.gitea/workflows/build_push.yml

@@ -1,72 +1,61 @@
 name: Build and Push Image
 on:
-  push:
-    branches:
-      - master
+    push:
+        branches:
+            - master
 
 jobs:
-  build:
-    name: Build and push image
-    runs-on: ubuntu-latest
-    container: catthehacker/ubuntu:act-latest
-    if: gitea.ref == 'refs/heads/master'
+    build:
+        name: Build and push image
+        runs-on: ubuntu-latest
+        container: catthehacker/ubuntu:act-latest
+        if: gitea.ref == 'refs/heads/master'
 
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v4
 
-      - name: Create Kubeconfig
-        run: |
-          mkdir $HOME/.kube
-          echo "${{ secrets.KUBEC_CONFIG_BUILDX_NEW }}" > $HOME/.kube/config
+            - name: Create Kubeconfig
+              run: |
+                  mkdir $HOME/.kube
+                  echo "${{ secrets.KUBEC_CONFIG_BUILDX_NEW }}" > $HOME/.kube/config
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver: kubernetes
-          driver-opts: |
-            namespace=gitea-runner
-            qemu.install=true
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+              with:
+                  driver: kubernetes
+                  driver-opts: |
+                      namespace=gitea-runner
+                      qemu.install=true
 
-      - name: Login to Docker Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.aridgwayweb.com
-          username: armistace
-          password: ${{ secrets.REG_PASSWORD }}
+            - name: Login to Docker Registry
+              uses: docker/login-action@v3
+              with:
+                  registry: git.aridgwayweb.com
+                  username: armistace
+                  password: ${{ secrets.REG_PASSWORD }}
 
-      - name: Build and push
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: |
-            git.aridgwayweb.com/armistace/blog:latest
+            - name: Build and push
+              uses: docker/build-push-action@v5
+              with:
+                  context: .
+                  push: true
+                  platforms: linux/amd64,linux/arm64
+                  tags: |
+                      git.aridgwayweb.com/armistace/blog:latest
 
-      - name: Trivy Scan
-        run: |
-          echo "Installing Trivy "
-          sudo apt-get update
-          sudo apt-get install wget apt-transport-https gnupg lsb-release
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
-          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install trivy
-          trivy image --format table --exit-code 1 --ignore-unfixed --vuln-type os,library --severity HIGH,CRITICAL git.aridgwayweb.com/armistace/blog:latest
-
-      - name: Deploy
-        run: |
-          echo "Installing Kubectl"
-          apt-get update
-          apt-get install -y apt-transport-https ca-certificates curl gnupg
-          curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-          chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-          echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
-          chmod 644 /etc/apt/sources.list.d/kubernetes.list
-          apt-get update
-          apt-get install kubectl
-          kubectl delete namespace blog
-          kubectl create namespace blog
-          kubectl create secret docker-registry regcred --docker-server=${{ vars.DOCKER_SERVER }} --docker-username=${{ vars.DOCKER_USERNAME }} --docker-password='${{ secrets.DOCKER_PASSWORD }}' --docker-email=${{ vars.DOCKER_EMAIL }} --namespace=blog
-          kubectl apply -f kube/blog_pod.yaml && kubectl apply -f kube/blog_deployment.yaml && kubectl apply -f kube/blog_service.yaml
+            - name: Deploy
+              run: |
+                  echo "Installing Kubectl"
+                  apt-get update
+                  apt-get install -y apt-transport-https ca-certificates curl gnupg
+                  curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+                  chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+                  echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
+                  chmod 644 /etc/apt/sources.list.d/kubernetes.list
+                  apt-get update
+                  apt-get install kubectl
+                  kubectl delete namespace blog
+                  kubectl create namespace blog
+                  kubectl create secret docker-registry regcred --docker-server=${{ vars.DOCKER_SERVER }} --docker-username=${{ vars.DOCKER_USERNAME }} --docker-password='${{ secrets.DOCKER_PASSWORD }}' --docker-email=${{ vars.DOCKER_EMAIL }} --namespace=blog
+                  kubectl apply -f kube/blog_pod.yaml && kubectl apply -f kube/blog_deployment.yaml && kubectl apply -f kube/blog_service.yaml

