[{"content":"I built this site — the one you\u0026rsquo;re reading right now — through a browser conversation with Claude. The Hugo scaffold, the PaperMod theme, the custom CSS, the GitHub Actions pipeline, all of it. Copy-paste, download, screenshot, repeat.\nThen I installed Claude Code and did the same kind of work from my terminal.\nThis isn\u0026rsquo;t a product review. It\u0026rsquo;s a workflow comparison from someone who used both approaches on the same project, back to back.\nThe Browser Workflow: What I Built When I decided to stand up wwwombat.com, I started in Claude.ai — no install, no setup, just a conversation.\nBy the end of it I had a technology decision (Hugo + PaperMod, deployed to Cloudflare Pages), a site architecture with five sections and a two-domain strategy, a custom CSS file with a brand palette extracted from my logo, three font families chosen through an interactive comparison widget the AI built inline, and a complete hugo.yaml with navigation, profile mode, and syntax highlighting configured.\nThe entire session happened inside a browser tab. Files came over as downloads, then got placed manually. Commands got copy-pasted into a terminal window. The AI described what to do; I executed it.\nWhere the Browser Shines Strategic and architectural thinking. When I asked whether wwwombat.com or wwwombat.tech should host the research site, the response wasn\u0026rsquo;t a yes/no — it was a positioning analysis. The .com for credibility and audience building, the .tech for commercial conversion, with competitive references to Troy Hunt and Daniel Miessler as working examples of the model. That kind of synthesis requires judgment. Browser AI delivers it.\nVisual and creative iteration. I described my logo — a wombat in a green ring with a circuit-board aesthetic — and got back a full CSS color palette: #4EB067 for the primary green, #6FD8C6 for the visor cyan, #0a0e0b for the OLED-friendly near-black. When I wanted to compare heading fonts, the AI built an interactive HTML comparison widget on the spot. Trying to do that in a terminal agent would be awkward at best.\nZero barrier to entry. I opened a browser tab. No installation, no API keys, no configuration. For the planning phase of a project, that frictionlessness matters.\nWhere the Browser Hits Friction The friction is structural. Browser AI operates outside your filesystem, which means every file handoff is manual.\nThe CSS iteration cycle looked like this: describe the problem → receive a code block → copy to a file or download an artifact → replace the file in the project → restart the dev server → look at the result → screenshot → paste the screenshot back into the chat → repeat. Four to six steps per round trip.\nThe \u0026ldquo;telephone game\u0026rdquo; effect compounds this. When a build error appeared, I had to describe it. Paste in the error log. Explain the directory structure. Describe what the CSS currently looks like. The AI was working from my transcription of reality, not reality itself.\nMulti-file changes were particularly painful. When a font decision touched the CSS, the Hugo config, and a template override, that was three separate files to coordinate and transfer manually.\nThe Terminal Workflow: Same Project, Different Tool Claude Code installs as an npm package. You point it at a directory, and it has direct access to your files.\nThe mental shift is significant. The agent isn\u0026rsquo;t advising me on what to do — it\u0026rsquo;s doing it. It reads files, edits them in place, runs build commands, checks the output, and iterates. The human relay is mostly gone.\nWhere the Terminal Shines The debugging loop collapses. When the site deployed but the logo wasn\u0026rsquo;t showing, I didn\u0026rsquo;t describe the problem. The agent read the PaperMod template source, found {{ .imageUrl | absURL }}, understood that absURL generates absolute URLs from the baseURL, and traced the entire CORB issue back to a single configuration mismatch. That entire chain of reasoning happened because the agent could read the actual source files instead of my description of them.\nMulti-file edits become atomic. \u0026ldquo;Fix the CSS @import ordering\u0026rdquo; meant the agent opened the file, moved the @import above the comment block, saved it, and confirmed. No download, no manual edit, no re-upload.\nBuild verification closes the loop. After every change, hugo --minify runs. If there\u0026rsquo;s a warning or an error, the agent sees it directly. No screenshot, no copy-paste, no relay.\nShell access removes blockers. The site was missing favicon-32x32.png and favicon-16x16.png. The agent checked for ImageMagick — not installed. Installed sharp via npm in a temp directory, wrote a Node.js resize script targeting the logo, executed it, verified the output file sizes, and committed the result. The whole task was one instruction.\nWhere the Terminal Hits Friction Cost is real and visible. API usage on Claude Code charges per token. A focused implementation session is efficient. A wandering brainstorming session is not what it\u0026rsquo;s optimized for, and you\u0026rsquo;ll feel that in the billing. The economics favor clear, bounded tasks over open-ended exploration.\nPermission prompts interrupt flow. Claude Code asks for confirmation before executing potentially destructive or external operations. This is the right design — it stopped me from pushing before I\u0026rsquo;d reviewed a diff — but it changes the rhythm. You\u0026rsquo;re approving tool calls, not just reading responses.\nOpen-ended exploration feels off. When I wanted to think through content strategy or the two-domain architecture, the terminal felt like the wrong register. Agentic mode is optimized for execution. Thinking-out-loud sessions belong in chat.\nSide-by-Side: The Same Task Both Ways Task: Debug a Missing Logo Browser approach:\nNotice the logo is missing on the deployed site Screenshot the page, paste into chat Describe the CORB error from dev tools Paste the hugo.yaml config into the conversation Receive a theory, receive updated config Replace the file manually, rebuild, check Terminal approach:\n\u0026ldquo;The homepage is missing the logo\u0026rdquo; Agent checks git ls-files static/ — file is tracked and present Agent reads the PaperMod template, finds {{ .imageUrl | absURL }} Agent checks baseURL in hugo.yaml, identifies the origin mismatch Agent updates the config, commits, pushes The terminal path was five steps with no manual file operations. The browser path was six, each requiring a file transfer or copy-paste.\nTask: Fix a CSS @import Warning Browser approach: Paste the browser warning into chat → receive an explanation and updated CSS → download the file → replace it manually.\nTerminal approach: Agent reads the file, moves the @import above the comment block in place, confirms. One operation.\nTask: Generate Missing Favicon Files Browser approach: Learn the files are missing → receive instructions to use ImageMagick or an online tool → execute manually or troubleshoot a missing dependency.\nTerminal approach: Agent checks for ImageMagick (not found), installs sharp in a temp directory, runs a resize script against the logo file, verifies output sizes, stages and commits the files.\nThe Cost Question The bulk of the strategic work for this site — architecture, branding, content planning — happened in Claude.ai under a Pro subscription. Flat monthly cost, no metering.\nClaude Code charges per token. A focused implementation session is cheap. A wandering exploration session is not. The practical split: use browser AI for the thinking, terminal AI for the building. Using an agentic CLI for open-ended brainstorming is like using a forklift to move a box of pencils — technically it works, but it\u0026rsquo;s not what the tool is for.\nWhat I Actually Recommend Use browser AI when:\nYou\u0026rsquo;re making decisions that require context and synthesis You\u0026rsquo;re exploring a problem space you don\u0026rsquo;t fully understand yet You\u0026rsquo;re doing creative or design work — writing, color palette, naming, strategy You want explanation: chat mode is more educational than agentic mode Use terminal AI when:\nYou have a clear task and a defined outcome The work touches multiple files The work involves build systems, package managers, or shell commands You\u0026rsquo;re debugging something and want the agent to see the actual code, not your description of it The switch point is roughly: once you know what you want, stop talking and start doing.\nWhat This Means for the Lab Most AI workflow advice treats \u0026ldquo;AI tools\u0026rdquo; as a monolith. Use AI for this, don\u0026rsquo;t use it for that. The more useful framing is: which AI workflow fits this specific task?\nThe browser/terminal distinction is one dimension. There\u0026rsquo;s also the question of which tasks benefit from human oversight versus which ones are safe to let run — a question I\u0026rsquo;ll keep returning to as the lab evolves and as I advise clients on where to put these tools in their own stacks.\nFor now: the site is live. The pipeline works. It was built with both approaches, which is exactly as it should be.\n","permalink":"https://wwwombat-com.pages.dev/posts/browser-ai-vs-terminal-ai/","summary":"I built an entire website through a browser-based AI conversation. Then I switched to a terminal-first agent. Here\u0026rsquo;s what each approach actually gets right — and where each one falls apart.","title":"Browser AI vs. Terminal AI: What Changed When I Moved My Dev Workflow to the CLI"},{"content":"Every managed AI service wants your data on their servers. For security research, that\u0026rsquo;s a non-starter.\nI needed an environment where I could feed sensitive assets — firewall syslogs, vulnerability maps, proprietary scripts — into large language models without any of it leaving my physical control. No API calls to OpenAI. No data residency questions. No compliance gray areas.\nSo I built one.\nThis post walks through the full architecture: bare-metal hypervisor, GPU passthrough, containerized inference stack, and zero-trust edge access. Total cloud hosting cost: $0/month.\nThe \u0026ldquo;What Broke\u0026rdquo; section is the one that would have saved me hours if someone else had written it first.\nThe Hardware The core constraint was fitting meaningful local inference into a consumer budget. The build:\nCPU: AMD Ryzen 7 (8c/16t) — enough cores to dedicate 6 to the AI VM while the hypervisor keeps the rest RAM: 32GB DDR4 — 20GB allocated to the AI VM, the rest to the hypervisor and ancillary VMs GPU: NVIDIA RTX-class card, 16GB VRAM — sufficient for quantized 13B models and most 7B models at full precision Storage: 1TB NVMe for the OS/VM images, 2TB SATA SSD for model weights The GPU VRAM is the real constraint. 16GB lets you run a quantized Llama 3 70B at Q4, or most 13B models comfortably. If you\u0026rsquo;re budgeting, the single most impactful upgrade you can make to a homelab inference rig is more VRAM.\nEverything here is off-the-shelf consumer hardware. Nothing exotic. The software does the work.\nPhase 1: Hypervisor and Firmware Ventoy first. Before touching BIOS settings, I set up a Ventoy USB drive with the Proxmox installer. Ventoy lets you boot multiple ISOs from a single drive — invaluable when you\u0026rsquo;re iterating through different hypervisor versions or have to reinstall.