It’s been three months since my last blog post and, honestly, it’s been one of the busiest quarters I can remember. So grab a coffee (or something stronger. I won’t judge), and let me catch you up.
The Big One: Contractor No More
After nearly a decade of contracting through Cloud Cauldron Limited: navigating IR35 reforms, riding out quiet markets, and maintaining the carefully cultivated fiction that I was “my own boss” whilst actually having eleventy-seven bosses, I did something I genuinely didn’t think I’d do again.
On the 1st of April 2026 (yes, April Fool’s Day, the irony isn’t lost on me), I became a permanent employee at Indicium AI.
For those not following the saga: I’d been contracting with Mesh-AI for a while, and placed on a few data and AI platform engagements. Mesh-AI merged with Indicium to become Indicium AI, and somewhere during that process I make a choice. Keep contracting: the freedom, the flexibility, the ludicrous day rate, the ability to say “that’s out of scope” without flinching, or, put down roots somewhere that actually deserved it.
I chose roots. A feral cat agreeing to be an indoor cat, if you will. Cloud Cauldron Limited will sit dormant in the background, but my day job now comes with a P45, a pension, and the existential terror of having made a commitment. I’m navigating the joys of salary sacrifice strategies, pension optimisation, and trying to understand why the personal allowance taper exists as anything other than a punishment for the crime of earning slightly too much. Welcome to permanent employment, I suppose.
The background client engagement continues: Azure, Databricks, Unity Catalog, and all the data platform architecture and MLOps that entails. Same work, different payslip.
New Shiny: MacBook Pro M5 Max
Apple released the 16-inch M5 Max MacBook Pro in early March and I pounced in the first 5 minutes it went on sale. It’s an absolute beast of a machine and I used the opportunity to do what every engineer should do every five years: start completely fresh.
No Migration Assistant. No copying over half a decade of accumulated cruft. Just a clean install and the discipline to only put back what I actually need.
Turns out, brew bundle dump on my old machine revealed 128 Homebrew formulae, 11 casks, 51 VS Code extensions, and 5 taps. For context, a lean but fully-loaded DevOps setup probably needs about 30-40 brews. Five years of “I’ll just install this quickly to try it” adds up, apparently.
The rebuild has been therapeutic. Every tool earns its place. Every dotfile gets reviewed before it goes in. I even set up iTerm2 from scratch rather than importing my old config, which felt like spring cleaning for my soul.
I’ve also been exploring Ollama for local LLM inference on the new hardware. The M5 Max’s unified memory architecture makes it surprisingly capable for running models locally. There’s something satisfying about having a conversation with a language model that never leaves your machine.
The Druid Network: An Eight-Year Upgrade
Speaking of things that needed attention. The Druid Network’s members-only community site was still running ELGG 1.12.17. That version was released in September 2017. The current stable version is 6.3.4.
So I spent several late nights upgrading across five major version boundaries, roughly 130 individual releases, and about eight and a half years of development. The upgrade path went: 1.12.17 → 2.3.17 → 3.3.26 → 6.3.3, each step bringing its own special flavour of “why doesn’t this plugin work anymore” and “where did the .htaccess rules go.”
The worst moment was discovering that the 1.12-era .htaccess was routing cache requests to a PHP handler that no longer existed in the Composer-based 2.3 layout. The best moment was when the admin dashboard finally loaded on 6.3.4 and everything just… worked. The new “Social Dot” at The Druid Network is now running on modern PHP, with modern security, and I can stop having anxiety dreams about someone finding an exploit in software from the Theresa May era.
Docker Compose was the hero here. Being able to spin up isolated environments for each version step, with real-time debugging and juggling multiple versions of PHP, MariaDB and ELGG saved me from the kind of upgrade-in-production mistake that gives platform engineers nightmares.
Home Network Rebuild
A reminder that I keep a kit list in my /Uses page.
Because apparently I can’t leave anything alone, I also redesigned my home network. The topology is now:
- DrayTek Vigor 2862 handling the VDSL2 connection to Sky.
- TP-Link Archer BE550 running in AP mode for WiFi 7.
- Raspberry Pi running Pi-hole and Unbound for DNS.
That’s all tied together with a 2.4 GHz networking and a 10 GHz Fiber / POE++ / Network Trunk Switch. Gross overkill for my living room perhaps but here we are.
The Pi setup has been an exercise in “how paranoid do you want to be about power failures?” I’ve gone with the OverlayFS approach via raspi-config. The root filesystem is read-only with a RAM overlay, so if the power goes out (or someone trips over the cable, which has happened more than once), the OS is untouched. Pi-hole’s gravity database just rebuilds on boot.
The Unbound recursive resolver is my favourite bit. Instead of forwarding DNS queries to Cloudflare or Google and trusting their privacy policies, Unbound does the full recursive resolution itself. Root servers, TLD servers, authoritative nameservers. No single entity sees my complete query history. For a privacy-conscious techie who doesn’t trust large corporations as far as he can throw them, it’s a sound tactic.
The Pi-hole setup is technically still pending final tweaks, but the bones are solid and the ads are blocked. That’s the main thing that matters.
Next up: I need to get the Raspberry Pi cluster back online. It died a death from the dreaded loss of power corrupting the disks too.
Vaultwarden: Self-Hosted Secrets
I finally ditched 1Password in favour of Vaultwarden: the community-maintained, lightweight implementation of the Bitwarden API. It’s running at vault.cloudcauldron.io behind nginx, in a Docker Compose stack, with Let’s Encrypt handling the TLS. The whole thing took about an hour to set up, and the Bitwarden browser extension works with it seamlessly.
Self-hosting your password manager feels right. My secrets live on my infrastructure, encrypted at rest, accessible only to me. No subscription fees, no trusting a third-party service with the keys to my digital life. Just a Docker container, a reverse proxy, and the satisfaction of owning your own security.
The Book
The book, provisionally titled “DevOps and Platform Engineering Mastery” and targeting senior-to-principal engineers, continues to grow. It was at about 480ish pages last time I checked, and I’m working on copy-editing chapters 3 to 14, adding code examples, diagrams, war stories, and the kind of opinionated commentary that comes from thirty years of watching things go wrong in interesting ways.
Target release date: Midsummer’s Day. Yes, the summer solstice. It felt appropriate for a Druid author. Litha 2026 it is.
I’ll write more about the book as the release gets closer. For now, it’s head down, LaTeX up, and trying to make TikZ diagrams do what I want rather than what they think I want.
Health
Because people my age like to moan about their health, let me just say, there was little to moan about this first quarter. I had a steroid injection into my hips - and - I was entirely healed. No problems walking. No abnormal amounts of pain for my age. All was well - even commuting into London on uncomfortable trains twice a week and using my massive rotovator at the allotment. That said, it’s wearing off very quickly so I need to figure out how to get another.
What’s Next
Q2 is looking like: finish the book, finalise the home setup with the lab, settle into the rhythms of permanent employment (still feels weird typing that), and maybe, just maybe, blog a bit more regularly. Three months of radio silence is too long. Even if it’s just week notes and the occasional rant at clouds.
Spring is here. The allotment is calling. And for the first time in nearly a decade, I don’t have to worry about where my next contract is coming from. That’s… actually quite nice.
Onwards. 🌿
As always, you can add my RSS feed to your reader of choice and if you made it this far thanks for reading!
Chris