DEV Community: Lars van der Niet

iCare: A free 20-20-20 eye-break reminder for iPhone and Apple Watch

Lars van der Niet — Wed, 25 Mar 2026 15:13:42 +0000

iCare: A free 20-20-20 eye-break reminder for iPhone and Apple Watch

I spend most of my day staring at a screen. That's not a complaint, it's just the job. But after long stretches of focused work I started noticing dry eyes, headaches, and that general foggy feeling by the end of the afternoon. The fix is stupidly simple: every 20 minutes, look at something 20 feet away for 20 seconds. It's called the 20-20-20 rule and optometrists have been recommending it for years.

The problem isn't knowing about the rule. It's actually remembering to do it when you're deep in a problem.

Every existing app wanted my money or my patience

I tried a handful of 20-20-20 apps on the App Store. Some were fine but charged a subscription for what is essentially a repeating timer. Others were bloated with gamification, streaks, wellness dashboards, and meditation upsells bolted onto what should be a 20-second break. A few were genuinely abandoned, crashing on launch or stuck on an iOS version from two years ago.

None of the ones I found supported Apple Watch. That was the real dealbreaker. If I'm deep in code and my phone is on silent across the room, a notification I never see doesn't help. A gentle tap on my wrist actually gets my attention without breaking flow.

So I built one.

What it does

iCare does exactly one thing: remind you to take eye breaks on a schedule, then count you through them.

The home screen shows a circular timer counting down to your next break. When it fires, you get a notification with three options: start the break, snooze it, or skip it entirely. Tapping "start" opens a 20-second countdown that tells you to look at something in the distance. That's the whole interaction.

Beyond that:

Configurable interval from 15 to 45 minutes, so you can tune it to how you work
Adjustable break duration between 10 and 30 seconds
Schedule controls with active hours and weekdays-only mode, so it stays quiet evenings and weekends
Pause, snooze, skip so you're always in control without disabling the whole thing
Today's history showing completed and skipped breaks at a glance

Apple Watch is what makes it actually useful

The Watch companion was the main reason I built this instead of just setting a recurring timer. Reminders arrive as a haptic tap on your wrist, subtle enough that it doesn't interrupt a meeting or a conversation, but noticeable enough that you won't miss it.

You can start the countdown directly from the Watch notification. The phone and Watch stay in sync through WatchConnectivity, so starting a break on one device reflects on the other. Settings sync too, so you configure once and both devices stay aligned.

How it's built

iCare is a native SwiftUI app targeting iOS 17 and watchOS 10. I wanted it lean, so there are zero third-party Swift packages. Everything is built on Apple frameworks only.

The architecture is straightforward:

AppState is the central observable model that owns scheduling, break state, notifications, and Watch sync
ReminderEngine handles the interval math: next fire dates, active hours, weekday filtering, snooze logic
NotificationCoordinator manages UserNotifications with actionable categories (Start, Snooze, Skip)
WatchSyncManager bridges iPhone and Watch state via WatchConnectivity
SettingsStore persists preferences in UserDefaults through a shared App Group so both targets read the same data

There's also a Focus filter integration using App Intents. You can override reminder behavior per Focus mode, so your "Do Not Disturb" or "Sleep" focus can automatically pause reminders without you touching anything.

iCare/                 iPhone app (SwiftUI)
  App/                 Entry point and root navigation
  Features/            Home, Countdown, History, Settings, Onboarding
  Intents/             Focus filter (SetFocusFilterIntent)

iCareWatch/            watchOS app
  App/                 Entry point
  Features/            Home, Countdown, Notification scene

Shared/                Code shared between iPhone and Watch
  Models/              AppState, settings, break records
  Services/            ReminderEngine, NotificationCoordinator, WatchSyncManager
  DesignSystem/        Colors, typography, shared UI components

The project uses XcodeGen for project generation and Fastlane with GitHub Actions for CI/CD. Pushing a version tag triggers the full pipeline: code signing via Match, building via Gym, and uploading to App Store Connect.

Lessons learned

WatchConnectivity is more finicky than the documentation suggests. The Watch and phone don't always have an active session at the same time, and transferUserInfo queues messages that can arrive out of order or much later than expected. I ended up using sendMessage for real-time commands (like "start break now") and updateApplicationContext for settings sync, which overwrites rather than queues. Getting that split right took some trial and error.

Local notifications on iOS also have limits I didn't expect. You can only schedule 64 pending notifications at a time, which sounds like a lot until you realize a 20-minute interval across an 8-hour workday burns through 24 per day. The engine pre-schedules a rolling window and refreshes whenever the app comes to the foreground.

No accounts, no tracking, no subscription

iCare collects nothing. There's no analytics SDK, no backend, no account creation. Your settings and break history live in UserDefaults on your device and sync to your Watch through Apple's encrypted WatchConnectivity protocol. The privacy policy is short because there's nothing to disclose.