\nBIOS/UEFI prerequisites for GPU passthrough:\nThe passthrough path requires hardware-level support for IOMMU (AMD-Vi on AMD, VT-d on Intel). Before the Proxmox installer boots, you need to enable:\nSVM Mode (AMD) or Intel Virtualization Technology IOMMU (AMD-Vi / Intel VT-d) Above 4G Decoding Re-Size BAR Support (if your board supports it — helps with newer NVIDIA cards) On most boards these are buried under \u0026ldquo;Advanced CPU Configuration\u0026rdquo; or \u0026ldquo;AMD CBS.\u0026rdquo; If they\u0026rsquo;re missing from your BIOS, a firmware update often surfaces them.\nProxmox install is straightforward once the BIOS is configured. Use the graphical installer, put the OS on the NVMe, and set a static IP during setup. Post-install, edit /etc/apt/sources.list to use the community repo instead of the enterprise repo (the enterprise repo requires a paid subscription):\n# /etc/apt/sources.list.d/pve-no-subscription.list deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription Then comment out the enterprise repo in /etc/apt/sources.list.d/pve-enterprise.list.\nEnable IOMMU in the bootloader. After install, add amd_iommu=on iommu=pt (or intel_iommu=on iommu=pt) to your GRUB kernel parameters in /etc/default/grub:\nGRUB_CMDLINE_LINUX_DEFAULT=\u0026#34;quiet amd_iommu=on iommu=pt\u0026#34; Run update-grub and reboot. Verify IOMMU groups are populating:\nfind /sys/kernel/iommu_groups/ -type l | sort -V If you see output, you\u0026rsquo;re in business. If the GPU and its audio device are in the same IOMMU group and nothing else is in that group, you\u0026rsquo;re ready for passthrough.\nPhase 2: GPU Passthrough This is the section everyone Googles and nobody explains well. Here\u0026rsquo;s the condensed version of what actually matters.\nMachine type: q35. When creating the VM in Proxmox, use the q35 machine type with OVMF (UEFI) firmware — not SeaBIOS. q35 is required for PCIe passthrough to work correctly with modern NVIDIA cards.\nBlacklist the GPU on the host. Proxmox (the host) must not load NVIDIA drivers for the card you\u0026rsquo;re passing through. If the host claims the GPU, the VM can\u0026rsquo;t have it. Add these to /etc/modprobe.d/blacklist.conf:\nblacklist nouveau blacklist nvidia blacklist nvidiafb Then bind the GPU to the vfio-pci driver instead:\n# /etc/modprobe.d/vfio.conf options vfio-pci ids=XXXX:XXXX,XXXX:XXXX Replace the IDs with your GPU\u0026rsquo;s PCI vendor:device IDs — find them with lspci -nn | grep NVIDIA. You need both the GPU ID and the HDMI audio ID.\nAdd vfio vfio_iommu_type1 vfio_pci vfio_virqfd to /etc/modules, run update-initramfs -u -k all, and reboot.\nIn the Proxmox VM config, add the GPU as a PCI device with \u0026ldquo;All Functions\u0026rdquo; checked and \u0026ldquo;ROM-Bar\u0026rdquo; enabled. For NVIDIA cards, also set x-vga=1 if you\u0026rsquo;re passing through the primary GPU.\nInside the VM, install NVIDIA drivers as you normally would. The VM sees the card as physical hardware. Run nvidia-smi to confirm it\u0026rsquo;s visible and showing the correct VRAM.\nOne catch specific to NVIDIA consumer cards: some driver versions include code that detects when they\u0026rsquo;re running in a hypervisor and intentionally fail (the infamous Error 43). The fix is to hide the hypervisor signature in the VM config by adding kvm=off and hidden=1 to the CPU flags. Proxmox exposes this in the VM\u0026rsquo;s hardware settings or directly in the .conf file:\ncpu: host,hidden=1,flags=+pcid args: -cpu \u0026#39;host,+kvm_pv_unhalt,+kvm_pv_eoi,hv_vendor_id=NvidiaFTW,kvm=off\u0026#39; Phase 3: The Container Stack With a working GPU VM running Ubuntu Server, the inference stack goes in as containers.\nInstall Docker with NVIDIA support:\n# Docker curl -fsSL https://get.docker.com | sh # NVIDIA Container Toolkit curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg # ... (follow NVIDIA\u0026#39;s current install docs for your distro) sudo nvidia-ctk runtime configure --runtime=docker sudo systemctl restart docker Verify GPU access from a container:\ndocker run --rm --gpus all nvidia/cuda:12-base-ubuntu22.04 nvidia-smi If that shows your GPU, the container runtime is wired up correctly.\nThe compose stack. The core services:\nservices: ollama: image: ollama/ollama runtime: nvidia environment: - NVIDIA_VISIBLE_DEVICES=all volumes: - ollama_data:/root/.ollama ports: - \u0026#34;11434:11434\u0026#34; restart: unless-stopped open-webui: image: ghcr.io/open-webui/open-webui:main environment: - OLLAMA_BASE_URL=http://host.docker.internal:11434 extra_hosts: - \u0026#34;host.docker.internal:host-gateway\u0026#34; volumes: - open_webui_data:/app/backend/data ports: - \u0026#34;3000:8080\u0026#34; restart: unless-stopped volumes: ollama_data: open_webui_data: Pull a model and test:\ndocker exec -it ollama ollama pull llama3 Open WebUI at http://localhost:3000 should show the model in the selector and inference should be running on the GPU.\nWhat Broke (And How I Fixed It) This is the section that would have saved me hours.\nThe LVM Trap Ubuntu Server\u0026rsquo;s default installer allocates roughly 50% of the disk to the root logical volume, even if you tell it to use the whole drive. The rest sits in the volume group, allocated but unused.\nI discovered this the hard way when Docker ran out of space pulling a 20GB model file. df -h showed 40GB used on a 50GB filesystem when there was a 500GB drive in the machine.\nThe fix:\n# Find your volume group and free space vgdisplay lvdisplay # Extend the logical volume to use all free space lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv # Resize the filesystem to match resize2fs /dev/ubuntu-vg/ubuntu-lv Verify with df -h. This should now show the full disk capacity available.\nThe OOM Killer Running large models against 16GB of RAM in the VM was tight. The OOM killer started terminating processes mid-inference — specifically targeting ollama serve when another workload was active simultaneously.\nTwo fixes:\nFirst, expand swap significantly. The default Ubuntu swap is undersized for inference workloads:\n# Disable current swap sudo swapoff -a # Create a 12GB swapfile sudo fallocate -l 12G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile # Make it persistent echo \u0026#39;/swapfile none swap sw 0 0\u0026#39; | sudo tee -a /etc/fstab Second, I had Stable Diffusion running in the stack alongside Ollama. The WebUI for Stable Diffusion was keeping the AUTOMATIC1111 process warm, which held a large chunk of VRAM even when idle. Unloading it — docker compose stop stable-diffusion — gave Ollama the headroom it needed for larger models.\nIf you\u0026rsquo;re primarily doing LLM inference rather than image generation, don\u0026rsquo;t run both simultaneously unless you have the VRAM budget for it.\nDocker\u0026rsquo;s File Descriptor Ceiling This one cost me a full evening.\nI was ingesting SonicWall syslog data through a Python script piped into the inference stack — high-volume log events, each opening a connection. The script would run for a few minutes, then the container would crash with a cryptic error.\nThe actual problem: Docker containers inherit a default ulimit of 1024 open file descriptors. High-volume syslog ingestion blows through that ceiling fast.\nFix in /etc/docker/daemon.json:\n{ \u0026#34;default-ulimits\u0026#34;: { \u0026#34;nofile\u0026#34;: { \u0026#34;Name\u0026#34;: \u0026#34;nofile\u0026#34;, \u0026#34;Hard\u0026#34;: 65536, \u0026#34;Soft\u0026#34;: 65536 } } } Restart Docker. Verify the new limit from inside a running container:\ndocker exec -it \u0026lt;container\u0026gt; sh -c \u0026#34;ulimit -n\u0026#34; Should show 65536. The syslog ingestion stopped crashing.\nThe Localhost Loop Open WebUI couldn\u0026rsquo;t reach Ollama.\nThe symptom: Open WebUI loaded, models showed in the selector, but every inference request returned a connection error. Ollama was running fine when tested directly via curl.\nThe problem: the default OLLAMA_BASE_URL in many Open WebUI docs is set to http://localhost:11434. Inside a Docker container, localhost refers to the container itself — not the host machine where Ollama is listening.\nThe fix is host.docker.internal, a DNS name Docker provides for exactly this purpose. Two things required:\nSet OLLAMA_BASE_URL=http://host.docker.internal:11434 in the Open WebUI environment Add extra_hosts: [\u0026quot;host.docker.internal:host-gateway\u0026quot;] to the Open WebUI service definition (Linux Docker doesn\u0026rsquo;t resolve this by default — macOS and Windows Docker Desktop do) Both are in the compose snippet above. If you\u0026rsquo;re copying configs from older tutorials, this is likely what\u0026rsquo;s broken.\nEdge Access Without Open Ports The inference stack runs on a machine on my local network. I need to reach it from outside — from a laptop, a remote workstation, wherever — without exposing any ports to the internet.\nThe solution is Cloudflare Zero Trust Tunnel. It\u0026rsquo;s free for personal use, requires no port forwarding on the router, and creates an encrypted tunnel from the Cloudflare edge directly to the container.\nSetup is about ten minutes:\nCreate a Cloudflare Zero Trust account at one.dash.cloudflare.com Go to Networks → Tunnels → Create a tunnel Install cloudflared on the VM and run the connector command Cloudflare provides Add a public hostname pointing to localhost:3000 (or wherever Open WebUI is listening) Set an Access policy (email OTP or a short list of allowed emails) so only you can reach it The result: Open WebUI is accessible at https://your-subdomain.your-domain.com, sessions are encrypted end-to-end, there are no open ports on your router, and the access log lives in Cloudflare\u0026rsquo;s dashboard.\nFor a lab handling sensitive research data, this is the right architecture. The inference never leaves the hardware; only the session traffic passes through the tunnel.\nWhat\u0026rsquo;s Next Three things on the near-term roadmap:\nLiteLLM gateway. Right now Ollama is the only inference backend. LiteLLM sits in front of multiple backends — Ollama, vLLM, remote APIs — and presents a unified OpenAI-compatible endpoint. That means switching between local and remote models becomes a config change, not a code change.\nIsolated attack range. A separate VM network for intentionally vulnerable targets — the kind of environment you need to test detection logic, run offensive tooling, or validate that your LLM-assisted analysis is actually catching what it should. Air-gapped from the inference stack.\nSSO consolidation. Right now each service has its own auth. Open WebUI, SearXNG, and any future tools should all sit behind a single identity provider — likely Authentik or Authelia — so access management is centralized and auditable.\nThis is the first post in a series documenting the wwwombat lab. Next: GPU passthrough on Proxmox in depth — the IOMMU groups, the Error 43 workarounds, and the parts of the documentation that are quietly wrong.\n","permalink":"https://wwwombat-com.pages.dev/posts/building-a-zero-cost-private-ai-lab/","summary":"How I built a fully self-hosted AI inference environment with GPU passthrough, hardened containers, and zero-trust edge access — on hardware you can buy at Micro Center.","title":"Building a Zero-Cost Private AI Lab on Consumer Hardware"},{"content":"Domain strategy for wombat websites You said: Good morning! Let\u0026rsquo;s explore ideas for a public website that aligns with my goals for wwwombat.tech. I own two domains: wwwombat.com and wwwombat.tech. Would one be more suitable for research and public tools, and the other domain be more oriented towards commercial sales? Help me explore some ideas based on what you know about me and this project so far.