1 meetings if required.

Follow the money

It is important to have high level overview of the business. This will help you make informed decisions and prioritize your work effectively.

If the company is public, you can get quarterly & annual reports. If not, try to get a good sense of where the money is coming from and where the money is going.

Follow the data

Get a high level overview of product(s), infrastructure, tools, data flow. This is crucial to make informed technical decisions or architectural changes.

Start Small

For the first 30 days, you should be in "listening mode" or "absorbing mode". Try to understand the company, the team, the product, the customers, the culture, and the processes.

It is better to avoid any big changes in the first 30 days. There will be plenty of time for that later.

30-60-90 Day Plan

Note down action items for next 60 and 90 days.

It could be anything from setting up a new monitoring system, to improving the deployment process, to hiring new team members, providing simple tools for self service, etc.

Commnicate the plan with all stakeholders and avoid any surprises.

Reduce Cloud & SaaS Costs

If these are a significant part of the company's expenses, then review the costs and see if there is any room for reducing these costs.

On cloud, moving compute instances to reserved or spot can save 70-90% of costs.

That can have a big impact on the company's bottom line.

Buy or build good tools

On the other hand, if there are any tools that can help the team to be more productive, then it is worth investing in those tools.

To do that, you should already have a good toolset under your belt.

Sometimes building a simple tool which can make team self sufficient can have a big impact on the team's productivity and morale.

Conclusion

The first 30 days in a senior technical role are crucial for building trust, understanding the business, and setting the foundation for the next step.

Without much work to do, you can have a big impact on the company by following the tips mentioned above.

The best code is the code you don't have to write

Config First Tools

Any tool that provides first class support for configuration files can be considered a Config First Tool. These tools allow developers to setup/build/deploy applications by writing configuration files instead of writing code.

In DevOps world, tools like Terraform, Ansible, and Kubernetes are examples of Config First Tools. These kinds of tools are not that popular in the web development world.

In this article, lets see how we can build a full stack web application using only configuration files.

Todo - Web App

A simple backend API that allows users to manage todo lists. A simple frontend that uses the backend API. A simple script to deploy the backend and frontend applications.

Backend API

PocketBase is a backend API that provides a simple way to create and manage databases, authentication, and file storage. It is a great tool for building simple backend APIs without writing any code.

$ brew install pocketbase
$ pocketbase serve

We can create a collection called Todo with required fields and pocketbase will automatically generate the API for us.

Frontend

Lowdefy is a config first tool that allows us to build web applications using yaml config.

$ npm install -g lowdefy
$ lowdefy init
$ lowdefy dev

For basic crud apps, instead of us writing the boilerplate config, we can ask an AI agent to write the config for us.

Deployment

For deployment, we can use Ansible to deploy both the backend and frontend applications. Here also we can just AI agent to write the playbook for us.

$ pip install ansible
$ ansible-playbook deploy.yml

OliveTin

Even though we can use ansible to deploy the applications, it is not that convenient to run ansible playbooks on mobile. OliveTin is a config first tool that allows us to create web UIs for our scripts.

  - title: "Deploy ToDo App"
    popupOnStart: execution-dialog
    shell: ansible-playbook deploy.yml
    timeout: 6000
    icon: "🤖"

We can create a simple web UI for our deployment script with just 5 lines.

Conclusion

For quick prototyping and simple applications, config first tools can be a great choice as they allow us to build applications without writing any code. They also allow us to focus on the application logic rather than the implementation details.

With the rise of AI, it is much easy to maintain 500 lines of config than 5000 lines of code.

During 25th Feb 2026, a joint meetup was hosted by BangPypers & SciPy India.

There was a slot for lightning talk & I gave a talk on Kraken2 performance optimisations titled as "Classify billion base pairs per second".

Since it was a lightning talk, I didn't had time to polish the slides. During the talk, I briefly covered:

• What is metagenomics?
• Overview of open source classification tools
• Brief intro to Kraken2
• Performance optimizations in Kraken2

Few years back, I wrote a series of posts on Mastering Kraken2 where I covered all the optimizations in detail. If you want to dig deeper into the topic, you can check out the series.

In a world of complex internal tools, OliveTin bridges the gap between raw CLI and usable web UI with just yaml config.