Charging a subscription for a timer that runs locally on your phone feels wrong. iCare is free.

View on GitHub

GPT-5.4 dropped. The hype isn't fully justified, but the shift is real

Lars van der Niet — Fri, 06 Mar 2026 11:36:28 +0000

GPT-5.4 dropped. The hype isn't fully justified, but the shift is real

GPT-5.4 came out on March 5, 2026, and within hours my feed was full of people calling it a breakthrough.

I'm a bit more skeptical.

The model is better, no doubt. But if you've been paying attention to the last few releases, you'll notice a pattern: the raw logical reasoning doesn't feel dramatically smarter with each version. What does improve (and what I think people are actually responding to without realizing it) is how much better these models get at understanding what you're asking for. The conversational layer, the intent parsing, the way it doesn't misread your prompt anymore.

That's useful. But it's not the same as becoming more intelligent.

What actually changed in GPT-5.4

OpenAI is marketing this one around reasoning and coding improvements. There are also "Thinking" and "Pro" variants for deeper analysis and enterprise workloads.

The context window is the thing that's actually interesting to me. Reports suggest it's pushing toward one million tokens, which means you can feed it:

An entire codebase
A long chain of log files
Months of documentation

...and ask questions about all of it in one shot.

Full-repo code assistant
├── Ingest entire codebase
├── Understand cross-file dependencies
├── Suggest refactors across modules
└── Answer questions with full context

That's not a gimmick. For developers building AI tooling, larger context genuinely unlocks things that weren't feasible before.

The agentic workflow improvements are also worth noting. GPT-5.4 is designed to work inside systems that take actions autonomously, not just answer questions. But again, I'd temper expectations here. Better at following multi-step instructions is not the same as actually reasoning through hard problems differently.

My honest take on the plateau

I keep seeing people benchmarking these models on math olympiad problems or logic puzzles to prove they're getting smarter. And yes, the scores go up. But when I actually use them day-to-day for real engineering problems, like debugging something subtle, thinking through a design tradeoff, or understanding why a system behaves a certain way, it still falls apart in familiar ways.

What has noticeably improved across GPT-4, 4.5, and now 5.x is how rarely the model misunderstands your intent. Earlier versions would latch onto the wrong part of your prompt. That happens much less now. The model is better at being a good conversation partner.

That's a real improvement. I just don't want to confuse it with the model becoming fundamentally better at reasoning.

The thing that does matter for developers

Even if the intelligence plateau is real, the broader shift it's part of is not something to dismiss.

AI is becoming infrastructure. Not in a hype way, more like the same boring, practical way that databases and message queues became infrastructure. Something you design around, not something you bolt on.

Applications are increasingly built with an explicit AI layer:

┌─────────────┐
│   Frontend  │
├─────────────┤
│   Backend   │
├─────────────┤
│  Database   │
├─────────────┤
│   AI Layer  │  ← this is just part of the stack now
└─────────────┘

And the patterns that sit in that layer are maturing fast, regardless of which model you plug in.

Patterns worth actually learning

If you're going to invest time in this space, focus on the patterns that don't change every time OpenAI ships a new model.

RAG (Retrieval-Augmented Generation)

The idea is simple: instead of relying on what the model memorized during training, you pull in relevant data at query time and hand it to the model as context.

User query
   ↓
Embed query as vector
   ↓
Search vector database
   ↓
Retrieve relevant documents
   ↓
Pass context + query to model
   ↓
AI generates grounded answer

This pattern works with GPT-4, GPT-5.4, Claude, Gemini. The model is almost interchangeable. Getting the retrieval right is the hard part.

Agents

An agent is just a model that can call tools in a loop until it completes a task. The workflow looks something like this:

User request
     ↓
AI plans tasks
     ↓
Calls tools (search, code exec, APIs)
     ↓
Writes code
     ↓
Tests code
     ↓
Returns result

Whether GPT-5.4 is smarter or not, more reliable intent parsing means agents fail less silently. The model is less likely to misinterpret what tool to call or when to stop. That's where the conversational improvements actually translate into something concrete.

Plugging AI into real pipelines

The most underrated use of these models is as a processing step inside existing infrastructure. Log triage is a good example:

const result = await openai.chat.completions.create({
  model: "gpt-5.4",
  messages: [
    {
      role: "system",
      content:
        "You are an on-call engineer. Classify this log entry and suggest a root cause.",
    },
    {
      role: "user",
      content: logEntry,
    },
  ],
});

Data classification, document tagging, summarization. That's where I think AI earns its place in the stack right now. It's not glamorous but it works, and the bar for "good enough" is low enough that even a less-than-perfect model handles it fine.

So should you care about GPT-5.4 specifically?

Honestly, probably not that much.

If you're already building with GPT-4 or similar, the upgrade path is real and the context window improvements are worth testing. But the breakthrough framing in the press and on social media feels overcooked.

