Using ssh-keygen from WSL to generate an SSH key

SSH keys are useful to enable access to networked resources.  

The command ssh-keygen (the OpenSSH authentication key utilit) can be used to generate keys.

Example usage:  ssh-keygen -t ed25519 -C "myemail@mydomain.com".  

The -t option signifies type, and ed25519 refers to the algorithm based on Elliptic Curve Cryptography using an Edwards curve (the recommended default - it competes with RSA which is needed for compatibility with older systems). The -C flag provides a new comment. 

What gets generated is actually a pair of keys, a private key (stored locally) and a public key (stored on the server, but reference copy is typically stored locally too, in your .ssh directory).  It is an asymmetric authentication (not encryption) protocol.

info ssh-keygen will help you decode other command line options for generating keys.

The generated keys are stored in ~/.ssh.

Managed HSM as a secure key storage option in Azure

Managed HSM (Hardware Security Module) is when you need the highest level of key protection in Azure. 

FIPS 140-3 Level 3 hardware is utilised.  

These are stringent security requirements set by NIST. They include: physical security through hardened enclosure and tamper-evident seals and active tamper-detection. The tamper detection includes detection of physical intrusion, temperature and voltage anomalies.

Azure Key Vault

Azure Key Vault can store keys (e.g. API keys) securely which can then be retrieved by applications at runtime. Passwords and certificates can also be stored in the vault.

Objects in the vault are uniquely identified by a case-insensitive identifier called the object identifier. It has a prefix identifying the key vault, object type, user-provided object name, and object version. 

The key vault section starts with https://{vault-name}.vault.azure.net or https://{hsm-name}.managedhsm.azure.net, for Managed HSM Pools.

Object types are "keys", "secrets" or "certificates". 

Object name must be unique within the key vault. Only digits, letters and dashes are allowed in the object name. The object name must be between 1-127 characters. 

LiteLLM

LiteLLM lets you make calls into a variety of LLMs using OpenAI conventions. Think of it as a lightweight model router. LangChain is somewhat similar - but with a bunch of added stuff on agents and orchestration.

OpenAI's Advice on Key Safety

OpenAI has a set of recommendations on key safety. There are basically two types of keys: API keys and admin keys (to check usage limits, quotas etc.). Read more on those recommendations here, also summarised below.

The first recommendation (rule) is do not share API keys. API keys are unique to users, even if those users are on the same team.

The second recommendation is that the OpenAI API key should not be exposed in client-side environments like browsers or mobile apps, which could allow malicious users to make requests as you.

Excel Data Validation Rules

Where to find data validation rules in Excel's ribbon? 

Data -> Data Tools -> click on the drop-down with a green tick and a red no-entry sign, then select Data Validation.

You can choose to allow any values, or restrict values e.g. to a list.

Software as a Production Line

Think of software as a production line. You want to automate all parts of that production line. And there are lots of pieces to automate.  Continuous integration and continuous deployment are components of that, but there are other elements not covered by CICD which also need automation. Automate everything.

iex in PowerShell

iex in PowerShell is Invoke-Expression - a cmdlet that takes a string and executes it like a PowerShell expression.  It's often used to run code fetched from external sources.

How Claude Code Works

Read more here.

Claude Code is an agentic assistant running in your terminal. It is an "agentic harness" around Claude.

Programming Work and AI

Using AI for programming makes you realise (if you haven't already) how much of programming work is mechanical.  

AI then becomes a high-level design partner once that low-level development is conquered.

At an even higher level, AI is the business partner that helps you decide what to build.

irm in PowerShell

The irm command in PowerShell is an alias for the cmdlet Invoke-RestMethod. This is used to send HTTP and HTTPS commands to RESTful web services and retrieve the response. It is used to interact with APIs and download data from the web.

Claude Code

Learn about Claude Code here.  When you log in to Claude for the first time, it asks you to identify three areas of interest. This could range from coding, learning to business strategy.

The conditions Claude will ask you to approve will be to acknowledge:

• Service may impose rate limits or usage quotas
• Output accuracy is disclaimed
• Output may be refused if it violates safety policy

Various Python Text UI Options

We have covered Textual in an earlier post.  Some other frameworks to build text UIs in Python include:

• Curses - a wrapper around Unix ncurses
• Rich - rich text formatting in the terminal

Python Textual Framework

Textual is built by Textualise.io. Applications can be run in a terminal or web browser. Here is a tutorial.

Blogger API and OAuth2

Read more here.  The latest Blogger API is v3. OAuth2 ("Open Authorization") is a standard protocol replacing OAuth 1.0 in 2012.

JDK Switcheroo for "Xamarin"

Read more here on the move from Oracle's JDK to a more lightweight version intended solely for Android development.

