A lot of this would be geared towards Indian banks and the Indian financial ecosystem.

Basics

Understanding how we lose accumulated value over time, and how to prevent it is critical to long term growth.

Inflation

Inflation: Inflation is a general increase in the prices of goods and services in an economy (wikipedia)

Understanding inflation is fundamental before we proceed. Assume you could buy all your necessitates today for ₹100, if the inflation of india is at 5%, that means that the same set of goods will be costing you ₹105 next year.

Which means

• If you did not get a hike from last year to this year, you are theoretically working for cheaper
• Money sitting in the Safe box is actually losing value over time
• If your bank account gives a return of 3% while the rate of inflation is around 5. Then you are still losing money overtime

So to actually increase value over time (not money, since money itself is not an accurate representation of value) you would need to invest in a financial instrument whose returns are higher than inflation.

Taxes

Taxes are the amount you pay to the government so that the government can share amenities back to the public. The sad part is that the tax paying group in India is extremely small.

The higher earning & salaried segment end up paying a lot of taxes. If you are in the “>15 lakhs per year” earning category, then the tax is pretty much 30% flat.

3 months out of the 12 months you work in an year is for the government

For any investment, it can be taxed at two distinct places.

• On the investment (Principle investment)
• On the interest/gains earned

Let us say for suppose a person had invested 10k in mutual funds. And the style of the fund is in the IDCW (formerly called dividends) plan. Which means he/she will get back the dividends to the account instead of it going back into the fund and compounding. Let us say he/she earned 1k in gains for a given year. This would mean that the income tax slab applies on the capital gains too.

There are also taxes to central government (CGST) & state government (SGST) which are paid on what you buy & use. For example: road tax, water tax, professional tax etc.. Which cannot be avoided.

Remember that the effective interest rate of an investment should be calculated post tax deductions, an interest rate of 6% is actually 4.2% post 30% taxation.

Financial instruments for investing

Financial instrument	Principle investment	Capital Gains	Approx. Average returns (as of Aug 2022)	Liquidity aspect	Interest type, frequency
Public Provident Fund	Exempt (Section 80C limit)	Exempt		Partial withdrawal	Accrual, half yearly
National savings certificates	Exempt (Section 80C limit)		~6.8	No liquidity	Accrual, half yearly
National pension system	Exempt (Section 80CCD limit)	Exempt	Market rate	Partial withdrawal after certian period
General Provident Fund	Exempt (Section 80C limit)		8.10%	Partial withdrawal	Accrual, half yearly
Tax free bonds		Exempt	Issue rate (5-8%)	Through stock market	To account, Yearly payment
Bank Fixed Deposits			5-7%	On demand	Accrual/(Monthly
Bank Tax saver	Exempt (Section 80C limit)		5-8%	After completion of 5 years	Accrual/(Monthly
Mutual funds			stock market driven	On demand
ELSS mutual funds	Exempt (Section 80C limit)		stock market driven	After 3 years, computed from buy date
Equity			stock market driven	On demand
RBI bonds			7% (NSE + 0.35%)	7 years, half yearly interest payment to bank account	To account, half yearly payment
Real Estate Investment Trust (REIT) units			90% of the surplus income distributed as dividend every quarter	On demand through stock exchange	To account, quaterly dividend
Housing loan	Exempt (Section 80C limit)	Exempt (Upto 2.5 lakhs)
Insurance	Exempt (Section 80C limit)
Corparate fixed deposits			7-8%	No liquidity until tenure	Accrual or monthly/quaterly

Personal Finance Setup

I currently use

• HDFC account as my primary account
• PhonePe for all the UPI transactions
• Zerodha Kite/Coin for Stocks/Mutual funds
• Amazon pay credit card (very rarely, since there is usually a 5% discount in amazon if this is used)

I’ve been experimenting with a Double entry ledger system called Beancount. It’s a beautifully designed software which works out of plain text files.