The more interesting question isn't "how smart is this model" but "how is AI changing what I have to build and how I build it." That question has a clear answer: AI is becoming a standard layer in software architecture, and the patterns around it are worth investing in now regardless of which model sits underneath.

The intelligence plateau might be real. The infrastructure shift definitely is.

Developing YoungPWR: Overcoming technical challenges for youth empowerment

Lars van der Niet — Fri, 06 Mar 2026 10:52:04 +0000

This is YoungPWR: A platform for youth empowerment

YoungPWR helps you gain more power, happiness, and success. YoungPWR is your coach and provides you with the network you need to be more powerful and happy to be successful and earn just that little bit more. YoungPWR helps you by sharing knowledge through workshops, podcasts, blogs, and social media. And you will find fun work in the area: gigs (clients), a part-time job, internship, or volunteer work. Completely free with a YoungPWR account.

My role as a developer

As a developer passionate about impactful solutions, I had the opportunity to develop YoungPWR, a dynamic platform aimed at empowering youth. In this blog post, I will share my journey, the technical challenges I faced, and the solutions I implemented to bring YoungPWR to life. The project was initially started by a group of young web developers that loved the idea of YoungPWR. After some time they did not have the time to continue the project and I took over the project. Almost everything had to be rewritten, because the code was not up to date anymore.

Project overview

Understanding YoungPWR's mission and vision

YoungPWR is dedicated to empowering youth by providing them with the resources they need to succeed. The platform offers a variety of features, including workshops, podcasts, blogs, and job opportunities, all aimed at helping young people achieve their goals and find success.

Key features of YoungPWR: Workshops, Podcasts, Blogs, and Job Opportunities

The platform is designed to be a comprehensive resource for youth. Key features include:

Workshops: Educational sessions on various topics to enhance skills and knowledge.
Podcasts: Inspirational and informative podcasts featuring experts and successful individuals.
Blogs: Articles and posts covering a wide range of topics relevant to young people.
Job Opportunities: Listings for gigs, part-time jobs, internships, and volunteer work in the local area.

The role of technology in YoungPWR's success

Technology plays a crucial role in delivering the features and functionalities of YoungPWR. The platform leverages modern technologies to ensure a seamless and engaging user experience, enabling youth to access the resources they need easily and efficiently.

Choosing the tech stack

Why Next.js for the frontend?

For the frontend of YoungPWR, we chose Next.js due to its powerful features and capabilities. Next.js offers server-side rendering (SSR), which improves performance and SEO, making it an ideal choice for our platform. Additionally, Next.js provides a great developer experience with features like automatic code splitting, static site generation, and a robust routing system.

Styling with Styled-Components

To style the frontend, we opted for Styled-Components, a CSS-in-JS library. Styled-Components allow us to write CSS directly within our JavaScript, enabling scoped styles and easier component-based styling. This approach enhances maintainability and reusability of styles across the platform.

Backend with Strapi: Flexibility and customization

For the backend, we selected Strapi, an open-source headless CMS. Strapi offers great flexibility and customization options, allowing us to create and manage content efficiently. It supports REST and GraphQL APIs, making it easy to integrate with our Next.js frontend. Moreover, Strapi's plugin ecosystem extends its functionality, enabling us to add features as needed.

Setting up the infrastructure

Hosting on DigitalOcean: Droplets and databases

We chose DigitalOcean for hosting due to its reliability and cost-effectiveness. DigitalOcean Droplets provide scalable virtual private servers, which are perfect for our needs. We set up an Ubuntu droplet to host the Strapi CMS and a PostgreSQL database for data management. This setup ensures a robust and scalable infrastructure for YoungPWR.

Configuring PostgreSQL for data management

PostgreSQL is a powerful, open-source relational database system. We chose PostgreSQL for its performance, scalability, and extensive feature set. Setting up PostgreSQL on DigitalOcean was straightforward, and it provides the reliability and efficiency needed to handle our data management tasks.

Deploying Strapi on an Ubuntu droplet

Deploying Strapi on an Ubuntu droplet involved several steps. First, we installed the necessary dependencies, including Node.js and NPM. Next, we set up Strapi, configured the connection to our PostgreSQL database, and deployed the CMS. This setup allows us to manage content seamlessly and ensures a stable backend for YoungPWR.

Ensuring Performance and Security

Implementing NGINX for load balancing and security

To enhance the performance and security of our platform, we implemented NGINX. NGINX acts as a reverse proxy and load balancer, distributing incoming traffic across multiple servers. This setup improves performance by balancing the load and ensures security by acting as an additional layer between users and our backend servers.

Enhancing speed and security with Cloudflare

Cloudflare provides a range of services that enhance the speed and security of YoungPWR. By using Cloudflare's CDN, we ensure fast content delivery to users around the globe. Additionally, Cloudflare's security features protect our platform from DDoS attacks and other threats, providing an extra layer of protection.