\

@@ -1,22 +0,0 @@
-[core]
-	repositoryformatversion = 0
-	filemode = true
-	bare = false
-	logallrefupdates = true
-[remote "origin"]
-	url = gitea@192.168.178.155:armistace/blog.git
-	fetch = +refs/heads/*:refs/remotes/origin/*
-[branch "master"]
-	remote = origin
-	merge = refs/heads/master
-[branch "kube_deployment"]
-	remote = origin
-	merge = refs/heads/kube_deployment
-[branch "when_to_use_ai"]
-	remote = origin
-	merge = refs/heads/when_to_use_ai
-[pull]
-	rebase = false
-[branch "an_actual_solution_to_the_social_media_ban"]
-	remote = origin
-	merge = refs/heads/an_actual_solution_to_the_social_media_ban

src/content/an_actual_solution_to_the_social_media_ban.md

@@ -1,52 +0,0 @@
-Title: An Actual Solution to the Social Media Ban
-Date: 2025-09-16 20:00
-Modified: 2025-09-17 20:00
-Category: Politics
-Tags: politics, social meda, tech policy
-Slug: actual-social-media-solution
-Authors: Andrew Ridgway
-Summary: The Social Media ban is an abject failure of policy. I propose an actual technical solution that addresses the issues raised by the legislation and also ensures user privacy and data security through an opt in solution.
-
-## The Toothless Legislation
-
-The Australian Government recently announced it would be “watering down” the requirements of the upcoming legislation regarding online safety. The irony isn’t lost on anyone observing the situation. Specifically, the planned mandatory minimum “flag rate” for underage detection technology has been dropped – a clear indication that initial testing proved unachievable. Furthermore, the legislation now only requires tech companies to demonstrate “reasonable steps” to remove children from their platforms.
-
-Let’s be frank: this legislation, as it stands, achieves very little. Experts in the field consistently warned that the proposed age verification approach was flawed and ignored industry input. The result? Parents are arguably in a worse position than before. The focus on punitive measures, rather than practical solutions, has been a misstep, and the relentless pursuit of this agenda by the eSafety Commissioner feels increasingly disconnected from reality.
-
-It’s important to state that criticism of this legislation isn’t an endorsement of big tech, in fact I’m actively working to reduce my own reliance on these platforms. It is about the Australian Government overreaching in an area where it lacks the necessary expertise and, frankly, the authority. The driving force behind this appears to be a personal vendetta, fuelled by someone unfamiliar with the fundamental principles of how the internet operates.
-
-So, with the current legislation effectively neutered, what *can* the government do to genuinely help parents navigate the challenges of online safety? I believe there’s a technically feasible solution that doesn’t involve trampling on privacy or creating massive security vulnerabilities.
-
-The answer lies in a system we’ve been using for decades: the Domain Name System (DNS). Simply put, DNS translates human-readable URLs like [https://blog.aridgwayweb.com](https://blog.aridgwayweb.com) into the corresponding IP address (e.g., x.x.x.x). It’s a foundational component of the internet, and while seemingly simple, it’s incredibly powerful.
-
-## What is DNS?
-
-Most people rely on the DNS provided by their Internet Service Provider (ISP) or the manufacturer of their router. However, it’s possible to change this setting. Popular alternatives include Cloudflare’s 1.1.1.1, Google’s 8.8.8.8, and paid family-friendly options like OpenDNS. For those with more technical expertise, it’s even possible to run your own DNS server – I personally use Pi-hole to block ads at the network level.
-
-This existing infrastructure offers a unique opportunity. The Chinese government has long leveraged DNS as part of its “Great Firewall,” demonstrating its capability for large-scale internet censorship and control. While that application raises obvious concerns, the underlying technology itself isn’t inherently malicious and is a good fit for the purposes of *opt in* age verification.
-
-<img alt="Current DNS" height="auto" width="100%" src="{attach}/images/dns_currently.png">
-
-## How can we leverage DNS for age verification?
-
-My proposal is straightforward: the Australian Government could establish a large-scale DNS server within the Communications Department. This server could be configured to redirect requests to specific websites – like Facebook or TikTok – to an internal service that requires some form of authentication or identity verification. Once verified, the request would then be forwarded to the correct IP address.
-
-<img alt="Optional Government DNS" height="auto" width="100%" src="{attach}/images/optional_gov_dns.png">
-
-This DNS server could be *optionally* configured on any router, with ISPs assisting less technically inclined customers. The result? Access to certain websites from that router would require passing through the government’s age verification process.
-
-The authentication could be managed by an adult in the household, providing a valid identity document to receive some form of auth mechanism (password? passkey? authenticator?) to allow the user to continue to their 'restricted' website.
-
-Mobile phones could also have the internal DNS updated by manufacturers to incorporate this DNS setting.
-
-This would allow for the creation of “Government-certified” or “Family-Friendly” devices – routers or phones pre-configured with this DNS server – ensuring a consistent level of online safety as defined by the Australian Government. These devices could be subsidised by the government to ensure accessibility for all families.
-
-Crucially, this system is optional. Individuals who prefer to manage their own online security – as I do – would remain unaffected. However, for parents who lack the technical skills or desire to implement their own solutions, this offers a practical and effective alternative to managing their child’s online safety.
-
-This approach also avoids the need to collect and store sensitive identity data offshore. No tech company needs to be involved in the verification process, and the skills to build and maintain this system already exist within the Australian public service.
-
-Furthermore, the eSafety Commissioner could easily update the list of websites subject to verification, providing a flexible and responsive system. It wouldn’t cover the entire internet, of course, but it would provide a valuable safety net for those who need it.
-
-## Where to from here?
-
-Now that the government has acknowledged the shortcomings of its initial approach, it’s time to explore real solutions. A government-run, family-friendly DNS system that routes certain domain names to a verification process is a solid starting point for a genuinely effective technical solution to help families navigate the online world.