The csv bank statements are downloaded and imported into beancount using a HDFC bank statement importer I’ve written for myself. It uses keywords in the narration to classify transactions.

I wish life was easier for personal finance management and data exports in general. The state of personal data & infrastructure is sad.

Bank feature matrix

For data interoperability, I would like some basic features around data. Ideally having APIs would be awesome, but we currently do not have APIs for any Indian banks.

Bank Name / feature	Tabular transactions statement (CSV or Excel)	UPI remark in narration	Instant virtual card on account creation	Unique transaction reference number in bank statement
DBS	Yes, 90 days per download & of 18 months in the past. CSV is actually an excel file with wrong file ext.	No	?	?
HDFC bank	Yes, can download excel year by year. For the last 5 years.	Yes	?	Yes
Union bank	Yes, can download excel year on year. Does not seem like there is cap for the past	No	?	?
Fi Bank	No, only PDF	Yes	Yes	?
Jupiter	No, only PDF	Yes	Yes	?

This is a sample, if you feel like there needs to be more features in the matrix. Ping me and we will talk.

Notes

• Whenever making transactions in UPI, make sure you have some notes in the corresponding UPI app. This will later show up in the bank statement. Otherwise, the bank statement narration would be unrecognizable, you wouldn’t want Transferred 500 to 12412234141, the same narration would show up as Transferred to 12412234141, food if there was a comment. Using tags is a good idea if you want to parse it later. Note that all banks do not do this, refer to the feature matrix above.
• There does not seem to be a way to look up UPI IDs in the bank statement
• Subscriptions tend to add-up pretty quickly if not carefully looked into. Make sure all of this is being budgeted.
• Try to buy things only after having a plan to give away / sell the other thing in hand. Do not hold multiple of the same type. For example, if you are planning to buy a new phone, exchange the current one to get the new one.

This aspires to be the go to guide when starting up a infra stack from scratch. If you feel any other important piece is missing, feel free to message me on either telegram or mail

Let’s say you have your own shiny new web server ready and you now want to deploy this to a production grade, highly reliable & durable infrastructure setup. So like all the big players, you choose AWS. And before we can start thinking about the server, we’ll need to first start from the foundation. The network stack.

The Network Stack

The network is where all infra foundations are built on and based out off. Let’s start with the most fundamental block, the VPC.

Virtual Private Cloud

The service needs a network to run on. AWS calls your own bubble of network a Virtual Private Cloud, VPC in short. The idea of the VPC is very simple, you can group a certain set of IPs and setup all your services inside that bubble. This is great because you can truly isolate services at a network level. which means if a service is trying to access another instance which is private in another bubble, it will never be able to. So you can have multiple network bubbles for different services or environments.

Apparently in 2006 AWS launched EC2 instances, and companies started raising concerns on security, isolation & privacy. This lead into AWS launching their own logically separated isolated network units in 2009 with a guarantee that there will be no overlap in VPC unless explicitly configured.

But how do we define this bubble? We start by selecting a large range of IPs. People do this by making use of CIDRs (Classless Inter-Domain Routing). Let’s zoom out a bit. Every server runs with an IP. An example IP would be 10.0.0.1. What if you want to select a whole range of IPs? it would be cool to say 10.0.x.x where x can range between 0 to 255. That’s exactly what CIDR does. All IPv4’s are 32 bit. 255.255.255.0 in binary reads to be 11111111.11111111.11111111.00000000, so 255.255.255.0/24 masks the first 24 bits, which makes everything from 255.255.255.0 to 255.255.255.255 valid. But not 255.255.225.0.

With this tool, we can now define a range of IPs which fall into the VPC.

Sub nets

Now that the VPC is defined, we’ll create smaller bubbles with very strong properties. These properties enable us to draw strong boundaries and make sure wrong configurations don’t backfire. Inside the VPC, we can further create divisions called subnets. Subnet’s as the name implies, are sub networks inside the VPC. We’ll again use the CIDR notation to borrow some IPs into the subnets.