Deploying the Next.js Application on Vercel

For the frontend, we chose to deploy our Next.js application on Vercel. Vercel offers seamless integration with Next.js and provides automatic deployments, making it an excellent choice for our platform. Vercel's serverless architecture ensures scalability and high performance, allowing us to deliver a fast and responsive user experience.

Overcoming technical challenges

Challenge 1: Integrating Strapi with Next.js

One of the main challenges we faced was integrating Strapi with our Next.js frontend. Strapi provides a robust API, but ensuring smooth communication between the frontend and backend required careful planning and execution. We utilized Strapi's REST and GraphQL APIs to fetch data and dynamically render content on the frontend. Implementing efficient data fetching strategies and handling API responses were key to overcoming this challenge.

Challenge 2: Database configuration and management

Configuring and managing the PostgreSQL database presented another set of challenges. Ensuring data integrity, optimizing queries, and managing migrations were critical tasks. We implemented robust database management practices, including regular backups, performance monitoring, and query optimization, to ensure the database performed efficiently and reliably.

Challenge 3: Ensuring seamless User Experience (UX)

Providing a seamless user experience was very important for YoungPWR. This involved optimizing page load times, ensuring responsive design, and creating an intuitive user interface. We leveraged Next.js's server-side rendering and static site generation capabilities to enhance performance. Additionally, we conducted extensive user testing and feedback sessions to refine the user experience and address any usability issues.

Future features and enhancements for YoungPWR

Looking ahead, we have several exciting plans for YoungPWR. Future features include enhanced personalization, a matching platform, AI-driven recommendations, and expanded content offerings. We also plan to integrate more social features, allowing users to connect and collaborate more effectively. The goal is to continuously evolve YoungPWR to provide even more value to the users.

Conclusion

Reflecting on the development journey

Developing YoungPWR has been a rewarding journey filled with challenges and learning experiences. From choosing the right tech stack to overcoming technical hurdles, each step has contributed to creating a robust and impactful platform. The dedication and hard work invested in this project have paid off, resulting in a platform that empowers youth and helps them achieve their goals.

The impact of YoungPWR on youth empowerment

YoungPWR has already made a significant impact on youth empowerment by providing valuable resources and opportunities. The platform's workshops, podcasts, blogs, and job listings have helped many young people gain skills, knowledge, and connections. As we continue to grow and improve, we aim to reach even more youth and make a positive difference in their lives.

Final thoughts and acknowledgments

In conclusion, the development of YoungPWR has been a great example of the power of technology in driving positive change. I loved working on this project and am proud of what we have accomplished.

WBW: A Telegram bot that watches web pages for you

Lars van der Niet — Fri, 06 Mar 2026 10:51:29 +0000

WBW: A Telegram bot that watches web pages for you

Some pages don't have notifications. Stock levels, ticket availability, appointment slots — you just have to keep refreshing and hope you catch it. WBW automates that by monitoring a page's content via CSS selectors and sending you a Telegram message the moment the text changes or an element disappears.

How it works

You start a conversation with the bot, send it a URL and one or more CSS selectors, and it begins polling every 60 seconds. When the selected element's text changes, you get a message. When your 12-hour session ends, it tells you that too.

The monitoring loop runs in two modes depending on the target page:

Fast mode — fetches static HTML with Cloudflare bypass via cloudscraper. Lightweight and quick.
JavaScript mode — spins up a headless Chrome instance via Zendriver for pages that load their content dynamically. Slower, but handles anything a real browser can.

You set the mode upfront with an environment variable. If a site requires JavaScript execution to render the element you're watching, you enable it globally.

Implementation

The bot is built with Python and runs as a single Docker container. FastAPI serves a health check endpoint on port 8080, and the bot polling loop runs concurrently in the same event loop using asyncio — no threading, no separate processes.

Sessions are stored in a SQLite database persisted via a Docker volume, so the bot survives restarts without losing active monitors. Up to 5 users can monitor simultaneously; sessions expire automatically after 12 hours.

The retry logic handles flaky pages gracefully — if an element goes missing, the monitor retries up to three times before notifying you, avoiding false alerts for temporary page states or transient load failures. Network errors get exponential backoff before the bot gives up and reports the issue.

Running it

The whole setup is a single docker-compose up:

# .env
TELEGRAM_BOT_TOKEN=your_token_here
USE_JAVASCRIPT=true  # or false for static-only mode

docker-compose up --build

No other dependencies. The Dockerfile handles Chrome installation for JavaScript mode.

View on GitHub

S3X Explorer: A VS Code extension for S3-compatible storage

Lars van der Niet — Fri, 06 Mar 2026 10:50:53 +0000

S3X Explorer: A VS Code extension for S3-compatible storage

If you work with object storage regularly, switching between your editor and a web console to manage files gets old quickly. S3X Explorer brings the file management directly into VS Code — browse buckets, open and edit objects inline, upload and download files, all without leaving the editor.