Server Admin Panel

I used admin panels like CockPit, Ajenti, etc to provide simple web UI for non-developers to provide access to services. Developing custom widgets is time consuming and requires programming skills as well.

With OliveTin, I can provide web UI directly with just yaml config. This saves a lot of time and effort. It also provides a clean UI as it starts from scratch.

Backend Driven UI

For existing python scripts, I often use tools like Streamlit, NiceGUI, etc to create web UIs. Organizing the UI components for multiple scripts is time consuming.

OliveTin can provide web UI directly python scripts and they can be organized in groups with just yaml config.

Mobile Friendly

To do a simple deployment on mobile, I need to open an app that supports ssh, ssh into the server, navigate to a directory, run a script to deploy.

OliveTin provides a "Deploy" button on mobile browser which is way convenient.

Authentication

OliveTin provides authentication(local users, OAuth2, JWT, etc), authorization(ACLs) & accounting(logs) out of the box. With just yaml config, we can secure the web UI.

Conclusion

There are hundreds of other features provided by OliveTin like scheduling, file uploads, webhooks, etc.

If you ever want to provide a simple web UI for scripts with low code or no code, give OliveTin a try!

Introduction

We learnt how to deploy kubernetes cluster anywhere with a single k3d command. By default, k3d cluster is accessible only from the host machine.

Remote Access

Create new cluster with

$ k3d cluster create cloud-k8s \
  --api-port 6443:6443@loadbalancer \
  --k3s-arg "--tls-san=<remote-ip>@server:*"

• --api-port 6443:6443@loadbalancer maps port 6443 on the host machine to the cluster's API server load balancer. This can be changed (e.g., 8080:6443) if 6443 is taken on the host.

• --k3s-arg "--tls-san=..." adds the host's public IP to the certificate, preventing SSL errors later.

• Ensure remote server firewall allows incoming traffic on the chosen port (e.g., 6443 or 8080). To verify, run telnet <remote-ip> 6443 from local machine.

On the remote server, get kubeconfig:

$ k3d kubeconfig get cloud-k8s
---
apiVersion: v1
clusters:
- cluster:
    server: https://0.0.0.0:6443
  name: k3d-rk
   ... # truncated for brevity

Copy this kubeconfig, replace 0.0.0.0 with the remote server's public IP.

Open Free Lens, paste this config and connect to the remote k3d cluster.

Conclusion

You can use your favorite Kubernetes tools (kubectl, FreeLens, k9s, etc.) to manage the remote k8s cluster.

Problem Statement

In the earlier post, we have seen how to route specific websites to an exit node using a SOCKS proxy & browser extension(or a PAC file).

With this approach, when we need to work on multiple computers, we need to setup the SOCKS proxy & browser extension individually.

Instead we can use Tailscale's App Connectors to route specific websites through selected nodes.

Tailscale docs are too complicated for this App connectors. Here is a simplified version of the steps.

Tailscale - App Connectors

Note: There is no need for publicly reachable IP address for the Tailscale node which is used as App Connector. (Thanks Chris Smith for pointing it out. Tailscale docs are misleading in this regard.)

• In the Tailscale admin console, go to the "Access control" section & add tagOwners.

    "tagOwners": {
        "tag:home-connector": [
            "autogroup:member",
        ],
    },

• Use any Linux machine (it doesn't need static IP) to setup the App Connector. Install Tailscale on it. Advertise it as an app connector.

$ sudo tailscale up --advertise-tags=tag:home-connector --accept-routes

Enable IP forwarding on the machine. If your Linux system has a /etc/sysctl.d directory, run

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Otherwise, run

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf

• From the Tailscale admin console, create a new app connector.

In the "Target" field, we can select any existing app or we can use custom target so that we can route our desired websites. For now, I am adding ip.me domain so that we can verify if the traffic is routed through the connector.

• From the "Machines" page, select the device and approve the requested subnets.

From browser, lets visit 2ip.io to see our device ip address. Next, lets visit ip.me to ensure we are seeing the connector's IP as this domain will be served by app connector.

Conclusion

We can use App Connectors to route specific websites through a Tailscale node without needing to setup SOCKS proxy or browser extensions on each device.

Problem

Tailscale¹ provides zero-config mesh VPN built on top of Wiregaurd.

It provides an option to use an exit node for routing all traffic through it. But it can't route only specific domains through the exit node.

