Show newer

[INFO] --- dependency-check:12.2.1:check (dependency-check) @ WeatherService ---
[INFO] Checking for updates
[INFO] NVD API has 361,137 records in this update
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=6000 : 2nd time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=6000 : 3rd time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=6000 : 4th time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=6000 : 5th time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=8000 : 2nd time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=8000 : 3rd time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=8000 : 4th time
[INFO] Downloaded 10,000/361,143 (3%)

In the meantime I am setting all my virtual desktops again because I have a dedicated virtual desktop for the metaverse client viewer, I have one for security monitoring of my system including VPN, I have one for emails and social media, then another one for studies like AI Engineering and MIT-OCW including running the Cursor IDE for the AI Engineering course, also another one for coding in Java on the coding exercise for the service, then another one for C coding.

Unfortunately I need to restart the CVE list local db updates because the technical interview a while ago wanted everything closed in my desktop for the screenshare 😅.

Starting from scratch again:

[INFO] --- dependency-check:12.2.1:check (dependency-check) @ WeatherService ---
[INFO] Checking for updates
[INFO] NVD API has 361,137 records in this update

👀

Finished my short gym workouts and we are still here:

[INFO] --- dependency-check:12.2.1:check (dependency-check) @ WeatherService ---
[INFO] Checking for updates
[INFO] NVD API has 361,116 records in this update
[INFO] Downloaded 10,000/361,116 (3%)
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=16000 : 2nd time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=16000 : 3rd time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=18000 : 2nd time
[INFO] Downloaded 20,000/361,116 (6%)
[INFO] Downloaded 30,000/361,117 (8%)
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=32000 : 2nd time
[INFO] Downloaded 40,000/361,117 (11%)
[INFO] Downloaded 50,000/361,121 (14%)

😒

[INFO] --- dependency-check:12.2.1:check (dependency-check) @ WeatherService ---
[INFO] Checking for updates
[INFO] NVD API has 361,116 records in this update
[INFO] Downloaded 10,000/361,116 (3%)
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=16000 : 2nd time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=16000 : 3rd time
[WARNING] Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=18000 : 2nd time
[INFO] Downloaded 20,000/361,116 (6%)

See how slow this is ? 👀

[INFO] --- dependency-check:12.2.1:check (dependency-check) @ WeatherService ---
[INFO] Checking for updates
[INFO] NVD API has 361,116 records in this update

😅

In the meantime I will leave my PC awake and let mvn verify run OWASP Dependency Check and get that massive 300K + CVE list updates from NIST which is painstakingly slow and stupid 😅

Hoping that there is no power outage this time so that update won't get interrupted. The latter means start from zero 💀

That bug was a false positive. Turns out the correct WebClientExpection subclass is actually handled from the WebClient and later on information is wrapped with IllegalStateException which is then thrown from the callers of the downstream providers to the Cache Service.

In this I went to do a release tag v1.0.0 so that snapshot of the release is already captured and I can proceed to add observability later on for another release.

In the meantime, I need to go to the gym for some workouts.

Another thing that changes engineers expenses or say incentives that is given to software engineers would be the expenses on AI, tokens baby 😆 while at the same time, subscription to web learning modules will decrease because while we engineers spend on AI these days which is critical, the learning can also be provided by LLMs so why spend for a technical course on line to learn when LLMs can teach you for free?

Decided to fix the cache stamped bug fix induced error that only catches a specific transport exception or maybe even a wrong one. I need to catch all the transport exception that a downstream API provider might throw.

On the other hand I realized, my modest subscription for Codex AI has cap hence it's always better to give a lot of the work to Jarvis so that when a cap reaches it only affects my ChatGPT usage in the web and not the Codex subscription one.

Also did a personal crash course on Python via Jarvis (I call ChatGPT Jarvis 😅) as provided in the AI Engineering course and covered half of it already.

I'd learn Python in no time.

OWASP Dependency Check pulling updates from NIST CVE listing database seems to get past 60% but then a schema limit exist in my local. Why would a dev limit a varchar to 1000 when an edge case can happen where the data for it is larger? 👀

Went to a higher version of OWASP Dependency Check and running the update again which is painstakingly slow even with an NVD API Key. Around 12 hours or maybe more and realized that the retries for the updates can happen a hundred thousand times which is crazy 😅

I started paying for subscription on OpenAI's Codex as I like the depth of it's thinking when it comes to coding. That means in Java I use Intellij with Codex as the AI assistant.

For C the IDE I am using VS Code with Github's Copilot as AI assistant.

For the AI Engineering course I am using Python with Jupyter lab on Cursor IDE with Anysphere's Composer AI assistant.

Retooling for AI Engineering so we don't get obsolete. Fighitng off the engineer's half-life problem.

Have not implemented observability but I'm thinking of tagging the current code base for release v1 and that the observability will come on a later version.

Also fixed the cache stamped bug. One more bug left regarding handling of transport exception as not all transport exception are handled.