\nClaude said: Good morning! This is a great strategic question, and your two domains give you a natural split that a lot of solo founders wish they had from the start. Here\u0026rsquo;s how I\u0026rsquo;d think about the division: wwwombat.tech → the commercial front door. This is already where you\u0026rsquo;ve anchored your brand identity — your Open WebUI is white-labeled to it, your consulting vision lives here. The .tech TLD signals professional capability to enterprise buyers. This domain should be the polished, conversion-oriented site: who you are, what you offer, case studies, a contact/booking flow. Think of it as the site a CISO or IT director lands on when evaluating whether to bring you in. wwwombat.com → the public-facing lab and reputation engine. The .com carries universal credibility and is easier to share casually. This is where you publish the work that earns the consulting engagements: writeups of your homelab architecture, tool demos, CVE analysis walkthroughs, open-source utilities (like your NVD tool or filter functions), maybe a blog tracking your build-in-public journey. It\u0026rsquo;s your technical portfolio and content marketing engine rolled into one. The strategic logic is that .com builds your audience and credibility (people find you through your research), and .tech converts that credibility into revenue (people hire you through your services page). Each domain links to the other, but they serve different visitors at different stages. A few concrete ideas for each: For wwwombat.tech, the commercial site could feature a clean services page (AI infrastructure consulting, private deployment architecture, security log analysis pipelines), a \u0026ldquo;how it works\u0026rdquo; section showing your hybrid local/cloud approach without giving away the keys, and eventually client testimonials or anonymized case studies. Even a simple single-page site with a Calendly embed would be a strong start while you\u0026rsquo;re still in school. For wwwombat.com, the research/portfolio side could host things like an interactive version of the implementation report you just shared (sanitized, of course), tool releases or demos, a blog with posts like \u0026ldquo;How I built a zero-cost private AI lab on consumer hardware\u0026rdquo; or CVE deep-dives. This is the kind of content that gets shared on Reddit, Hacker News, and LinkedIn — which is exactly how independent consultants build pipeline without a sales team. One thing worth considering: you could start with just one site and redirect the other domain to it until you have enough content to justify both. Given where you are right now — still building the stack, still in school — I\u0026rsquo;d probably launch wwwombat.com first as the portfolio/blog, since publishing technical content is how you\u0026rsquo;ll start building a reputation. Then stand up wwwombat.tech as the commercial site once you\u0026rsquo;re closer to actively taking clients. Want to dig into the structure or content strategy for either site, or talk about the tech stack for building them?\nYou said: Let\u0026rsquo;s outline the wwwombat.com idea. I\u0026rsquo;ll take your suggestion. I\u0026rsquo;m open to commercially hosting this too, I don\u0026rsquo;t necessarily want to self host this. I\u0026rsquo;ve got domains registered through GoDaddy, and porkbun, and I\u0026rsquo;ve got an account with Cloud Flare. Should we do some market analysis and find some other sites already stood up that we could base our concept on?\nClaude said: Great call — let\u0026rsquo;s look at what\u0026rsquo;s already working in this space before we design anything. I\u0026rsquo;ll search for some strong examples of independent security researchers and technical consultants who\u0026rsquo;ve built effective portfolio/blog sites.Great research haul. Let me synthesize what\u0026rsquo;s working for the people you\u0026rsquo;d be competing with for attention, and then lay out a site outline. The two gold-standard models for what you\u0026rsquo;re building are Troy Hunt (troyhunt.com) and Daniel Miessler (danielmiessler.com). Both started as solo practitioners who blogged about what they were building and learning, both created free tools that drove organic traffic (Hunt built Have I Been Pwned; Miessler built Fabric), and both parlayed that into consulting, speaking, and eventually full businesses. Miessler\u0026rsquo;s site has been running since 1999 — over 3,000 essays — and his newsletter now reaches 700,000+ followers. The pattern is clear: consistent technical content + a free tool or two = credibility engine that feeds the commercial side. The key takeaway from both: they don\u0026rsquo;t try to look like a company. They look like a sharp individual who builds things and writes about it. That\u0026rsquo;s exactly where you are. For hosting, the obvious play is Hugo + Cloudflare Pages. You already have a Cloudflare account, you already have GitHub set up, and Hugo is the fastest static site generator out there — it builds thousands of pages in under a second. Cloudflare Pages gives you unlimited bandwidth on the free tier, automatic SSL, and deploys from your GitHub repo on every push. Zero hosting cost, globally distributed CDN, and you manage content in Markdown files in a Git repo, which fits your workflow perfectly. No WordPress to maintain, no server to patch, no attack surface. Here\u0026rsquo;s the outline:\nwwwombat.com — Site Architecture Outline Tagline concept: \u0026ldquo;Private AI infrastructure \u0026amp; security research from the lab.\u0026rdquo; Core Pages Home / Landing — Not a corporate homepage. More like Miessler\u0026rsquo;s or Hunt\u0026rsquo;s: a brief intro to who wwwombat is (pseudonymous is fine — plenty of respected researchers operate under handles), then a feed of your latest posts. Visitors should see fresh content within 3 seconds of landing. About — Your story, your lab, your mission. Written in first person. Doesn\u0026rsquo;t need your legal name — frame it around the project and what you\u0026rsquo;re building. Link to your GitHub, your TU affiliation if you want, and eventually to wwwombat.tech for the commercial side. The Lab — This is your differentiator. A living, sanitized version of that implementation report: your Proxmox topology, the GPU passthrough pipeline, the Docker stack, the Cloudflare tunnel architecture. Think of it as a reference architecture page that you update as the lab evolves. This is the kind of page that gets bookmarked and shared on r/homelab and r/selfhosted. Blog — The engine. Categorized loosely by topic area (tags, not rigid categories). Starting content ideas drawn directly from work you\u0026rsquo;ve already done:\n\u0026ldquo;Building a Zero-Cost Private AI Lab on Consumer Hardware\u0026rdquo; — the build story \u0026ldquo;GPU Passthrough on Proxmox: The Gotchas Nobody Warns You About\u0026rdquo; — the OOM killer, the LVM trap, the Docker file descriptor ceiling \u0026ldquo;Sanitizing Sensitive Data Before It Hits Your LLM\u0026rdquo; — your filter function regex scrubber pipeline \u0026ldquo;Querying the NVD CVE API with Python\u0026rdquo; — your tool, the bugs you hit, the fixes \u0026ldquo;Why I Run Uncensored Models for Security Research\u0026rdquo; — the Dolphin-Llama use case, thoughtfully framed \u0026ldquo;SonicWall Syslog Analysis with Local LLMs\u0026rdquo; — the ingestion script crash and resolution\nTools / Projects — A showcase page linking to your GitHub repos and any hosted tools. Your NVD CVE query tool, your filter functions, your SearXNG deployment notes. Each one gets a brief description and a link. This is the \u0026ldquo;Have I Been Pwned\u0026rdquo; equivalent — even small, useful tools drive traffic and credibility. Newsletter (future) — Once you have 10+ posts, add an email signup. Miessler\u0026rsquo;s Unsupervised Learning newsletter is the single biggest driver of his brand. You don\u0026rsquo;t need to launch this on day one, but design the site with it in mind. Tech Stack Recommendation LayerToolWhyStatic site generatorHugoFastest builds, Go-based, huge theme ecosystem, Markdown contentHostingCloudflare PagesFree, unlimited bandwidth, auto-SSL, deploys from GitHub, you already have an accountDNSCloudflareAlready using it — just point wwwombat.com hereDomain registrarKeep at GoDaddy/PorkbunJust update nameservers to CloudflareThemePaperMod or BlowfishClean, dark-mode-friendly, fast, good code block renderingContent workflowWrite in Markdown → push to GitHub → auto-deploysAnalyticsCloudflare Web AnalyticsFree, privacy-respecting, no cookie banners needed Design Direction Given your WWWOMBAT.tech branding (OLED dark, geometric logo), carry that aesthetic through: dark-mode default, clean typography, strong code block styling, minimal visual clutter. Hunt\u0026rsquo;s site is intentionally plain — content-first. Miessler\u0026rsquo;s is a bit more designed but still text-heavy. You want somewhere in between: professional enough to impress a CISO, but clearly the work of a practitioner, not a marketing agency.\nWant me to go deeper on any section — like scaffolding the actual Hugo project, picking a theme, or drafting the first blog post outline? I could also put together a more detailed content calendar based on the work you\u0026rsquo;ve already completed.\nYou said: Before we go deeper, let\u0026rsquo;s talk domain consolidation, maintaining privacy and pseudomymity. wwwombat.com and wwwombat.tech are both registered with GoDaddy. I have an account with Porkbun with a couple domains that relate to an entireley different venture: my luthier / guitar repair business. Should I consolidate everything into one registrar?\nClaude said: Good question — and the privacy angle makes this worth thinking through carefully before you move anything. Let me check the current landscape on registrar privacy and pricing.This turned up something important you should know about. Here\u0026rsquo;s the short version: Get off GoDaddy. In February 2026, GoDaddy updated its Terms of Service to state that its services \u0026ldquo;are not intended for private, personal or household use,\u0026rdquo; reclassifying all users as \u0026ldquo;business customers.