src/content/apple_the_anti_dev_platform.md

@@ -1,41 +0,0 @@
-Title: Apple And The Anti-Dev Platform
-Date: 2025-08-28 20:00
-Modified: 2025-08-28 20:00
-Category: Tech, Software, Apple
-Tags: Tech, Software, Apple
-Slug: apple-anti-dev
-Authors: Andrew Ridgway
-Summary: Apples requirements for developers are onerous, I detail some of the frustrations I've had whilst dealing with the platform to deploy a small app as part of my day job
-
-## Introduction: Why I Hate Loving to Hate Apple
-
-This week, I found myself in the unenviable position of using MacOS for work. It was like revisiting an old flame only to realize they’ve become *that* person—still attractive from afar, but toxic up close. Let me clarify: I’m not anti-Apple per se. I appreciate their design aesthetic as much as anyone. But when you’re a developer, especially one with a penchant for Linux and a deep love for open-source, Apple’s ecosystem feels like walking into a store where the sign says "Employee Discounts" but they charge you double for the privilege.
-
-## 1. The Hardware-Software Tie-In: Why Buy New Every Year?
-
-Let’s talk about my borrowed MacBook from 2020. It was a kind gesture, right? But here’s the kicker: this machine, which was cutting-edge just five years ago, is now deemed too old to run the latest MacOS. I needed Xcode for a project, and guess what? You can’t run the latest version of Xcode without the latest MacOS. So, to paraphrase: "Sorry, but your device isn’t *new enough* to develop on the Apple platform anymore." This isn’t just inconvenient; it’s a deliberate strategy to force upgrades. It’s like buying a car that requires you to upgrade your entire garage every year just to keep it running.
-
-## 2. Forced Obsolescence: The New "Upgrade" Cycle
-
-Yes, Microsoft did the whole TPM 2.0 thing with Windows 11. But Apple takes it to another level. They’ve turned hardware into a subscription model without you even realizing it. You buy a device, and within a few years, it’s obsolete for their latest software and tools. This isn’t about security or innovation—it’s about control. Why release an operating system that only works on devices sold in the last 12 months? It creates a false market for "new" hardware, padding Apple’s margins at the expense of developers and users.
-
-## 3. High Costs: The Developer Fee That Keeps On Giving
-
-I honestly believe this actually boils down to money? To develop on Apple’s platform, you need an Apple Developer account. This costs $150 AUD a year. Now, if I were to buy a new MacBook Pro today, that would set me back around $2,500 AUD. And for what? The privilege of being able to build apps on my own device? It’s like paying a toll every year just to use the road you already own. It’s enough to make you consider a career change and become a sheep farmer.
-
-## 4. Lack of Freedom: Who Owns the Device Anyway?
-