Tried increasing the timeouts and the retries to a big big value and then went to update my local DB for the list of new CVE from NIST and although it's painstakingly slow, it does went past 25% of the total updates for download and now I am on 44% hoping it does not stop until completion.

Still doing the Spring Boot REST API exercise and I have added PMD, Checkstyle, Spotbugs, FindSecBugs, and OWASP Dependency Checker.

At the same time API keys for the downstream API providers can be set in the environment.

Only problem now because I have not created an NVD API key, the OWASP Dependency Checker is taking a long time to update so might as well leave for a 10km run and hope that once I came back, mvn verify is finished by then.

At rest today from workouts because Saturday I did a 10km run and because I have not run for quite sometime, cramps easily came to my calves.

Today im wrestling with failing maven build but due to Java 26 and PMD mismatch. The headache when using the most recent version. I will be downgrading JDK in my system to 17 because it is much stable.

Came back from gym workouts and did the heavy bag.

Also practiced a bit of the martial arts with my master.

So what happened to my plan on pursuing Private Military Contracting?

It turns out that the job market has oversold itself. The industry's demand for PMC and Security professionals are roughly 10% that of the Software Engineering. Not only that the demand relative to Software Engineering is miniscule, the industry filters who gets thru and they prefer special ops guys and not some bunch of regular infantry, how much more for someone coming straight from Civilian world without military background.

The training providers agenda is to make revenue from PMC and security trainings, they will exaggerate the opportunities. In my case where I took my PMC training, they leading our team on for the opportunity of employment but its been many months now and not a single one of us was taken. Later they posted recruitment but I am barred due to me not coming from US, UK, nor Europe.

The PMC from Turkiye who owns a training company warned me about this last year and I told him that I accept the risk for this. Indeed he is very much correct.

So all the trainings that I had in Explosive Ordnance Recon, firearms, PMC, EANx-Deep-Rescue, EFR + TCCC, Combat Course, Vehicle CQB, Intelligence Analysis, Counter-Surveillance, International Security and Risk Management is now just a hobby 😅

Still has not recovered from my long distance run decline but my pinky toe is now healed.

As usual, flood again in my area and I really detest the flood here because one time when it was the beginning of the rainy season but but summer has not closed yet, as the first flood came in due to the higher tides from the river, I saw a bunch of human and animal shit floating in the water in dense groupings coming from the west and that is I realized that the floods might be washing makeshift toilets from the communities near the fucking river.

So I decided to not do what I was doing since 2023 where I wade thru the flood and instead use my mountain bike. On the other hand, I have kept my new road bike or the racer cycling bike to keep it from the rain and not to immerse it on flood waters which is not only dirty but also salty hence it corrodes metal faster. The reason why my mountain bikes are corroded.

I been exhausted and busy reviewing a lot of my software engineering knowledge and skills for my job applications getting back to the engineering career.

I have not review front-end tools yet but mostly backend and observability tools including REST API, microservices, CI/CD, images, containers, design patterns, Java, and a lot more but I noticed I was very rusty in data structure and algorithms as there was an exam on DSU and it was not that complicated but I failed it, hence I went to review algorithms but then a second exam from another company came thru and I failed and that time it was bloody hard. Turns out I was not familiar with Palindrome related concepts such as optimal number of deletes to maintain Palindrome or LCS for Long Common Subsequence algorithm. Was asking myself why I didn't know about this LCS back in BSCS nor in MSCS and I detest that I was not familiar with LCS.

Last night I was looking into LCS implementation in Java and in C. This is the first time that I review algorithm coding not only Java but C.

I also seen examples of Industrial C compared to a typical C for classroom assignments. Not only I am not using Compiler only similar to college days but now I have my Makefile setup and so a lot of the command line becomes a one line execution of the make command. Also separated functionalities in header and c files. Extensive use of guard preprocessors for inclusion of header files, pointers, use of size_t, checks for parameter nullity and string emptiness, use of other header files apart from stdio.h, seen how to get string length without using the function strlen.

On the other hand while I am busy on reviewing my Software Engineering knowledge and skills which is vast now, I also went to enroll on an AI Engineering course from Udemy hence I am learning Python and Ollama on the sides with the use of Cursor IDE and Jupyter notebooks. Installed a lower parameter llama3.2 on my local and had run some example Python codes from Jupyter notebooks that connects to my local AI model. I tried llama3.2:1b for 1 billion parameters but it failed so as to not waste time I decided to pull llama3.2 but this is 3 billion parameters yet still run son my local hence I was able to run the Python codes connecting to my local llama3.2 successfully.

I promised myself to take a break from this exhausting technical review and today I should be at the gym doing and later doing my long distance run of 21km but LSD.

Did a run today and though the pain has subsided for my pinky toe, there is still sharp pain when pressure is applied to the tip.

So I have to change my running gait and because of the injury on the pinky toe, I used heel landing but quickly rolling the feet to distribute the landing pressure and not concentrate on the knee.

Only 10km for now. Slowly will increase this week until I am back on 21km runs.

Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.