For example, if the VPC is 10.0.0.0/16 (that is 65536 IPs in the block!), subnet’s could be 10.0.0.0/20 (4096 IPs), 10.0.16.0/20(4096 IPs), 10.0.160.0/20(4096 IPs) etc.. The suggestion is to create one sub net per availability zone. The reason for this is that if for some reason in Hyderabad on AZ (availability zone) goes down because of a natural calamity or unforeseen circumstances, the other AZ in Hyderabad will still continue to function.

Why do all this? Well we can make our subnet’s respect some boundaries. We can create 3 sub nets (one per AZ) and decide them to be public facing and 3 sub nets which are private facing. Inhernetly a subnet anyways is private, we inculcate these properties into the subnets by setting up the route tables.

Route tables

Probably the most straight forward idea here. The route tables decide how the network traffic should be routed in a particular bubble of network. We’ll use the route tables to enforce the properties of the sub nets.

NAT gateway

NAT stands for Network Address Translation. We’ll setup our private sub nets traffic to go through the NAT gateway. The property of a NAT gateway is such that it only allows outgoing network requests and the corresponding responses. But no incoming.

This is a great idea for a couple of reatsons. The first being that all the traffic in that sub net will be routed through a single point. This means any client / service provider wants to whitelist an IP so that you can hit their servers peacefully? Just share the NAT gateway IP and you are sorted. Second is that all the external traffic can be now measured and analyzed thoroughly basis from IP, to IP, packet size etc.. . Third is obviously that the private sub net stays private.

So, in the route tables. we’ll connect the private sub nets to a NAT gateway so that under no circumstance if a server is started in a private sub net, it can be accessed directly from outside.

Side note: NAT is billed per GB sent & the NAT running cost per hour. on top of this, if packets are sent across AZs. The bill is higher. NAT’s get pretty expensive pretty fast. Use with care.

Internet gateway

Some instances require two way traffic. For example, maybe you would want to deploy an instance and directly expose it out to the public. That might not be a good idea if you are exposing a service to a large set of customers, but not really a bad idea for an internal service for an organization.

Internet gateway allows traffic both ways into the sub net. So if an instance is in the public sub net with a static IP, users can directly hit the static IP. And also if the instance wants to reach out to the public internet, internet gateway allows that as well. With this, the public sub net is actually public. So without an internet gateway, no IPs will ever be exposed from the VPC.

With this, we finally wrap up setting up the foundation of the network infrastructure. On top of this we now will deploy applications.

---

Network Stack with Infrastructure as code

The same in AWS CDK code would be

const envDetails = {account: "<accountId>", region: "ap-south-1"};  
const vpcName = 'uat-vpc'  
  
export class NetworkStack extends cdk.Stack {  
    constructor(scope: Construct, id: string, props?: cdk.StackProps) {  
        super(scope, id, props);  
  
        new cdk.aws_ec2.Vpc(this, "vpc", {  
            vpcName: vpcName,  
            availabilityZones: ['ap-south-1a', 'ap-south-1b', 'ap-south-1c'],  
            ipAddresses: cdk.aws_ec2.IpAddresses.cidr('10.0.0.0/16'),  
            createInternetGateway: true,  
            enableDnsHostnames: true,  
            enableDnsSupport: true,  
            natGateways: 1,  
            ipProtocol: IpProtocol.IPV4_ONLY,  
            subnetConfiguration: [{  
                subnetType: SubnetType.PUBLIC,  
                name: 'public',  
                mapPublicIpOnLaunch: false,  
                cidrMask: 24,  
            }, {  
                subnetType: SubnetType.PRIVATE_WITH_EGRESS,  
                name: 'private',  
                cidrMask: 24,  
            }],  
        });  
    }
}
const app = new cdk.App();
new NetworkStack(app, "NetworkStack", {env: envDetails});

This construct sets up 3 public sub nets, three private sub nets, configures an internet gateway, NAT gateway with three AZ’s.