Why I built it

I use Cloudflare R2 as my primary object storage. It's S3-compatible and cost-effective, but the dashboard is slow for quick operations. I wanted something that felt like a local file explorer — tree navigation, click to open, save to sync — but backed by an S3 API. The existing VS Code extensions I tried either didn't support R2's path-style URL requirement or were abandoned. So I built one.

Features

The extension integrates into the VS Code Activity Bar as a tree view that mirrors your bucket structure. From there you can:

Browse buckets and folders with pagination for large buckets
Open objects directly in the VS Code editor — text files open as editable buffers that sync back on save
Upload files via right-click or drag and drop, with multipart handling for files over 100MB
Download, rename, copy, move, delete — the full set of CRUD operations via context menus
Bulk operations — multi-select with Ctrl/Cmd+click for batch delete, copy, or move
Generate presigned URLs with configurable expiry (15 minutes to 7 days), copied straight to clipboard
Search objects by prefix (server-side) or content (client-side)
View object metadata — size, content type, storage class, custom headers

Cloudflare R2 support

R2 requires path-style URLs and works with any region identifier. The extension handles this out of the box with a forcePathStyle setting. Configuring it takes about 30 seconds:

{
  "s3x.endpointUrl": "https://<account-id>.auto.r2.cloudflarestorage.com",
  "s3x.accessKeyId": "your-access-key-id",
  "s3x.secretAccessKey": "your-secret-access-key",
  "s3x.forcePathStyle": true,
  "s3x.region": "us-east-1"
}

The same configuration works for AWS S3, MinIO, and other S3-compatible services — just swap the endpoint URL.

How it's built

The extension is written in TypeScript and structured around VS Code's extension APIs:

TreeDataProvider — drives the bucket/folder/object tree view
FileSystemProvider — registers a custom s3x:// URI scheme so VS Code can open and save S3 objects like local files
S3 client layer — wraps the AWS SDK with caching, retry logic, and rate limiting

The inline editing flow works by mounting a virtual filesystem. When you click an object, VS Code opens it via the s3x:// provider, which fetches the content from S3. On save, the provider pushes the updated content back. To the user it feels identical to editing a local file.

Published to two marketplaces

The extension is available on both the VS Code Marketplace and Open VSX (for VS Code-compatible editors like VSCodium). Releases are automated via GitHub Actions — a single workflow publishes to both on every tagged release.

View on GitHub

Queens: Building a constraint-satisfaction puzzle game

Lars van der Niet — Fri, 06 Mar 2026 10:50:17 +0000

Queens: Building a constraint-satisfaction puzzle game

The N-Queens problem is a classic: place N queens on an N×N chessboard so no two attack each other. Queens is a variation — instead of chess attack rules, the constraint is simpler and more visual. Crowns can't touch at all, not even diagonally, and the board is divided into colored regions that each need exactly one crown. The result is a puzzle that's easy to understand but requires genuine logical deduction to solve.

The rules

Place exactly one crown in each row, column, and color region
No two crowns can touch, including diagonally
Tap once to mark a cell as impossible (×), tap again to place a crown

That's the whole game. The complexity comes from the interaction between the region constraint and the no-touching rule — eliminating one cell can cascade through the board.

The interesting part: puzzle generation

Playing the game was the easy part. The hard part was building a generator that consistently produces puzzles that are:

Uniquely solvable — exactly one valid placement of crowns exists
Logically deducible — no guessing required, every step follows from what's already known
Visually varied — different layouts between puzzles, no two feeling the same

The generator follows a five-step pipeline:

Generate a valid N-Queens solution with the no-adjacency constraint applied
Grow colored regions around each queen's position using varied growth strategies (horizontal, vertical, circular)
Validate the region layout — no mono-color rows or columns, no region dominating more than 40% of the board, all regions orthogonally connected
Generate initial clues (pre-placed crowns and crosses) that give logical starting points
Verify uniqueness with a backtracking solver and confirm the DeductionEngine can solve it without guessing

If any step fails, the generator retries — up to 100 times — rather than relaxing constraints. The result passes a 49-test validation suite with a 90%+ success rate across grid sizes from 4×4 to 7×7.

The DeductionEngine

The solver is what made the "logically deducible" requirement non-trivial. It implements the same reasoning a human player would use:

If a row has only one cell left in a region, a crown must go there
If placing a crown in a cell would leave another region with no valid cells, it can be eliminated
If all remaining valid cells in a region share a row or column, that row or column can be cleared for all other regions

Puzzles are only accepted if the engine can solve them from start to finish using these rules, with no backtracking or guessing.