\u0026rdquo; By calling all customers \u0026ldquo;business users,\u0026rdquo; GoDaddy may be stripping away consumer protection rights that users were previously entitled to. The new terms also make class action lawsuits far harder, routing disputes through arbitration with filing fees jumping from around $200 to over $2,300. On top of the legal concerns, GoDaddy\u0026rsquo;s .com renewal prices are among the highest of major registrars at approximately $22.99 per year, and WHOIS privacy costs an additional $10-15 per year — a feature that\u0026rsquo;s free at every competitor. Bill Hartzer + 3 So yes, consolidate — but consolidate away from GoDaddy, not toward it. The real question is: Porkbun or Cloudflare Registrar? For your situation, I\u0026rsquo;d actually recommend a split approach rather than cramming everything into one registrar, and here\u0026rsquo;s why: Transfer wwwombat.com and wwwombat.tech → Cloudflare Registrar. You\u0026rsquo;re already using Cloudflare for DNS and Zero Trust tunnels. Cloudflare sells domains at wholesale cost with no markup — registration equals renewal equals transfer price, with free WHOIS privacy and DNSSEC. For .com that\u0026rsquo;s currently around $10.46/year. Since you\u0026rsquo;re planning to host wwwombat.com on Cloudflare Pages and your DNS already lives there, having the domains registered there too eliminates a layer of configuration and a potential point of failure. The privacy story is strong: Cloudflare provides free WHOIS redaction to safeguard personal contact details from spam and potential threats, complying with ICANN guidelines. For someone operating under a pseudonym, that matters. TldesCloudflare Registrar Keep your luthier/guitar domains at Porkbun. Porkbun\u0026rsquo;s free WHOIS privacy on all domain registrations is one of its strongest security defaults. Porkbun is a great registrar — transparent pricing, clean interface, no upsells. But the guitar business is a completely different venture, a different identity, and probably a different DNS setup. Keeping it separated at Porkbun gives you clean operational boundaries between your two brands. If you ever sell the guitar business or bring on a partner, the domains are already isolated. HostAdvice The pseudonymity angle is where this gets important. With Cloudflare handling both registration and DNS for your wwwombat domains, your real name never appears in public WHOIS records, and you\u0026rsquo;re not relying on a third-party privacy proxy that could get subpoenaed or discontinued. Cloudflare redacts the information directly as the registrar of record. Combined with your existing Cloudflare Zero Trust tunnel (which already hides your homelab\u0026rsquo;s origin IP), you end up with a pretty tight separation between \u0026ldquo;wwwombat\u0026rdquo; the public persona and your legal identity. The only weak link would be if your GoDaddy registration history has your real name cached in historical WHOIS databases — something to be aware of but not something you can retroactively fix. The transfer process is straightforward: unlock the domains at GoDaddy, get the EPP/authorization codes, initiate transfers at Cloudflare. ICANN requires a 60-day wait after registration before you can transfer, but if you\u0026rsquo;ve had these domains a while that won\u0026rsquo;t be an issue. The transfer cost at Cloudflare is just the at-cost renewal price — no markup. Want to walk through the actual transfer steps, or circle back to the site outline?\nYou said: No, I\u0026rsquo;m comfortable with the domain registration, and transfer process. We do a lot of this at TulsaConnect. It\u0026rsquo;s a legacy product set that we still host and support websites and domains for our customers. I just don\u0026rsquo;t want to host my passion project (wwwombat) on my employer\u0026rsquo;s infrastructure.\nClaude said: That makes perfect sense — and it\u0026rsquo;s the right call. Keeping wwwombat on completely separate infrastructure from TulsaConnect avoids any ambiguity about whose resources you\u0026rsquo;re using, whose IP it is, and who owns what if things ever get complicated. Clean separation protects you professionally and legally. So the plan is solid: transfer both wwwombat domains to Cloudflare Registrar, host on Cloudflare Pages, and your employer\u0026rsquo;s infrastructure never touches it. You already know the transfer mechanics better than most people, so I won\u0026rsquo;t belabor that. Should I save that detail about TulsaConnect so I have the full picture going forward? And are you ready to dig into the Hugo + Cloudflare Pages setup, or did you want to explore anything else about the domain/hosting strategy first?\nYou said: Yes, save that detail about TulsaConnect. Before we dig in, I hit a snag on the domain transfers for wwwombat.tech and wwwombat.comto CloudFlare, and hopefully this doens\u0026rsquo;t hold us up too much. Since the domains are newly registered, I have to wait one more month before they\u0026rsquo;re eligible to transfer. How do we keep our momentum going?\nClaude said: Saved. And the transfer lock doesn\u0026rsquo;t hold you up at all — it\u0026rsquo;s actually a non-issue for momentum. Here\u0026rsquo;s why: The domain transfer and the site build are completely independent workstreams. You can do everything right now except point the final custom domain, and that\u0026rsquo;s literally the last step anyway. Here\u0026rsquo;s what the next month looks like: Right now, you can set up your GitHub repo, scaffold the Hugo project, pick and customize a theme, write your first couple of posts, and deploy to Cloudflare Pages. Every Pages project gets a free *.pages.dev subdomain immediately — something like wwwombat.pages.dev. That\u0026rsquo;s a fully functional, SSL-secured, globally distributed site you can share, test, and iterate on while the transfer clock ticks. During the wait, you\u0026rsquo;re writing content, refining the design, getting the dark theme dialed in, maybe drafting three or four posts from the backlog of work you\u0026rsquo;ve already done. By the time the domains are transferable, you\u0026rsquo;d have a polished site ready to go — not a bare scaffold. When the transfer completes, you add the custom domain in the Cloudflare Pages dashboard, the DNS records are already in Cloudflare, and it\u0026rsquo;s live. Five minutes of work. If anything, the forced wait is a gift — it means you launch wwwombat.com with real content on it instead of a coming-soon page that nobody bookmarks. Want to start scaffolding the Hugo project now?\nYou said: Yes, let\u0026rsquo;s begin! Keep this in memory, I want to leverage as much automation throughout this process as possible, where it makes sense to do so.\nClaude said: Saved. Let\u0026rsquo;s build this thing. I\u0026rsquo;ll scaffold the full Hugo project here so we can iterate on the structure and config together, and then package it up for you to push to GitHub.Got Hugo installed. Now let\u0026rsquo;s scaffold the project.Now let\u0026rsquo;s build out the content structure:Now let\u0026rsquo;s set up the automation layer — a GitHub Actions workflow for auto-deploying to Cloudflare Pages on every push:Let me verify it all builds cleanly:Build verified clean (the latest PaperMod needs Hugo 0.146+ which GitHub Actions will install — the apt version here is just old). Let me show you the full project:Here\u0026rsquo;s what we\u0026rsquo;ve got scaffolded and ready to go: Configuration — hugo.yaml is set up with PaperMod in dark mode by default, profile-mode homepage with navigation buttons, code syntax highlighting (Dracula theme), built-in search, RSS feed, and your GitHub linked in the social icons. Content pages — About, The Lab (a sanitized version of your implementation report as a living document), Tools \u0026amp; Projects (your open-source showcase), and Search. First blog post — \u0026ldquo;Building a Zero-Cost Private AI Lab on Consumer Hardware\u0026rdquo; is drafted with draft: true and TODO markers for each section. The structure is there; you fill in the prose. Automation — Three layers:\nA Makefile for local workflow (make new POST=\u0026ldquo;slug\u0026rdquo;, make serve, make deploy MSG=\u0026quot;\u0026hellip;\u0026quot;) A post archetype so hugo new content posts/my-post.md auto-generates front matter with your preferred fields A GitHub Actions workflow that builds with the latest Hugo and deploys to Cloudflare Pages on every push to main\nYour daily writing workflow would be: make new POST=\u0026ldquo;gpu-passthrough-gotchas\u0026rdquo; → write in your editor → make serve to preview → make deploy MSG=\u0026ldquo;publish gpu passthrough post\u0026rdquo;. That\u0026rsquo;s it. Let me package these up for you to download:Here\u0026rsquo;s your scaffold. To get it running on FLOKI, the steps are:\nExtract the tarball and cd into it git init \u0026amp;\u0026amp; git branch -m main Add PaperMod as a submodule: git submodule add https://github.com/adityatelange/hugo-PaperMod.git themes/PaperMod Install Hugo (latest extended edition — PaperMod needs 0.146+) make serve and you should see the site at localhost:1313 Create your GitHub repo (wwwombat-com), add the remote, push Add your Cloudflare API token and account ID as GitHub secrets Every push to main auto-deploys to wwwombat-com.pages.dev\nDrop your logo PNG into static/images/wwwombat-logo.png and you\u0026rsquo;ll see it on the homepage. The first blog post is ready to flesh out whenever you\u0026rsquo;re ready to write — all the section headers and TODO markers map directly to the work you\u0026rsquo;ve already documented. What do you want to tackle next — customizing the theme styling, fleshing out that first post, or something else?Wwwombat com scaffold.tarGZ\nYou said: OK, so I just ran into this from Powershell on FLOKI: PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt; git init \u0026amp;\u0026amp; git branch -m main At line:1 char:10\ngit init \u0026amp;\u0026amp; git branch -m main ~~ The token \u0026lsquo;\u0026amp;\u0026amp;\u0026rsquo; is not a valid statement separator in this version. + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : InvalidEndOfLine PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt;\nClaude said: That\u0026rsquo;s a PowerShell version thing — the \u0026amp;\u0026amp; operator only works in PowerShell 7+. Older versions use ; as the separator. Try: powershellgit init; git branch -m main Or just run them as two separate commands. The rest of the setup steps will have the same issue if you chain them, so just run each one individually: powershellgit init git branch -m main git submodule add https://github.com/adityatelange/hugo-PaperMod.git themes/PaperMod If you want to check which PowerShell version you\u0026rsquo;re on, run $PSVersionTable.PSVersion. If you\u0026rsquo;re on 5.x (the one that ships with Windows), you could also consider installing PowerShell 7 at some point — it supports \u0026amp;\u0026amp; and a lot of other quality-of-life improvements. But it\u0026rsquo;s not urgent, semicolons will get you through today.\nYou said: Help me clone PowerShell 7 from this repo: https://github.com/PowerShell/PowerShell.git\nClaude said: You don\u0026rsquo;t want to clone and build PowerShell from source — that\u0026rsquo;s a big .NET SDK build process that would take a while and isn\u0026rsquo;t necessary. The repo has prebuilt releases ready to install. The fastest way on Windows is just: powershellwinget install Microsoft.PowerShell That\u0026rsquo;ll install PowerShell 7 alongside your existing 5.x (they coexist, nothing breaks). Once installed, you\u0026rsquo;ll have pwsh.exe available, and Windows Terminal will automatically add a \u0026ldquo;PowerShell 7\u0026rdquo; profile. After install, open a new PowerShell 7 tab and confirm with $PSVersionTable.PSVersion — you should see 7.x. Then \u0026amp;\u0026amp; chains will work as expected.\nYou said: Can I just upgrade version 5 to version 7 without having the both co-installed?\nClaude said: Unfortunately no — PowerShell 5.1 is a Windows component baked into the OS. It can\u0026rsquo;t be uninstalled or upgraded in-place. Microsoft designed 7 to run alongside it intentionally, since some Windows management features and legacy scripts still depend on 5.1 under the hood. The good news is they don\u0026rsquo;t conflict at all. PowerShell 5 is powershell.exe, PowerShell 7 is pwsh.exe — different binaries, different paths. Once you install 7 and set it as your default terminal profile in Windows Terminal, you\u0026rsquo;ll never accidentally open 5 unless you go looking for it. It\u0026rsquo;ll feel like an upgrade even though technically both are present. Go ahead and run that winget install Microsoft.PowerShell, then set pwsh as your default profile in Windows Terminal and you\u0026rsquo;re good.