---

The Application Stack

This is for constant / persistent load. For burst load, the recommended path is to deploy via lambdas.

Now that the base is built, let’s build the application stack on top.

There are some basics requirements for our application stack

• Versioned application artifacts
• Deploy application code
• Auto scaling based on metrics
• Logging and monitoring
• Blue green deployment with zero downtime’s. We don’t want the instances to restart all at once and because of that the application would be unresponsive for a brief period of time.

We’ll be using docker. Using docker as a packaging format has some great advantages like

• Runs everywhere including on macOS, Linux, Windows etc..
• Easy to store, a lot of infra is already built around storing and pulling docker images
• Platforms built to support docker also pipe logs, metrics etc.. comes nicely out of the box
• Auto scaling up & down will be easier since we are operating in the container territory and not on bare metal. AWS deploys images to a service called Elastic Container Service, which has a whole host of these pre-built features. So we’ll just be using that.

Application deployment architecture

We’ll be deploying our application using docker images. Docker images in AWS are deployed on the Elastic Container Service (ECR). The containers will be deployed on the private sub net.

We’ll need a load balancer so that traffic is managed effectively across containers. So we’ll have an application load balancer in the public sub net with a public IP.

Docker image for the application

For this example, we’ll just use crccheck/hello-world which will just spit out hello world on hitting /.

We’ll not be covering the idea of how to have build docker for your applications in too much in depth, but the idea is very straightforward. Have a simple DockerFile in your repository. Run docker build, docker tag to tag it to the commit ID and latest & then finally push it to Elastic container service (ECR). We’ll be using this image to deploy it to the servers.

Deploying the image

Elastic Container Service (ECS) is the service offered by AWS to deploy docker images in the platform. Traditionally deployments happened on EC2 instances / dedicated servers. Now a days it’s quicker to just deploy and spin up & down containers rather than an instance.

To work with ECS, we’ll need to understand three important ideas

• Task definitions: These are the blueprints/specification files for defining which docker image to pull, which command to run in the docker image, how much CPU to allocate, how much memory to allocate etc..
• Clusters: A cluster sets some max specifications and there are containers spun up inside the cluster
• Tasks: The task is the deployment of the task definition into the container. So, if 15 pods run that’s 15 tasks running inside a cluster.

So to start off, the image definition we’ll opt for would be with the image of crccheck/hello-world, setup the container port at 8080, setup some environment variables, a role with some accesses & setup CPU and memory constraints.

Auto scaling

Any production grade infra stack needs to scale up & down based on some metric like network traffic, CPU etc..

For example, when the CPU goes above 80% we might want to start one more instance to manage the workload. And when the CPU goes below 70 we might want to scale down the container count since the traffic is reducing. This policy is what is called as a scaling policy.

With this policy, we’ll set a min of 1 instance and a max of 3 instances. As the CPU goes up we’ll spawn one more container, max containers at any point can be three. You’ll see this policy neatly laid out in code.

With this, effectively the service on deploy will be up and running with / will respond with hello world.

---

export class HelloWorldApplicationStack extends cdk.Stack {  
    constructor(scope: Construct, id: string, props?: cdk.StackProps) {  
        super(scope, id, props);  
  
        const applicationId = 'HelloWorldApplication'
  