Tech stack

Built with Next.js and TypeScript. The game state, puzzle generation, and deduction logic all live in src/game/ as pure TypeScript classes — no framework dependencies — making them straightforward to test independently from the UI. The test suite covers all generator requirements and the deduction rules.

View on GitHub

Send passwords, the safe way

Lars van der Niet — Fri, 06 Mar 2026 10:49:42 +0000

Paswords, the safe way to share passwords

Paswords is a web-app that enables you to generate and share passwords with whomever you want. The main purpose is to securely share passwords with other people by using a one-time-link system. Simply fill in or generate the password you want to share, set a timer for when the link should be invalidated, and the link will be automatically generated. You can then share the link with anyone you want, and they will be able to see the password you have shared. Once the link is opened, it will be invalidated and can no longer be used. Try it now on paswords.link.

Moreover, what sets Paswords apart is that it is open-source. This means that the source code is freely accessible to everyone and can be reviewed, contributed to, and modified by the community. It provides transparency, which is essential for a tool focused on security and privacy. The open-source nature of Paswords also enables developers to learn from the code, build upon it, and further improve the platform. It also promotes collaboration and innovation, which is crucial for maintaining the highest security standards. So, while you are using Paswords, you are contributing to a growing community that is dedicated to the security of online data exchange.

Try it out on paswords.link.

How to set up a passbolt server on Google Cloud

Lars van der Niet — Fri, 06 Mar 2026 10:49:06 +0000

Setup Passbolt with Gmail SMTP on Google Cloud

This guide walks you through setting up a free, self-hosted Passbolt password manager on a Google Cloud VM using Gmail’s SMTP service (with your account mail@email.com). You will need:

A domain with DNS management.
A Google Cloud account.
A Gmail account with an App Password (if you use 2-Step Verification).

Part 1: Set Up Your Google Cloud VM & DNS

Create a Google Cloud Project & Enable Billing

Navigate to Google Cloud Console and create a new project.
Enable billing (a credit card is required, but free tier usage should result in a $0 invoice).

Enable the Compute Engine API

Search for "Compute Engine API" in the Cloud Console and enable it.

Create a VM Instance

Go to Compute Engine → VM instances and click CREATE INSTANCE.
Name your instance (e.g., passbolt), select the us-central1 region, and choose the e2-micro machine type.
Leave other settings at their defaults. Once created, note the VM's External IP.

Configure Your Domain’s DNS

Log into your domain registrar (e.g., GoDaddy, Namecheap) and add an A record for your subdomain (e.g., passbolt.yourdomain.com) pointing to your VM's External IP.

Set Up Firewall Rules
- In Google Cloud, navigate to VPC network → Firewall rules and create a rule to allow inbound HTTP and HTTPS traffic:
  - Name: passbolt-ingress
  - Targets: All instances (or use specific tags)
  - Source IP ranges: 0.0.0.0/0
  - Protocols/Ports: TCP: 80,443 > Note: Gmail SMTP on port 587 is used only for outbound mail, so no inbound rule is needed for it.

Part 2: Configure Gmail SMTP with Postfix

Passbolt sends emails (for registration, notifications, etc.) via SMTP. Since Google Cloud blocks port 25, we’ll configure Postfix to use Gmail's SMTP server on port 587.

Step 1: Generate an App Password for Gmail

Log in to your mail@email.com Gmail account.
If 2-Step Verification is enabled, generate an App Password in your Google Account security settings. Save this password for later use.

Step 2: SSH into Your VM & Switch to Root

sudo su -

Step 3: Install Postfix & Required Modules

apt update && apt -y install postfix libsasl2-modules

When prompted during Postfix’s configuration, choose Local only.

Step 4: Edit the Postfix Configuration

Open the Postfix configuration file:

nano /etc/postfix/main.cf

Add or replace the following lines (remove any SendGrid-specific settings if present):

# Use Gmail’s SMTP server on port 587
relayhost = [smtp.gmail.com]:587

# Enable SASL authentication
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

# Enable TLS encryption
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

# (Optional) Increase header size limit
header_size_limit = 4096000

Save and exit (press Ctrl+X, then Y, then Enter).

Step 5: Set Up the SASL Password File

Create or edit the file:

nano /etc/postfix/sasl_passwd

Add the following line, replacing YOUR_APP_PASSWORD with your Gmail App Password (ensure there are no spaces):

[smtp.gmail.com]:587 mail@email.com:YOUR_APP_PASSWORD

Save and exit.

Step 6: Secure & Apply the Password File

postmap /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
systemctl restart postfix

Step 7: Test the Email Setup (Optional)

Install mailutils to send a test email:

apt -y install mailutils
echo "Test email from Postfix using Gmail SMTP" | mail -s "Test Email" your_email@example.com

Check your inbox (or spam folder) to confirm receipt.