\nYou said: Alright, got Powershell upgraded\nClaude said: Nice. Now you\u0026rsquo;ve got \u0026amp;\u0026amp; chains and a modern shell. Pick up where you left off: powershellcd C:\\Users\\David\\Documents\\wwwombat.com git init \u0026amp;\u0026amp; git branch -m main git submodule add https://github.com/adityatelange/hugo-PaperMod.git themes/PaperMod Then you\u0026rsquo;ll need Hugo installed — the quickest way on Windows: powershellwinget install Hugo.Hugo.Extended Once that\u0026rsquo;s done, make serve won\u0026rsquo;t work natively on Windows (no make), but you can run the Hugo command directly: powershellhugo server \u0026ndash;buildDrafts \u0026ndash;buildFuture \u0026ndash;navigateToChanged That should bring up the site at localhost:1313. Let me know what you see.\nYou said: Tried upgrading versions within PS7: A new PowerShell stable release is available: v7.6.2 Upgrade now, or check out the release page at: https://aka.ms/PowerShell-Release?tag=v7.6.2 PS C:\\Users\\David\u0026gt; winget install Microsoft.PowerShell -upgrade\nClaude said: Close — the flag syntax is a little different: powershellwinget upgrade Microsoft.PowerShell upgrade is its own winget command, not a flag on install.\nYou said: I ran that and it said there were no upgrade packages available, but this screenshot says I\u0026rsquo;m using a older version:\nClaude said: That happens when the original install wasn\u0026rsquo;t done through winget, so winget doesn\u0026rsquo;t know it\u0026rsquo;s managing that package. You can fix it by just installing the new version over the top: powershellwinget install Microsoft.PowerShell \u0026ndash;force The \u0026ndash;force flag tells winget to install even though it detects an existing version. It\u0026rsquo;ll upgrade 7.5.5 → 7.6.2 in place. You\u0026rsquo;ll need to close and reopen your terminal afterward to pick up the new version.\nYou said: Hit a snag\nClaude said: The tarball extracted with a wwwombat-com/ folder inside it, so your files are probably one level deeper than Hugo expects. Check with: powershellls You\u0026rsquo;ll likely see a single wwwombat-com folder. If so, either move everything up a level: powershellMove-Item wwwombat-com* . -Force Remove-Item wwwombat-com Or just cd into it: powershellcd wwwombat-com Then try hugo server \u0026ndash;buildDrafts again. Hugo needs to see hugo.yaml in the current directory.\nYou said: PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt; dir Directory: C:\\Users\\David\\Documents\\wwwombat.com Mode LastWriteTime Length Name\nd\u0026mdash;- 5/24/2026 11:22 AM themes d\u0026mdash;- 5/24/2026 11:06 AM wwwombat-com-scaffold -a\u0026mdash; 5/24/2026 11:22 AM 112 .gitmodules -a\u0026mdash; 5/24/2026 11:05 AM 262523 wwwombat-com-scaffold.tar.gz PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt;\nClaude said: There it is — the scaffold contents are nested inside wwwombat-com-scaffold. Let\u0026rsquo;s move everything up to the root, and clean up the tarball and empty folder: powershellMove-Item wwwombat-com-scaffold* . -Force Remove-Item wwwombat-com-scaffold Remove-Item wwwombat-com-scaffold.tar.gz Then confirm hugo.yaml is in the current directory: powershellls hugo.yaml Once you see it, try the server again.\nYou said: Found it: PS C:\\Users\\David\\Documents\\wwwombat.com\\wwwombat-com\u0026gt; ls hugo.yaml Directory: C:\\Users\\David\\Documents\\wwwombat.com\\wwwombat-com Mode LastWriteTime Length Name\n-a\u0026mdash; 5/24/2026 10:58 AM 2675 hugo.yaml PS C:\\Users\\David\\Documents\\wwwombat.com\\wwwombat-com\u0026gt;\nClaude said: You\u0026rsquo;ve got one extra nesting level — wwwombat.com\\wwwombat-com. Let\u0026rsquo;s flatten it: powershellcd C:\\Users\\David\\Documents\\wwwombat.com Move-Item wwwombat-com* . -Force Remove-Item wwwombat-com Then confirm and launch: powershellls hugo.yaml hugo server \u0026ndash;buildDrafts\nYou said: Almost there: PS C:\\Users\\David\\Documents\\wwwombat.com\\wwwombat-com\u0026gt; cd C:\\Users\\David\\Documents\\wwwombat.com PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt; Move-Item wwwombat-com* . -Force Move-Item: Cannot create \u0026lsquo;C:\\Users\\David\\Documents\\wwwombat.com\\themes\u0026rsquo; because a file or directory with the same name already exists. PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt; dir Directory: C:\\Users\\David\\Documents\\wwwombat.com Mode LastWriteTime Length Name\nd\u0026mdash;- 5/24/2026 11:00 AM .github d\u0026mdash;- 5/24/2026 11:00 AM archetypes d\u0026mdash;- 5/24/2026 10:57 AM assets d\u0026mdash;- 5/24/2026 10:59 AM content d\u0026mdash;- 5/24/2026 10:57 AM data d\u0026mdash;- 5/24/2026 10:57 AM i18n d\u0026mdash;- 5/24/2026 10:57 AM layouts d\u0026mdash;- 5/24/2026 10:58 AM static d\u0026mdash;- 5/24/2026 11:22 AM themes d\u0026mdash;- 5/24/2026 11:49 AM wwwombat-com -a\u0026mdash; 5/24/2026 11:00 AM 188 .gitignore -a\u0026mdash; 5/24/2026 10:58 AM 112 .gitmodules -a\u0026mdash; 5/24/2026 10:58 AM 2675 hugo.yaml -a\u0026mdash; 5/24/2026 11:00 AM 1254 Makefile -a\u0026mdash; 5/24/2026 11:01 AM 1624 README.md PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt;\nClaude said: Most of it moved — just the themes folder conflicted because you already have one from when you ran git submodule add earlier. That top-level themes folder with PaperMod is the one you want to keep. Just clean up the leftover: powershellRemove-Item wwwombat-com -Recurse -Force Remove-Item wwwombat-com-scaffold.tar.gz -ErrorAction SilentlyContinue Now you should have a clean structure. Try it: powershellhugo server \u0026ndash;buildDrafts\nYou said: Alright, I think we\u0026rsquo;re there: PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt; Remove-Item wwwombat-com -Recurse -Force PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt; Remove-Item wwwombat-com-scaffold.tar.gz -ErrorAction SilentlyContinue PS C:\\Users\\David\\Documents\\wwwombat.com\u0026gt; hugo server \u0026ndash;buildDrafts WARN deprecated: project config key languageCode was deprecated in Hugo v0.158.0 and will be removed in a future release. Use locale instead. Watching for changes in C:/Users/David/Documents/wwwombat.com/archetypes, C:/Users/David/Documents/wwwombat.com/assets, C:/Users/David/Documents/wwwombat.com/content/{lab,posts,projects}, C:/Users/David/Documents/wwwombat.com/data, C:/Users/David/Documents/wwwombat.com/i18n, C:/Users/David/Documents/wwwombat.com/layouts, C:/Users/David/Documents/wwwombat.com/static/images, C:/Users/David/Documents/wwwombat.com/themes/PaperMod/assets/{css,js}, C:/Users/David/Documents/wwwombat.com/themes/PaperMod/i18n, C:/Users/David/Documents/wwwombat.com/themes/PaperMod/layouts/{_markup,_partials,_shortcodes} Watching for config changes in C:\\Users\\David\\Documents\\wwwombat.com\\hugo.yaml Start building sites … hugo v0.161.1-ea8f66a7ce988664dcc84c052fc96757042e2e4a+extended windows/amd64 BuildDate=2026-04-29T13:56:01Z VendorInfo=gohugoio WARN deprecated: .Language.LanguageDirection was deprecated in Hugo v0.158.0 and will be removed in a future release. Use .Language.Direction instead. WARN deprecated: .Language.LanguageCode was deprecated in Hugo v0.158.0 and will be removed in a future release. Use .Language.Locale instead. │ EN ──────────────────┼──── Pages │ 31 Paginator pages │ 0 Non-page files │ 0 Static files │ 0 Processed images │ 0 Aliases │ 8 Cleaned │ 0 Built in 225 ms Environment: \u0026ldquo;development\u0026rdquo; Serving pages from disk Running in Fast Render Mode. For full rebuilds on change: hugo server \u0026ndash;disableFastRender Web Server is available at http://localhost:1313/ (bind address 127.0.0.1) Press Ctrl+C to stop\nClaude said: It\u0026rsquo;s live! Open http://localhost:1313/ in your browser and you should see the WWWOMBAT homepage with PaperMod\u0026rsquo;s dark theme. The deprecation warnings are harmless — just Hugo renaming a config key in a recent version. Quick fix while the server is still running — open hugo.yaml in your editor and change: yamllanguageCode: \u0026ldquo;en-us\u0026rdquo; to: yamllocale: \u0026ldquo;en-us\u0026rdquo; Hugo\u0026rsquo;s live reload will pick it up instantly and the warning will disappear. The other two warnings are inside PaperMod\u0026rsquo;s templates — those will get fixed in a future PaperMod update and aren\u0026rsquo;t anything you need to touch. How\u0026rsquo;s it looking in the browser?\nYou said: Should I go ahead and update my windows hosts file to point wwwombat.com to 127.0.0.1?\nClaude said: I\u0026rsquo;d skip that — it\u0026rsquo;ll cause more headaches than it solves. You\u0026rsquo;d need to remember to remove it later when the real site goes live, and in the meantime any other device on your network or any tool that resolves wwwombat.com over DNS would get a different result than your workstation. Easy to forget, confusing to debug. Hugo\u0026rsquo;s dev server at localhost:1313 is the standard workflow and it handles live reload, draft rendering, and everything else you need. The baseURL in hugo.yaml only matters for production builds — it doesn\u0026rsquo;t affect local development. How\u0026rsquo;s the site looking in the browser?\nYou said: Looking pretty good. We\u0026rsquo;ve got a good framework going. Let\u0026rsquo;s add some style. You\u0026rsquo;d mentioned uploading my logos earlier in the conversation.\nClaude said: Right — the config is already wired up to look for your logo at static/images/wwwombat-logo.png for the homepage profile image, and static/images/wwwombat-og.png for social sharing previews. Go ahead and upload your logo here and I\u0026rsquo;ll get it sized and placed correctly. If you have the transparent PNG you\u0026rsquo;re using on your Open WebUI splash screen, that\u0026rsquo;s the one — it\u0026rsquo;ll sit perfectly on PaperMod\u0026rsquo;s dark background. If you have a wider/rectangular version too, that would work well for the Open Graph image (the preview card that shows up when someone shares your link on LinkedIn, Discord, etc.). If not, I can generate one from the square logo.\nYou said: Here are a couple that I\u0026rsquo;ve been using for my avatar\nClaude said: That logo is fantastic — the cyberpunk wombat with the neon green and code fragments is a strong brand identity. Let me get these sized for the site.That OG card will look sharp when someone shares your link on LinkedIn or Discord. Let me package the images for you to drop into your project:Extract this into your project root (C:\\Users\\David\\Documents\\wwwombat.com) and the files will land in the right places:\nstatic/images/wwwombat-logo.png — homepage profile image (400×400, optimized) static/images/wwwombat-og.png — social sharing preview card (1200×630) static/favicon.ico — browser tab icon static/apple-touch-icon.png — iOS bookmark icon\nSince your Hugo dev server is running with live reload, the logo should appear on the homepage as soon as the files land. The neon green on PaperMod\u0026rsquo;s dark background should look right at home. How\u0026rsquo;s it looking?Wwwombat site images.tarGZ\nYou said: Got the logo! Nice job I\u0026rsquo;ll paste a screenshot\nClaude said: That looks clean — the logo sits perfectly on the dark background, and the layout is already professional. The nav, buttons, social icons, footer — all working. One thing that would tie it together even more: right now PaperMod\u0026rsquo;s default accent color is a blue/teal, but your brand is that neon green from the logo. We could add a small custom CSS override to pull that green (#4ade80 or something closer to your logo\u0026rsquo;s exact shade) into the button borders, link hovers, and other accent elements. That way the whole site feels cohesive with the logo rather than the logo sitting on a generic theme. Want to dial in the color scheme next, or would you rather shift to content and start fleshing out that first blog post?