        const vpc = cdk.aws_ec2.Vpc.fromLookup(this, 'vpc', {vpcName: vpcName})  
        const applicationLoadBalancer = new cdk.aws_elasticloadbalancingv2.ApplicationLoadBalancer(this, `${applicationId}LoadBalancer`, {  
            vpc: vpc,  
            internetFacing: true,  
            vpcSubnets: {subnetType: SubnetType.PUBLIC}  
        });  
        const taskRole = new cdk.aws_iam.Role(this, `${applicationId}TaskRole`, {  
            assumedBy: new cdk.aws_iam.ServicePrincipal('ecs-tasks.amazonaws.com'),  
            managedPolicies: [{managedPolicyArn: 'arn:aws:iam::aws:policy/SecretsManagerReadWrite'}, {managedPolicyArn: 'arn:aws:iam::aws:policy/AmazonS3FullAccess'}]  
        })  
        const helloWorldApplication = new cdk.aws_ecs_patterns.ApplicationLoadBalancedFargateService(this, applicationId, {  
            vpc: vpc,  
            taskSubnets: {subnetType: SubnetType.PRIVATE_WITH_EGRESS},  
            loadBalancer: applicationLoadBalancer,  
            assignPublicIp: false,  
            cpu: 2048,  
            memoryLimitMiB: 4096,  
            taskImageOptions: {  
                image: new cdk.aws_ecs.RepositoryImage('crccheck/hello-world:latest'),  
                containerPort: 8000,  
                environment: {  
                    'NODE_ENV': 'uat'  
                },  
                taskRole: taskRole,  
            },  
        });  
  
        const scalableTarget = new cdk.aws_applicationautoscaling.ScalableTarget(this, `${applicationId}ScalingTarget`, {  
            serviceNamespace: cdk.aws_applicationautoscaling.ServiceNamespace.ECS,  
            resourceId: `service/${helloWorldApplication.cluster.clusterName}/${helloWorldApplication.service.serviceName}`,  
            scalableDimension: 'ecs:service:DesiredCount',  
            minCapacity: 1,  
            maxCapacity: 3,  
        });  
        const scalingPolcy = new cdk.aws_applicationautoscaling.TargetTrackingScalingPolicy(this, `${applicationId}ScalingPolicy`, {  
            scalingTarget: scalableTarget,  
            targetValue: 70,  
            scaleOutCooldown: cdk.Duration.seconds(60),  
            scaleInCooldown: cdk.Duration.seconds(60),  
            predefinedMetric: cdk.aws_applicationautoscaling.PredefinedMetric.ECS_SERVICE_AVERAGE_CPU_UTILIZATION  
        });  
    }  
}
 
new HelloWorldApplicationStack(app, "HelloWorldApplicationStack", {env: envDetails});

---

Figure out the load balancer’s URL, hit and the response should be hello world!

Perfume comes from the french word parfum. “per” meaning “thorough” and “fumus” meaning “smoke”.

Types

Depending on the concentration, they are classified into multiple tiers

• Eua De Toilette (EDT): 5-15% aromatic compounds
• Eue De Parfum (EDP): 15-20% aromatic compounds
• Parfum : 20-30% aromatic compounds

Vocabulary

• Longevity: Describes how long a fragrance lasts
• Projection: Describes how far someone can smell you from
• Sillage: The trail left behind while walking
• Top notes: These are the initial scents you get when you apply. This usually last for around 5-15 minutes.
• Middle notes / heart notes: These are the set of scents which you get in 20-60 minutes
• Base notes: These are the set of scents which lasts from the first hour to around six plus hours
• Decanters: Fragrances are expensive. A good fragrance easily ends up costing 5k+ for a 60ml bottle. You would not want to buy a fragrance you regret. So there are people who import multiple bottles, and then they sell small quantities (10ml, 20ml etc.. ) of expensive fragrances at logical rates (usually). This means that with around 3k INR, you can experiment with 5 fragrances and get a feel for them. Once you decide, you can get a bigger bottle.

To learn

Basics

• Charlier cut
• Swing cut
• Swivel cut (later)
• Revolution cut
• Sybil cut
• Sybil cut 5 face
• Spring flourish
• Dribble flourish
• Thumb fan
• Smear fan
• Table spread
• Scissors cut
• Hotshot cut
• WERM
• Faro shuffle