Part 3: Install Passbolt

Step 1: Generate UUIDs for Credentials

Generate three UUIDs to use as secure passwords:

uuidgen
uuidgen
uuidgen

First UUID: Database root password.
Second UUID: Passbolt admin database password (passboltadmin user).
Third UUID: IT administrator passphrase.

Step 2: Download and Verify the Passbolt Installer Script

curl -LO https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh
curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh || { echo "Bad checksum. Aborting"; rm -f passbolt-repo-setup.ce.sh; exit 1; }

Step 3: Install the Passbolt CE Server

sudo apt install passbolt-ce-server

Step 4: Follow the On-Screen Prompts

During installation, use the following guidelines:

Proceed with installation?
Type: Yes
Database Configuration:
- For the root database user, enter the first UUID as the password.
- For the Passbolt service user, use passboltadmin with the second UUID as its password.
- Set the database name to passboltdb.
Web Server (Nginx) Setup:
- Choose to install Nginx: Yes
- Use auto configuration.
- Enter your Passbolt subdomain (e.g., passbolt.yourdomain.com).
- Provide the email address that owns your Google Cloud project.
SMTP Options:
- Sender Name: e.g., Password Manager
- Sender Email: mail@email.com
- SMTP Host: smtp.gmail.com
- TLS: Yes
- Port: 587
- Authentication: Username and password
- Username: mail@email.com
- Password: Your Gmail App Password

Step 5: Fix File Permissions for JWT Files

sudo chown -Rf root:www-data /etc/passbolt/jwt/
sudo chmod 750 /etc/passbolt/jwt/
sudo chmod 640 /etc/passbolt/jwt/jwt.key
sudo chmod 640 /etc/passbolt/jwt/jwt.pem

Part 4: Configure Passbolt via the Web Interface

Access the Passbolt UI
Open your browser and navigate to your subdomain (e.g., https://passbolt.yourdomain.com). You should see the Passbolt welcome page.
Complete the Initial Setup:

Database Settings:
- Host: 127.0.0.1
- Port: 3306
- User: passboltadmin
- Password: Use the second UUID
- Database Name: passboltdb
OpenPGP Key Generation: Follow the prompts to generate your server’s OpenPGP key (set the server name as "passbolt" and use your associated email).
SMTP Settings: Confirm the following:
- Sender Name: e.g., Password Manager
- Sender Email: mail@email.com
- SMTP Host: smtp.gmail.com
- TLS: Enabled
- Port: 587
- Authentication: Username & password (Gmail credentials)

Test Email Functionality:
Use the Passbolt interface to send a test email. Check your inbox (or spam folder) to verify that the email is received.
Create the Administrator Account:
Create a new administrator account (e.g., "IT") using the third UUID as the passphrase. Follow any additional on-screen instructions.

Part 5: Final Steps & Verification

Verify Web Access:
Confirm that you can access Passbolt at your subdomain via HTTPS.
Test Sending Emails:
Use Passbolt’s built-in test email function to ensure Gmail SMTP is working correctly.
Review DNS & Firewall Settings:
Make sure your domain’s A record points to your VM’s IP and that ports 80 and 443 are open.
Secure Your Credentials:
Safely store your generated UUIDs and Gmail App Password, as these are critical for managing your Passbolt installation.

Lemonbike: Cycling with a purpose

Lars van der Niet — Fri, 06 Mar 2026 10:48:30 +0000

A fresh breeze in the Bollenstreek

I was assigned to make the website clear for both the computer, as well as the tablet and mobile phone. The UX/UI was created by a designer who was hired by Lemonbike to give the website a fresh look. I then converted this design into a web application that, among other things, supports multiple languages, displays all products that Lemonbike rents, is linked to the reservation and payment module, and answers the most frequently asked questions. The reservation and payment module has been efficiently set up together with an external company. It also supports multiple languages, and all reservations can be viewed on a computer in the branches themselves.

Lemonbike sets itself apart with its social mission. By renting out (and in some cases offering for free) special bicycles, people with physical and/or mental disabilities and their families can enjoy the Bollenstreek. Lemonbike branches can be found in Katwijk, Noordwijk, and Lisse.

Image Renamer: Bringing order to your photo library

Lars van der Niet — Fri, 06 Mar 2026 10:47:55 +0000

Image Renamer: Bringing order to your photo library

If you've ever transferred photos from a digital camera or phone, you've likely encountered files named something like IMG_0001.jpg — and then another batch starting at IMG_0001.jpg again after reformatting the card. Sorting through thousands of cryptically named files to find a specific photo is a frustrating experience. That's exactly the problem Image Renamer was built to solve.

The problem

Digital cameras reset their file numbering every time an SD card is formatted. After just a few trips, you can end up with dozens of files sharing the same name, scattered across different folders. Sorting by name becomes useless, and sorting by date only works if your file system preserved the original timestamps — which it often doesn't when copying between devices.