\nYou said: Let\u0026rsquo;s dial in the color scheme, and consider making our font choice aligned with the cyberpunk / feel / on-brand\nClaude said: Got the exact colors from your logo. Now let me build the custom stylesheet:Drop that file into assets/css/extended/ in your project — PaperMod automatically loads any CSS files from that directory. With your dev server running, it should hot-reload immediately: powershell# Create the directory if it doesn\u0026rsquo;t exist yet mkdir -Force assets\\css\\extended\nThen move/copy the downloaded file there Here\u0026rsquo;s what the stylesheet does: Fonts — three typefaces, each with a job:\nRajdhani (headings, nav, buttons) — angular, geometric Indian typeface with a cyberpunk aesthetic. Used for WWWOMBAT title, section headers, and the nav buttons with uppercase + wide letter-spacing Space Grotesk (body text) — modern geometric sans-serif that reads clean at paragraph length but still feels tech-forward JetBrains Mono (code blocks, tags, breadcrumbs) — monospaced font built for developers, used anywhere code or technical metadata appears\nColors — pulled directly from your logo:\n#4EB067 (primary green) — links, accents, button borders, hover states #24AF4E (brighter green) — active/highlight states #6FD8C6 (visor cyan) — secondary accent, inline code text, link hovers Background shifted from PaperMod\u0026rsquo;s default gray-dark to #0a0e0b — a near-black with a subtle green tint, closer to OLED black\nDetails — neon green glow on button hover, subtle drop-shadow on the logo, green-tinted text selection highlight, branded scrollbar, post cards that light up green on hover. Refresh your browser and let me know how it looks — the difference should be dramatic.Wwwombat brandCode · CSS\nYou said: Looks way better! check out this screenshot:\nClaude said: That\u0026rsquo;s a huge difference from the stock theme. The Rajdhani uppercase on the buttons, the green accent pulling through from the logo, the deep dark background — it all reads as one cohesive brand now. Hover over the buttons and the logo too, the glow effects should be subtle but satisfying. You\u0026rsquo;ve got a solid foundation: site scaffolded, theme customized, logo placed, CI/CD pipeline ready, content structure in place. The next moves would be: To get it live on Cloudflare Pages (even before the domain transfer):\nCreate the GitHub repo and push Set up the Cloudflare Pages project + API secrets You\u0026rsquo;ll have a working site at wwwombat-com.pages.dev within minutes\nTo start building the content engine:\nFlesh out that first blog post (the draft is already stubbed with TODO markers) Click through the Lab, About, and Projects pages to review and tweak the copy\nStyling refinements if you want to keep polishing:\nCheck how the inner pages look (The Lab page with the ASCII diagram and tables would be a good test) Mobile responsiveness check\nWhere do you want to go from here?\nYou said: Let\u0026rsquo;s keep refining. Let\u0026rsquo;s also consider whether we want to brand this as wwwombat, since that\u0026rsquo;s my handle, or wwwombat technology, or wwwombat tech. I also want to see if there are any fonts we can use that give a nod to The Matrix, or anything more cyberpunk looking with out looking unprofessional.\nClaude said: Good questions — let me research fonts first, then we can see the branding options in context.Let me build you a visual comparison so you can see the options side by side with your actual brand name:Click through the brand name buttons at the top to see how each font handles the different lengths. You can also click a font row to tell me which one to apply. On the branding question, here\u0026rsquo;s my take: for the .com site (your research/portfolio), I\u0026rsquo;d lean toward just WWWOMBAT — it\u0026rsquo;s your handle, it\u0026rsquo;s punchy, it\u0026rsquo;s memorable, and it\u0026rsquo;s how people will know you online. Adding \u0026ldquo;Tech\u0026rdquo; or \u0026ldquo;Technology\u0026rdquo; to the personal brand side dilutes the identity. Save \u0026ldquo;WWWOMBAT Technology\u0026rdquo; or \u0026ldquo;WWWOMBAT Tech\u0026rdquo; for the .tech commercial site where enterprise formality matters. Troy Hunt\u0026rsquo;s site is just \u0026ldquo;Troy Hunt,\u0026rdquo; Miessler\u0026rsquo;s is just \u0026ldquo;Daniel Miessler\u0026rdquo; — the person is the brand on the research side. On fonts, the three strongest contenders for replacing Rajdhani as headings: Chakra Petch is the best all-rounder — it\u0026rsquo;s the cyberpunk UI font of choice (the Cyberpunk 2077 community uses it heavily), it comes in multiple weights so you have flexibility, and the tapered square cuts look aggressive without being unreadable. Professional enough for a CISO to take seriously. Share Tech Mono is the most direct Matrix nod — monospaced, terminal-aesthetic, every character equal width like the green rain. Only one weight though, so it works best as a display/logo font paired with something else for nav and body. Zen Dots is the most distinctive but risks crossing into gimmicky territory at small sizes. You could also mix: Share Tech Mono for the site title/logo only (the Matrix nod), Chakra Petch for headings and buttons (the cyberpunk workhorse), and keep JetBrains Mono for code blocks. Which direction speaks to you?\nYou said: I like the look of Orbitron — let\u0026rsquo;s use that for headings.\nClaude said: Good eye — Orbitron\u0026rsquo;s geometric precision gives \u0026ldquo;WWWOMBAT\u0026rdquo; a really distinctive look, especially with those circular counters. Let me update the stylesheet:Now let me tune the heading sizes — Orbitron is wider than Rajdhani so we need to adjust spacing to keep things balanced:Clean — all swapped. Let me get you the updated file:Replace the existing file at assets\\css\\extended\\wwwombat-brand.css with this one. Hugo\u0026rsquo;s live reload should pick it up instantly. Key changes from the Rajdhani version:\nOrbitron now drives all headings, the nav title, and the profile buttons Button font size dropped to 0.78rem and letter-spacing tightened to 0.04em — Orbitron\u0026rsquo;s characters are significantly wider so the old sizing would\u0026rsquo;ve made \u0026ldquo;TOOLS \u0026amp; PROJECTS\u0026rdquo; overflow Profile title pulled down to 2.2rem with 0.06em tracking Content headings (h2/h3/h4) stay uppercase (Orbitron really shines in caps) but are sized down progressively so they don\u0026rsquo;t overpower the body text Blog post h2s get extra margin-top to give sections breathing room\nCheck the homepage first, then click through to The Lab or the blog post draft — those pages will show you how Orbitron handles the content headings at different sizes. Let me know what you think.Wwwombat brandCode · CSS\nYou said: I like the look of Share Tech Mono — let\u0026rsquo;s use that for headings.\nClaude said: Let\u0026rsquo;s swap it in. Share Tech Mono only comes in one weight (400), so I\u0026rsquo;ll use size, spacing, and color to build the heading hierarchy instead of weight:Same drill — replace assets\\css\\extended\\wwwombat-brand.css and let it hot-reload. The design challenge with Share Tech Mono is that it only has one weight, so I can\u0026rsquo;t use bold vs. regular to create heading hierarchy like with the previous fonts. Instead, the hierarchy now works through three levers:\nSize — h2 at 1.25rem, h3 at 1.05rem, h4 at 0.92rem, each stepping down visibly Color — h3s render in your accent green, h4s in the muted secondary tone, so you can scan a page and immediately see the structure Border — h2s get a subtle bottom border to create clear section breaks in long posts\nThe monospaced character width also gives the whole site a terminal/hacker aesthetic that your logo\u0026rsquo;s code fragments (#66344c⚡, @/09) \u0026amp;=-0_/) already hint at. The nav title \u0026ldquo;WWWOMBAT\u0026rdquo; in wide-tracked mono should feel like it\u0026rsquo;s being typed into a console. The tradeoff versus Orbitron: Share Tech Mono is less \u0026ldquo;polished sci-fi\u0026rdquo; and more \u0026ldquo;operator at a terminal\u0026rdquo; — which honestly might be more authentic to who you actually are and what this site is about. Drop it in and let me see a screenshot.Wwwombat brandCode · CSS\nYou said: I like it. I was stuggling to find the right description, but I think you nailed it: operator at a terminalI do want to have this updated so that the landing page says wwwombat tech, not just wwwombat. Does that make sense?\nClaude said: Makes total sense — \u0026ldquo;WWWOMBAT\u0026rdquo; in the nav bar as the site identity, \u0026ldquo;WWWOMBAT TECH\u0026rdquo; as the big statement on the landing page to signal that this isn\u0026rsquo;t just a personal blog, it\u0026rsquo;s a technology brand. That\u0026rsquo;s a one-line change in hugo.yaml. Find the profileMode section and update the title: yaml profileMode: enabled: true title: \u0026ldquo;WWWOMBAT TECH\u0026rdquo; Leave the top-level title: \u0026ldquo;WWWOMBAT\u0026rdquo; alone — that controls the nav bar and browser tab. The profile title is just what renders on the homepage splash. Hugo\u0026rsquo;s live reload should pick it up the instant you save. How\u0026rsquo;s it look?\nYou said: Looks great! What do you think about this, I\u0026rsquo;m thinking we need to match the white WWWOMBAT TECH and tag line with the same green colors.\nClaude said: Agreed — the white title and subtitle feel disconnected from the rest of the green brand identity. The profile title should already be green from the CSS (color: var(\u0026ndash;accent)), but PaperMod\u0026rsquo;s default styling is likely overriding it. Quick fix — update these two rules in your wwwombat-brand.css: Find the profile section and change it to: css.profile-title { font-size: 2rem; color: var(\u0026ndash;accent) !important; letter-spacing: 0.1em; }\n.profile-subtitle { font-family: \u0026lsquo;Space Grotesk\u0026rsquo;, sans-serif; font-weight: 300; letter-spacing: 0.02em; color: var(\u0026ndash;accent) !important; opacity: 0.7; } The !important forces it past PaperMod\u0026rsquo;s defaults, and the opacity: 0.7 on the subtitle gives it a slightly softer green so there\u0026rsquo;s still visual hierarchy between the title and tagline without introducing a different color. Save and it should hot-reload instantly.\nYou said: Hmm. Here\u0026rsquo;s the .css file with the changes, but it didn\u0026rsquo;t apply when I refreshed the page\nClaude said: PaperMod likely uses a different selector than .profile-title for the homepage heading. Let me check the actual HTML structure:Found it. PaperMod doesn\u0026rsquo;t use a .profile-title class — it\u0026rsquo;s a plain inside .profile_inner, and the subtitle is a bare . Update these two rules in your CSS: css/* ── Profile / Home Page ── */ .profile_inner h1 { font-size: 2rem; color: var(\u0026ndash;accent) !important; letter-spacing: 0.1em; }\n.profile_inner span { font-family: \u0026lsquo;Space Grotesk\u0026rsquo;, sans-serif; font-weight: 300; letter-spacing: 0.02em; color: var(\u0026ndash;accent) !important; opacity: 0.7; } Note the underscore in profile_inner — PaperMod uses underscores, not hyphens. That\u0026rsquo;s why the old selectors weren\u0026rsquo;t matching anything.