-Here’s where it gets really egregious: Apple’s developer review process. It’s like being subjected to a TSA pat-down every time you want to build something, even if it's just for your own device. To deploy ANYTHING onto an IOS device I need to hand my Government issued license over to Apple and let them "check I'm a real person". And no this isn't just for the app store deployments, which I can understand. This is for any deployment, it's the only way to get a certificate to cross sign on the app and device... Google might be heading down a similar path, but at least you'll be able to on custom Android ROmS. On Apple, it feels like every step is designed to remind you that you’re dancing in their sandbox—and they call the shots. If you use IOS you have to dance to their tune AT ALL TIMES. 
-
-## 5. The "Apple Tax": A Future Job Requirement
-
-I think all developers and consultants should demand an "Apple Tax." It will be simple:
-
-*   $5,000 AUD for new Apple hardware.
-*   An additional 25% markup on development hours spent navigating Apple’s ecosystem.
-
-Why? Because it's time developers passed on these costs to the users. It's time to make this hurt the consumers who insist on using these products with predatory business models for developers. Yes, developers go where the market is, but it's time to start charging that market so it understands the true cost to be there.
-
-## Conclusion: Why I’ll Keep Hating Loving to Hate Apple
-
-Apple’s ecosystem feels like a love story gone wrong—a relationship where one party keeps raising the stakes just to remind you of how much they control everything. Developers are supposed to be the disruptors, the rebels who challenge the status quo. But when your tools are designed to keep you tethered to a specific platform and its outdated business model, it feels less like innovation and more like indentured servitude. If you’re still enamored with Apple’s ecosystem and think it’s “just part of the game,” I urge you to take a long, hard look in the mirror. Because if this is your idea of progress, we’re all in trouble.

src/content/gpt_oss__is_it_eee.md

@@ -3,13 +3,12 @@ Date: 2025-08-12 20:00
 Modified: 2025-08-14 20:00
 Category: Politics, Tech, AI
 Tags: politics, tech, Ai
-Slug: gpt-oss-eee
+Slug: social-media-ban-fail
 Authors: Andrew Ridgway
 Summary: GPT OSS is here from Open AI, the first open weight model from them since GPT-2. My question is... why now?
 
 # Human Introduction
 This has been a tough one for the publishing house to get right. I've had it generate 3 different drafts and this is still the result of quite the edit. Today's blog was written by:
-
 1. Gemma:27b - Editor
 2. GPT-OSS - Journalist
 3. Qwen3:14b - Journalist
@@ -54,7 +53,7 @@ Now, I’m not accusing OpenAI of anything here—just pointing out that they’
 
 * OpenAI has dominated the consumer AI market with their **ChatGPT** and other tools.
 * They’ve been losing ground in the developer market, where models like [Gemini](https://deepmind.google/models/gemini/pro/) and particularly [Claude (Anthropic)](https://claude.ai/) are gaining traction in the proprietary space.
-* Now they’re releasing open weight models that promise to compete at GPT-4 levels to try and bring in the Deepseek and Qwen crowd.
+* Now they’re releasing open-source models that promise to compete at GPT-4 levels to try and bring in the Deepseek and Qwen crowd.
 
 The timing feels a bit too convenient. OpenAI is essentially saying: “We get it. You want local, affordable, and flexible AI? We’ve got you covered.” But will this be enough to win back the developer community? Or are they just delaying the inevitable?