Solution

Setup a SOCKS proxy using ssh command line tool.

ssh -D 1080 -f -C -q -N user@exit-node-ip

-D 1080 : Specifies the local port to listen on for SOCKS connections.

-f : Requests ssh to go to background just before command execution.

-C : Enables compression.

-q : Quiet mode.

-N : Do not execute remote commands.

Once it is started, we can use ZeroOmega² browser extension to route specific domains through the SOCKS proxy.

In the auto switch profile, we can setup specific domains which needs to be directed to the proxy. For all other domains, it will use the direct connection.

This works only for the browser where the extension is installed.

To apply this at the system level, we can use pac file and update the system proxy settings to use the pac file.

Conclusion

Tailscale provides app connector feature to route specific apps through the exit node, but it is needs publicly reachable IPs & Linux based OS for now.

Setting up SOCKS proxy & using a browser extension or PAC file is much easy & straight forward solution to route specific domains through Tailscale exit node.

Problem

If we connect a mouse to macOS, the scrolling direction changes to "unnatural" for the mouse. This is because macOS has a single setting for natural scrolling that applies to both trackpad and mouse.

Solution

To have natural scrolling for both trackpad and mouse, we can use third-party tools like UnnaturalScrollWheels.

If we already use Karabiner-Elements, we can use it to set natural scrolling for mouse separately.

Open Karabiner-Elements and go to the "Devices" tab, select your mouse, and click on "Open mouse settings".

In the mouse settings, check the "Flip mouse vertical wheel" option.

Now, both trackpad and mouse will have natural scrolling.

As investors, we buy mutual funds from fund houses, platforms, or from distributors. But have you ever wondered what happens behind the scenes? How do these funds operate, and what processes are involved in managing them? In this post, we'll explore the behind-the-scenes operations of mutual funds.

Structure of a Mutual Fund

In India, mutual funds have 3-tier structure consisting of the Sponsor, the Trust & the Asset Management Company (AMC).

• The sponsor establishes the mutual fund and is responsible for its operations.

• The trust & trustees are responsible for safeguarding investor interests, supervising the AMC's operations, and ensuring compliance with regulations. Custodians are appointed to hold the securities of the mutual fund and ensure their safekeeping.

• AMC is the core entity responsible for the day-to-day management of the mutual fund.

The legal seperation of Trust & AMC ensures that the interests of investors are protected, and the fund's assets are managed independently.

All AMCs are registered with the Securities and Exchange Board of India (SEBI) and the list is available on the SEBI website.

We can look at SBI MF details from AMFI to understand the structure better.

Mutual Fund Transactions

RIA: Investors can use RIA (Registered Investment Advisor) platforms like Groww, Zerodha Coin, to invest in direct mutual funds.

MFD Alternatively, they can also buy regular mutual funds through distributors like NJWealth, PhonePhe etc.

TEP: To process these transactions, Trading & Execution Platforms like BSE Star MF, NSE MFSS, etc are available. These platforms facilitate the buying and selling of mutual fund units, ensuring that transactions are executed efficiently and accurately.

RTA: RTA(Registrar and Transfer Agent) plays a crucial role in maintaining investor records, processing transactions, and ensuring compliance with regulatory requirements.

Investors can also buy mutual funds directly from the fund house's website or through their mobile app.

These mutual funds can be stored in Demat account or in physical form as account statements. It depends on the platform or fund house you choose to invest with.

Conclusion

This post provided a brief overview of the behind-the-scenes operations of mutual funds in India.

Requirements

• Raspberry Pi (any model)
• MicroSD card (8GB or larger)
• Power supply

Setup

Download & install Raspberry Pi Imager from here.

After installation, connect SD Card to Computer, and start installation process.

In the config step, setup WiFi credentials and enable ssh server as well.

Once the installation is complete, insert the SD card into the Raspberry Pi and power it on.

Find the IP Address

You can find the IP address of your Raspberry Pi by checking your router's connected devices list or using a network scanning tool like nmap or arp.

arp -an

# or using nmap
nmap -sn

Once you have the IP address, you can SSH into the Raspberry Pi.

ssh pi@<IP_ADDRESS>

Conclusion

When we don't have a monitor and/or keyboard, this process allows us to set up a Raspberry Pi headlessly. This is particularly useful for projects where the Pi will be used as a server or in a remote location.