The actual creation date, however, is almost always preserved inside the file itself as EXIF metadata. Every modern camera embeds the exact date and time a photo was taken directly into the file. Image Renamer reads that data and uses it to give every file a meaningful, chronologically sortable name.

How it works

The core of the application is straightforward. For each image file in a folder, it:

Reads the DateTimeOriginal field from the file's EXIF metadata using Pillow
Falls back to the file's system creation timestamp if no EXIF data is present
Generates a new filename using a configurable strftime format (default: 2023-04-25_14-30-15.jpg)
Handles collisions by appending a counter suffix, so no files are ever silently overwritten
Optionally creates a backup of all original files before renaming

The result is a folder where every file has a unique, human-readable name that sorts perfectly in any file explorer.

Features

Supports JPG, JPEG, PNG, NEF, CR2, and ARW image formats
Optional video support (MP4, MOV, AVI, MKV, and more)
Customizable filename format using standard Python strftime codes
Backup mode to keep originals safe
Duplicate detection — skip or remove files taken at the exact same timestamp
Settings persistence, so your preferences are remembered between sessions

Two ways to use it

GUI

For anyone who prefers a visual interface, the app ships with a PyQt6-based GUI. You can select your folder, pick a date format from the presets or define your own, toggle backup and video options, and watch the rename operation complete in real time with a live log.

CLI

For scripting or bulk operations, the command-line interface covers all the same functionality:

# Basic usage
imagerenamer /path/to/photos

# With backup
imagerenamer /path/to/photos --backup

# Include video files
imagerenamer /path/to/photos --include-videos

# Custom filename format
imagerenamer /path/to/photos --format "%Y%m%d_%H%M%S"

# Remove duplicates instead of renaming with a suffix
imagerenamer /path/to/photos --remove-duplicates

Distribution

One of the goals was to make the tool accessible to non-technical users. The project uses GitHub Actions to automatically build platform-native executables on every release — a standalone .exe for Windows, a .app bundle for macOS, and a binary for Linux. No Python installation required. Anyone can download it and run it immediately.

For developers, it's also available on PyPI:

pip install modern-image-renamer

Lessons learned

Building cross-platform GUI applications in Python comes with some quirks. PyInstaller, which packages the app into standalone executables, often triggers false positives in antivirus software on Windows — a common frustration for developers distributing Python apps. The solution was to document the issue clearly and provide alternative installation paths for users who encounter it.

Setting up the CI/CD pipeline with GitHub Actions also taught me a lot about matrix builds — running the same build job in parallel on Windows, macOS, and Linux runners and producing platform-specific artifacts from a single workflow.

View on GitHub · Download latest release

A self-updating GitHub profile README

Lars van der Niet — Fri, 06 Mar 2026 10:47:19 +0000

A self-updating GitHub profile README

GitHub has a hidden feature: if you create a repository with the same name as your username, its README is displayed directly on your profile page. It's essentially a personal landing page, but in markdown. The catch is that it gets stale fast — every time you finish a new project, you have to remember to update it manually.

I didn't want to do that. So I automated it.

How it works

The portfolio website already exposes all my projects through an API endpoint at /api/projects. Each project has a title, description, URL, and a featured flag. That's all the data needed to keep the README up to date.

A GitHub Actions workflow runs on a schedule — every hour — and does the following:

Fetches the latest projects from larsniet.com/api/projects
Filters them using jq: featured projects go into one list, everything else into another
Injects the generated content into the README between a pair of HTML comment markers using awk
Commits and pushes the result if anything changed

on:
  schedule:
    - cron: "0 * * * *"
  workflow_dispatch:

The workflow_dispatch trigger is useful for forcing an immediate update after publishing a new post, without waiting for the next scheduled run.

The marker system

The README uses HTML comment markers to define the zones that get replaced:

<!-- FEATURED-PROJECTS:START -->
- [Project title](url) — description
<!-- FEATURED-PROJECTS:END -->

The awk script scans the file line by line, and when it hits a START marker it prints the new content and sets a skip flag. Everything between the markers gets replaced. Lines outside the markers are passed through untouched, so the rest of the README stays exactly as written.

The result

Whenever I publish a new post on my portfolio, the GitHub profile updates itself within the hour. Featured projects appear at the top, the rest follow below — all without me touching the profile repository.

It's a small thing, but it means the profile always reflects the actual current state of my work rather than whatever I last remembered to write down.

View the repository

Walk local, eat local

Lars van der Niet — Fri, 06 Mar 2026 10:46:43 +0000

A culinary walk through the region

Dinnerwalks began as a small-scale project to support the hospitality industry, conceived by Veerle and Merlijn Killan. Soon, registrations started pouring in, and the process that used payment requests and manual emails became a significant burden. That's why Merlijn asked me for help. My task was to transform the outdated website into a modern and unique web application that automated the existing process.

A (dutch) video about the project can be found here.