\nYou said: Awesome, that did it.\nClaude said: That\u0026rsquo;s looking cohesive now — the green title flows right out of the logo\u0026rsquo;s color palette, and the softer opacity on the subtitle creates a clean hierarchy without introducing a second color. \u0026ldquo;WWWOMBAT TECHNOLOGY\u0026rdquo; in Share Tech Mono with that letter-spacing has a really strong presence. I notice you went with \u0026ldquo;TECHNOLOGY\u0026rdquo; instead of \u0026ldquo;TECH\u0026rdquo; — honestly that works better with the monospaced font. The extra characters fill out the line width nicely and feel more authoritative. You\u0026rsquo;ve got a solid branded homepage now. Good stopping point to think about where to go next — want to:\nCheck the inner pages — click through to The Lab or About and see how the content headings, code blocks, and body text look with the new fonts Push to GitHub and get it live on the *.pages.dev subdomain Start writing — flesh out that first blog post draft Something else you\u0026rsquo;ve been thinking about\nWhat\u0026rsquo;s calling to you?\nYou said: OK, this is a great place to pause. Let me ask your opinion, should we carry the green font color throughout all the pages and various menu sections too?\nClaude said: My honest opinion: don\u0026rsquo;t. Right now the green works because it\u0026rsquo;s strategic — it pops on the title, the buttons, the links, and the hover states precisely because the surrounding text is that muted gray-white. If everything turns green, nothing reads as green anymore. It just becomes \u0026ldquo;the color of the site\u0026rdquo; and loses its punch. Think about your logo — the neon green hits hard because it\u0026rsquo;s surrounded by deep black. Same principle applies to the typography. The contrast between the muted #c4cec7 content text and the #4EB067 accent green is what makes the interactive elements and headings feel alive. A CISO scanning your Lab page should see their eye naturally drawn to the section breaks and links, not wade through a wall of uniform green. Where I would add a bit more green is on the inner page titles — when someone lands on \u0026ldquo;THE LAB\u0026rdquo; or \u0026ldquo;ABOUT,\u0026rdquo; that h1 could be green to match the homepage treatment. That\u0026rsquo;s already partly handled by the heading styles, but worth checking when you click through those pages. The nav links I\u0026rsquo;d leave as-is: white at rest, green on hover. That transition is part of the interactive feedback that makes the site feel responsive. Good instinct to ask before committing though — it\u0026rsquo;s the kind of thing that\u0026rsquo;s easy to overdo and hard to undo once you\u0026rsquo;re used to it. Take a break, come back to it fresh, and see if it still feels right as-is. I think it will.\nYou said: I\u0026rsquo;m thinking I may need to purchase wwwombat-tech.com and possibly wwwombat-technology.com. Am I getting ahead of myself here?\nClaude said: A little bit, yeah. Here\u0026rsquo;s the practical test: are you losing traffic or brand protection by not owning them right now? wwwombat.tech already covers the commercial brand. The .tech TLD is where your enterprise identity lives, and it\u0026rsquo;s what you\u0026rsquo;ll put on business cards, LinkedIn, and pitch decks. Nobody searching for your consulting brand is going to type wwwombat-tech.com — they\u0026rsquo;ll either click a link you gave them or Google \u0026ldquo;wwwombat tech\u0026rdquo; and find whichever domain you\u0026rsquo;ve built SEO on. Defensive registration makes sense for established brands protecting against squatters or typosquatting. You\u0026rsquo;re pre-revenue, pre-launch, and operating under a pseudonym. The realistic risk of someone snapping up wwwombat-tech.com to impersonate your consulting practice is essentially zero right now. When it would make sense to grab them: once you\u0026rsquo;re actively taking clients and your brand has enough visibility that someone could plausibly squat on a variant to redirect or confuse your prospects. That\u0026rsquo;s a problem for after you\u0026rsquo;ve launched both sites, published content, and started building a reputation — not today. For now, your two domains map cleanly to your two-site strategy. Spend the registration money on something that moves the project forward — even a month of Anthropic API credits for your LiteLLM gateway would be a better investment than defensive domains you\u0026rsquo;d just redirect. Come back to this question in six months when you\u0026rsquo;ve got traffic and clients. You\u0026rsquo;ll know if you need them by then.\nYou said: OK, so I\u0026rsquo;ve got $25 worth of Anthropic API credits already. What I think I would possibly benefit from later, is getting Claude Code installed on FLOKI. Can we discuss how I might benefit from leveraging that in my current workflow?\nClaude said: Absolutely worth discussing. Here\u0026rsquo;s how Claude Code maps to what you\u0026rsquo;re actually building: Where it would immediately help you: Your workflow right now spans Hugo site development, Python tooling (NVD CVE tool, filter functions, syslog scripts), Docker Compose configs, and shell automation across your homelab. Claude Code\u0026rsquo;s value over this chat interface is that it operates directly in your filesystem — it reads your entire project, edits multiple files in one pass, runs tests, and iterates on failures without you copy-pasting code back and forth. Think about what we just did with the CSS: you had to download a file, place it manually, screenshot the result, paste errors back. With Claude Code running in your terminal on FLOKI, that whole cycle collapses. Concrete examples from your current project list: Hugo site iteration — You could point Claude Code at your wwwombat-com directory and say \u0026ldquo;update the CSS to swap Rajdhani for Share Tech Mono, adjust all sizing for a single-weight monospaced font, and rebuild.\u0026rdquo; It reads hugo.yaml, the CSS, the PaperMod templates, makes all the edits, and runs hugo to verify the build passes — in one shot. Python tool development — \u0026ldquo;Read my NVD CVE query tool, add date-range filtering with proper ISO 8601 timestamps, fix the http2 bug, and add error handling.\u0026rdquo; It sees your full codebase, makes the changes, runs the script to test, and iterates if something breaks. Docker stack management — \u0026ldquo;Add a LiteLLM container to my docker-compose.yml with a hard spending budget, connect it to my Ollama backend, and create a test script to verify the proxy routes correctly.\u0026rdquo; It edits the compose file, creates the test script, and can run docker compose config to validate. Homelab automation — Shell scripts, cron jobs, Proxmox CLI commands. \u0026ldquo;Write a backup script that snapshots my AI VM, prunes snapshots older than 7 days, and logs results.\u0026rdquo; Where it\u0026rsquo;s less useful: Pure content writing (blog posts, about pages) — this chat interface is better for that kind of collaborative, conversational work. The cost question is real though. Claude Code with Opus 4.6 leads on SWE-bench Verified at 80.9%, but Opus burns through API credits fast on complex tasks. Your $25 would go further if you configure it to use Sonnet for routine work and only escalate to Opus for harder problems. That\u0026rsquo;s actually a setting you can control. Requesty For installation, you\u0026rsquo;d need Node.js on FLOKI, then it\u0026rsquo;s just npm install -g @anthropic-ai/claude-code. Want me to walk through the setup, or are you saving this for a future session?\nYou said: OK, if we go this direction later today, I think it might be cool to blog about my experience with the transition from browser based work-flows to Claude Code / CLI based work flow. Thoughts?\nClaude said: That\u0026rsquo;s a great post idea — and it\u0026rsquo;s exactly the kind of content that performs well in the spaces you\u0026rsquo;re trying to reach. The developer and homelab communities on Reddit, Hacker News, and DEV.to love \u0026ldquo;here\u0026rsquo;s how I actually use this tool\u0026rdquo; posts over generic tutorials, and there\u0026rsquo;s a natural narrative arc here: you started this entire site build in a browser conversation, hit friction points (downloading files, copy-pasting CSS, screenshotting results), and then shifted to a terminal-first workflow where the agent operates directly in your project. That\u0026rsquo;s a real before-and-after story, not a manufactured one. It also doubles as proof-of-work for your consulting brand. A prospective client reading \u0026ldquo;WWWOMBAT Technology\u0026rdquo; and seeing a post where you critically evaluate AI-assisted development workflows — including the tradeoffs, not just the hype — signals that you actually understand this tooling at a practitioner level, not just a slide-deck level. A rough angle that might work: frame it less as a product review and more as a workflow comparison. Something like \u0026ldquo;Browser AI vs. Terminal AI: What Changed When I Moved My Dev Workflow to the CLI.\u0026rdquo; Document the same task done both ways, where each approach wins and loses, and what you\u0026rsquo;d recommend for different use cases. That\u0026rsquo;s more useful to readers than \u0026ldquo;Claude Code is great\u0026rdquo; and it positions you as someone who thinks critically about tooling choices. You\u0026rsquo;re also living the content strategy we outlined earlier — building the site is generating the blog material. The meta-narrative practically writes itself. Want me to stub out a draft post for it alongside the first one, so it\u0026rsquo;s ready when you\u0026rsquo;ve got the CLI experience to fill it in?\nYou said: Yes, please do so\nClaude said: Drop that into content\\posts\\ alongside the first draft. It\u0026rsquo;s set to draft: true so it won\u0026rsquo;t build into the public site until you\u0026rsquo;re ready. The structure is designed so you can fill it in as you go — do the Claude Code install, try the same kinds of tasks we did today, and fill in the TODO sections with real observations and real numbers. The side-by-side comparison section is the heart of the post: concrete tasks, actual timings, honest tradeoffs. That\u0026rsquo;s what makes it useful rather than promotional. One thing to note while it\u0026rsquo;s fresh: this conversation is your source material for the \u0026ldquo;browser workflow\u0026rdquo; half of the post. You might want to save or export this chat so you can reference the actual friction points when you write it up — the tarball extraction nesting, the CSS selector mismatch, the font download iterations. Those specific details are what make the comparison credible. You\u0026rsquo;ve now got two draft posts queued up, a fully branded site running locally, and a CI/CD pipeline ready to go. When you\u0026rsquo;re ready to pick back up — whether that\u0026rsquo;s Claude Code setup, pushing to GitHub, or writing — just jump in.Browser ai vs terminal aiDocument · MD\nYou said: How do we export the chat?