Your version of Visual Studio is no longer supported or serviced

Visual Studio has to be constantly updated. This is for security fixes, quality updates and experimental features. Sometimes, stuff gets removed, too.

Character format issues in emacs

The command cat -v is very useful to show control characters in a file. For example, if you want to debug unusual speech marks (Unicode used instead of ASCII) this is one way to do it.

Replit versus GitHub Codespaces

Replit lets you build and run applications in the cloud, from within a web browser. GitHub Codespaces replicates VS Code in the cloud / kind of replicating a full dev setup in the cloud.

dataclasses in Python

Classes that hold data - cool, right? But boring to implement. Python dataclasses have the solution. But check too what Pydantic has to offer. They are described in PEP557.

What is Pydantic?

Pydantic is used in a number of Python frameworks and libraries - for example, it is used in Langchain extensively.

Pydantic is a widely used data validation library.  

It makes extensive use of the annotations feature in Python. It is worthwhile to understand them in the context of type hints.

Deployment Toolkit (MDT) Support Removed - Try Windows Autopilot

Microsoft has removed support for its legacy enterprise deployment toolkit known as MDT (Microsoft Deployment Toolkit). 

This means no more updates (including for future versions of Windows) or security patches. 

Microsoft have recommended Windows Autopilot for cloud based deployment, or Configuration Manager operating system deployment (OSD) for on-prem infrastructure requirements, as alternatives.

Autopilot can be used to deploy Windows PCs as well as Hololens 2.

Fans lament that MDT was free and did not force Azure cloud adoption.

What is SASE?

SASE is Secure Access Service Edge, which delivers networking and security through a cloud service.

Analytics Libraries Expect Regularised Data

This is a recurrent theme in quantitative computing. 

Analytics libraries expect clean, regularised data, e.g. time series with no missing values.  Real-life data often has gaps and idiosyncrasies - it needs to cleaned often (to create a golden source) but even then subsequently rejigged based on the consumer need. 

This is akin to the Adapter Design Pattern in programming. In the Adapter you adapt an "interface" to another "interface" - for example, an XML dataset is "adapted" into a JSON dataset for JSON consumers.

Statistical libraries in particular are particularly picky about datasets and consistency, particularly when comparing datasets and trying to find relationships or errors between actual and expected values.

What a DataFrame truly is in Python

A DataFrame is actually a pandas.core.frame.DataFrame.

The list() constructor in Python

The list constructor in Python is interesting because there are evidently more obvious ways to create lists, namely via square bracket notation.  However, using the constructor directly has a number of use cases.

Here are some syntactical examples of using the list constructor.

empty_list = list()

tuple_to_list = list( (1,2,3) )

string_to_list = list("constructor") # creates a list made of individual letters as elements

Testing Prediction Models - Out of Sample Testing

When testing a prediction model, it is a good idea to do "out of sample" testing. 

This involves testing a model or strategy on data that was not used during model building or training. It thus evaluates how well the model performs on new, unseen data.

Python Internal Modules - The Underscore Convention

After debugging Python for a while you will certainly see some files with leading underscores. 

This is a Python convention to indicate the file is not part of the public interface of the module.  An example could be _mixins.py for a mixins class (this is used in pandas for example).  

When doing a "from package import *" any file with an underscore is not imported, respecting this convention. 

Sometimes an underscore can also be used to prevent name collisions e.g. implementing some JSON helpers in _json.py to avoid conflict with another json.py (pandas has this file too).

Pat yourself on the back if you have debugged into an underscore-prefixed file - you have ventured into the hidden depths of a package's implementation details. Good Job!

Python Debugger Survival Skills

There are many times you will need to use the Python debugger to understand why something is not working (oftentimes in a third-party library).

pdb - invokes the debugger

n - moves to the next line (can press carriage return - same effect)

s - steps into the code

It will certainly help you explore and understand more about how the third-party libraries work.

ARIMA in Python: Endogenous versus Exogenous Variables

The ARIMA model in statsmodels is described here.

Its constructor has the following initial arguments: ARIMA( endog, exog=None, order=(0,0,0),....).

• endog - observed time series process, y
• exog - array of "exogenous regressors"
• order - (p, d, q) model for autoregressive, differences and moving average component

Exogeneous regressors are added to the ARIMA equation where external variables may have some forecasting power. For example, electricity demand could utilise temperature as an exogenous variable.

The (p, d, q) component specification can be said to be the true "spirit" of ARIMA.

ARIMA methods were created by George Box and Gwilym Jenkins and are hence sometimes called  Box-Jenkins methods.

SARIMA extends this to Seasonal Data, where seasonal differencing is used to create stationarity.

Claude Code

Claude Code is built for developers - try it.

You can run it from a terminal (formerly only WSL).

Due to prompt injection risks, do not use it on codebases you do not trust.