\nClaude said: Two options, depending on how polished you need the output: Built-in export (all conversations, JSON): Click your initials in the lower left corner, select \u0026ldquo;Settings,\u0026rdquo; navigate to the \u0026ldquo;Privacy\u0026rdquo; section, and click \u0026ldquo;Export data.\u0026rdquo; You\u0026rsquo;ll receive a download link via email. The catch is that this exports everything as JSON in a ZIP file — not exactly easy to read or reference for blog writing. Troy Hunt For just this conversation in a usable format, the quickest path is the free Chrome extension AI Chat Exporter — it lets you save Claude chats as Markdown, Text, JSON, or PDF. Markdown and Text exports are unlimited, PDF is free 3 times per day. You\u0026rsquo;d install it, open this conversation, click Export, and save as Markdown — which you could then drop right into your Hugo content directory as reference material while you write the post. Cloudflare Given that you\u0026rsquo;re building a blog in Markdown anyway, exporting this chat as .md is probably the most useful format. You\u0026rsquo;d have the full conversation history — including all the friction points, the PowerShell \u0026amp;\u0026amp; error, the nested directory issue, the CSS selector mismatch — all searchable and quotable when you write the comparison post.\n","permalink":"https://wwwombat-com.pages.dev/posts/domain-strategy-for-wombat-websites/","summary":"\u003ch1 id=\"domain-strategy-for-wombat-websites\"\u003eDomain strategy for wombat websites\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eYou said\u003c/strong\u003e:\nGood morning!  Let\u0026rsquo;s explore ideas for a public website that aligns with my goals for wwwombat.tech.  I own two domains:  wwwombat.com and wwwombat.tech.  Would one be more suitable for research and public tools, and the other domain be more oriented towards commercial sales?  Help me explore some ideas based on what you know about me and this project so far.\u003c/p\u003e\n\u003chr\u003e\n\u003cp\u003e\u003cstrong\u003eClaude said\u003c/strong\u003e:\nGood morning! This is a great strategic question, and your two domains give you a natural split that a lot of solo founders wish they had from the start.\nHere\u0026rsquo;s how I\u0026rsquo;d think about the division:\nwwwombat.tech → the commercial front door. This is already where you\u0026rsquo;ve anchored your brand identity — your Open WebUI is white-labeled to it, your consulting vision lives here. The .tech TLD signals professional capability to enterprise buyers. This domain should be the polished, conversion-oriented site: who you are, what you offer, case studies, a contact/booking flow. Think of it as the site a CISO or IT director lands on when evaluating whether to bring you in.\nwwwombat.com → the public-facing lab and reputation engine. The .com carries universal credibility and is easier to share casually. This is where you publish the work that earns the consulting engagements: writeups of your homelab architecture, tool demos, CVE analysis walkthroughs, open-source utilities (like your NVD tool or filter functions), maybe a blog tracking your build-in-public journey. It\u0026rsquo;s your technical portfolio and content marketing engine rolled into one.\nThe strategic logic is that .com builds your audience and credibility (people find you through your research), and .tech converts that credibility into revenue (people hire you through your services page). Each domain links to the other, but they serve different visitors at different stages.\nA few concrete ideas for each:\nFor wwwombat.tech, the commercial site could feature a clean services page (AI infrastructure consulting, private deployment architecture, security log analysis pipelines), a \u0026ldquo;how it works\u0026rdquo; section showing your hybrid local/cloud approach without giving away the keys, and eventually client testimonials or anonymized case studies. Even a simple single-page site with a Calendly embed would be a strong start while you\u0026rsquo;re still in school.\nFor wwwombat.com, the research/portfolio side could host things like an interactive version of the implementation report you just shared (sanitized, of course), tool releases or demos, a blog with posts like \u0026ldquo;How I built a zero-cost private AI lab on consumer hardware\u0026rdquo; or CVE deep-dives. This is the kind of content that gets shared on Reddit, Hacker News, and LinkedIn — which is exactly how independent consultants build pipeline without a sales team.\nOne thing worth considering: you could start with just one site and redirect the other domain to it until you have enough content to justify both. Given where you are right now — still building the stack, still in school — I\u0026rsquo;d probably launch wwwombat.com first as the portfolio/blog, since publishing technical content is how you\u0026rsquo;ll start building a reputation. Then stand up wwwombat.tech as the commercial site once you\u0026rsquo;re closer to actively taking clients.\nWant to dig into the structure or content strategy for either site, or talk about the tech stack for building them?\u003c/p\u003e","title":""},{"content":"I\u0026rsquo;m wwwombat — a cybersecurity student, homelab builder, and aspiring enterprise AI consultant.\nI built this site to document what happens when you take consumer hardware, open-source AI models, and a security-first mindset and try to build something that rivals managed cloud services — without handing your data to anyone.\nWhat I\u0026rsquo;m Building WWWOMBAT.tech is the commercial side: enterprise AI consulting focused on helping organizations deploy private, governed AI infrastructure. The kind of setup where sensitive data never leaves your perimeter.\nThis site (wwwombat.com) is the lab notebook. I write about what I\u0026rsquo;m building, what broke, what I learned fixing it, and the tools I\u0026rsquo;m releasing along the way.\nThe Stack Everything I write about here runs on real hardware I own and operate. The core platform is a self-hosted AI execution environment built on Proxmox, with GPU-accelerated local inference, hardened container orchestration, and zero-trust edge access. No cloud dependencies for core operations.\nMore details on the Lab page.\nConnect GitHub: github.com/wwwombat Commercial inquiries: wwwombat.tech ","permalink":"https://wwwombat-com.pages.dev/about/","summary":"Who (or what) is wwwombat?","title":"About"},{"content":"This page is a living reference architecture for the wwwombat lab — a fully self-hosted, private AI execution environment and cybersecurity analysis pipeline running on consumer hardware.\nThe core objective: zero-cost, 100% private local inference for processing sensitive data assets like security logs, vulnerability maps, and custom source code — bridged with governed cloud infrastructure only when local VRAM ceilings demand it.\nLast updated: May 2026\nDeployment Topology ┌─────────────────────────────────────────────────┐ │ Bare Metal: Ryzen 9 · 32GB RAM · RTX 3080 Ti │ │ ┌───────────────────────────────────────────┐ │ │ │ Proxmox VE (Hypervisor) │ │ │ │ ┌─────────────────────────────────────┐ │ │ │ │ │ Ubuntu 24.04 VM (Headless) │ │ │ │ │ │ GPU Passthrough (PCIe/IOMMU) │ │ │ │ │ │ ┌──────────┐ ┌──────────────────┐ │ │ │ │ │ │ │ Ollama │ │ Open WebUI │ │ │ │ │ │ │ │ (LLM) │ │ (Interface) │ │ │ │ │ │ │ └──────────┘ └──────────────────┘ │ │ │ │ │ │ ┌──────────┐ ┌──────────────────┐ │ │ │ │ │ │ │ SearXNG │ │ Kokoro TTS │ │ │ │ │ │ │ └──────────┘ └──────────────────┘ │ │ │ │ │ └─────────────────────────────────────┘ │ │ │ └───────────────────────────────────────────┘ │ │ │ │ │ Cloudflare Zero Trust Tunnel │ └───────────────────────┬─────────────────────────┘ │ Encrypted Edge (No open ports) Infrastructure Layers Hypervisor Proxmox VE running on dedicated bare-metal hardware. IOMMU enabled at firmware level for hardware isolation groups. All management access locked to internal network addresses with Linux PAM authentication.\nCompute VM A single headless Ubuntu Server 24.04 VM with dedicated CPU core bindings, pinned memory allocations, and direct PCIe passthrough of the physical GPU. No desktop environment — server-grade NVIDIA drivers only, validated via nvidia-smi.\nContainer Stack Docker Engine with nvidia-container-runtime bridging containerized workloads directly to GPU tensor cores. The stack is managed via a single docker-compose.yml blueprint in a dedicated project directory.\nActive containers:\nOllama — Local LLM inference engine with full GPU acceleration Open WebUI — White-labeled browser interface (WWWOMBAT.tech branding) SearXNG — Private metasearch engine for RAG pipelines Kokoro TTS — Local text-to-speech synthesis Edge Access Cloudflare Zero Trust Tunnel routes encrypted sessions directly into the container stack. No ports are forwarded on the local network perimeter. External access is authenticated through Cloudflare Access policies.\nModel Inventory Model Role Use Case Llama 3 (8B, quantized) Generalist baseline Log triage, sysadmin parsing, incident documentation DeepSeek-Coder (6.7B) Code analyst Script auditing, firewall policy parsing, syntax checking Dolphin-Llama Red team assistant Threat modeling, penetration test conceptualization nomic-embed-text Embedding engine Local text vectorization for search pipelines Data Hygiene A custom programmatic filter function intercepts all uploads before they reach model inference or persist to the database. The middleware uses Python regex patterns to automatically scrub administrator credentials, VPN pre-shared keys, serial numbers, and license keys — replacing them with generic mask tags in transit.\n[User Upload] → [Filter: Regex Scrubber] → [Masked Tokens] → [LLM Inference] → [Clean Data] → [Local DB] Roadmap LiteLLM Gateway — Hybrid architecture for cloud API fallback with hard spending budgets Isolated Attack Range — Air-gapped virtual network (vmbr1) with Kali Linux + vulnerable targets for payload testing and log generation SSO Consolidation — GitHub OAuth-backed authentication across all lab nodes This page is periodically updated as the lab evolves. For the full technical deep-dive on any component, check the blog.\n","permalink":"https://wwwombat-com.pages.dev/lab/","summary":"A living document of the wwwombat private AI \u0026amp; cybersecurity sandbox.","title":"The Lab"},{"content":"Open-source tools and utilities built during lab operations. Everything here is available on GitHub.\nNVD CVE Query Tool A Python utility for querying the NIST National Vulnerability Database API. Includes date-range filtering, proper ISO 8601 timestamp handling, and HTTP/2 compatibility fixes for environments where h2 causes issues.\nStack: Python · NIST NVD API v2.0 Status: Active View on GitHub →\nOpen WebUI Filter Functions Programmatic middleware for sanitizing sensitive data before it reaches LLM inference. Uses regex pattern matching to scrub credentials, PSKs, serial numbers, and license keys from uploads in transit.\nStack: Python · Open WebUI Filter API Status: Active View on GitHub →\nAI Stack Docker Compose Production-grade docker-compose.yml blueprint for deploying a local AI inference stack with GPU acceleration: Ollama, Open WebUI, SearXNG, and supporting services.\nStack: Docker · NVIDIA Container Runtime · Cloudflare Tunnel Status: Active View on GitHub →\nMore projects shipping as the lab grows. Watch the GitHub or subscribe to the blog for updates.\n","permalink":"https://wwwombat-com.pages.dev/projects/","summary":"Open-source tools and projects from the wwwombat lab.","title":"Tools \u0026 Projects"}]