New book v2

01. General Prep/authentication_vs_authorization.md

@@ -0,0 +1,38 @@
+# Authentication vs Authorization
+
+Authentication and authorization work together to guard access, but they solve different problems:
+
+- **Authentication** answers *“Who are you?”* by verifying identity through credentials such as passwords, tokens, or biometrics.
+- **Authorization** answers *“What are you allowed to do?”* by checking permissions after identity is verified.
+
+## Cheat Sheet
+- AuthN verifies identity; AuthZ checks permissions after identity is known.
+- Mention MFA + secure credential storage as baseline hygiene.
+- Tie authorization back to least privilege with explicit role or policy examples.
+
+## Quick Refresh
+- Confirm you can explain the flow: login → identity established → permission checks.
+- Know common mechanisms: OAuth 2.0, JWTs, sessions, role-based access control (RBAC), attribute-based access control (ABAC).
+- Highlight typical pitfalls: credential leakage, improper session management, over-permissive roles.
+- Keep a simple sequence diagram in mind: user → identity provider → application → resource service.
+
+## Scenario Snapshots
+- **Public marketing site with admin portal:** Anonymous visitors authenticate only when accessing `/admin`; authorization enforces editor vs reviewer roles with fine-grained permissions on content actions.
+- **Multi-tenant SaaS dashboard:** Central identity provider issues tokens containing tenant and role claims. Downstream services authorize requests by validating both tenant ownership and feature entitlements to prevent cross-tenant data leakage.
+- **Internal microservice mesh:** mTLS authenticates services, while sidecar policy engines (e.g., OPA) evaluate authorization rules per endpoint, reducing logic duplication and enabling audit trails.
+
+## Diagram Checklist
+- Use a login flow sequence diagram: `Client → Auth Service → Identity Provider → Token` and return path to `Resource Server`.
+- Include swimlanes for `User`, `App`, `Auth Provider`, and downstream `API` to highlight trust boundaries.
+- Annotate where tokens are issued, stored, refreshed, and validated; call out failure paths (expired token, missing scope).
+
+## Deep Dive Later
+- Compare session-based vs token-based authentication and when to use each.
+- Outline secure password storage (hashing, salting, peppering) and MFA strategies.
+- Explore least privilege design, privilege escalation prevention, and audit logging patterns.
+- Review how cloud providers (AWS IAM, GCP IAM, Azure AD) implement auth/authz flows.
+
+## Interview Prompts
+- Describe an end-to-end login flow for a web app and how you would secure it.
+- Discuss how you would add a new microservice to an ecosystem while reusing existing auth.
+- Explain debugging steps when a user reports unauthorized access or unexpected denial.

01. General Prep/general_questions.md

@@ -0,0 +1,18 @@
+# General Interview Questions
+
+Use these prompts to warm up your interview mindset and practice concise storytelling across behavioral and cross-functional topics.
+
+## Cheat Sheet
+- Lead with a tight elevator pitch: current role, top impact, why you’re interviewing.
+- Stockpile 3–4 STAR stories covering leadership, conflict, failure, and big wins.
+- Prepare a closing question bank about team culture, roadmap, and success metrics.
+
+## Quick Refresh
+- Rehearse your introduction, role highlights, and why-now narrative.
+- Skim common behavioral categories: leadership, conflict, failure, collaboration, and impact.
+
+## Deep Dive Later
+- Build full STAR responses for roles, successes, and tough lessons; prioritize metrics and business context.
+
+## Interview Prompts
+- [100 Potential Interview Questions](http://career-advice.monster.com/job-interview/interview-questions/100-potential-interview-questions/article.aspx)

01. General Prep/git.md

@@ -0,0 +1,62 @@
+# Git Interview Refresh
+
+Keep these branches, cleanup commands, and conceptual contrasts top of mind so you can speak confidently about Git workflows in interviews.
+
+## Cheat Sheet
+- Use `git branch`, `-a`, and `-r` to show scope; know how to target remotes quickly.
+- Explain merge vs rebase with a team workflow example and conflict handling plan.
+- Safely clean the working tree: dry-run `git clean -n` before deleting untracked files.
+
+## Quick Refresh
+- List and filter branches locally and across remotes when walking through repo discovery.
+- Explain how you identify merged versus unmerged branches before cleanup.
+- Know how to delete untracked files safely and when to fall back to selective resets.
+- Contrast merge and rebase to show you can choose the right integration strategy.
+
+## Command Snippets
+
+### Listing branches
+```sh
+# Show local branches and highlight the current one
+git branch
+# Show local and remote branches
+git branch -a
+# Show remote branches only
+git branch -r
+```
+
+### Checking merge status
+```sh
+# Branches already merged into master
+git branch --merged master
+# Branches not yet merged into master
+git branch --no-merged master
+# Remote branches not merged into origin/master
+git branch -r --no-merged origin/master
+```
+
+### Cleaning untracked files
+```sh
+# Dry run: preview files to be removed
+git clean -n
+# Remove untracked files
+git clean -f
+# Remove untracked directories and ignored files
+git clean -d -x -f
+```
+
+### Resetting working tree changes
+```sh
+# Discard changes in a single file
+git checkout -- path/to/file
+# Reset entire working tree to last commit
+git reset --hard
+```
+
+## Interview Prompts
+- Walk through when you would choose merge versus rebase in a team workflow. (See [Atlassian](https://www.atlassian.com/git/tutorials/merging-vs-rebasing).)
+- Explain how you clean up stale feature branches without losing work.
+- Describe your process for recovering from an accidental force push or bad commit.
+
+## Deep Dive Later
+- [Advanced Git Tutorials](https://www.atlassian.com/git/tutorials/advanced-overview) by Atlassian for branching models, hooks, and rebase strategies.

01. General Prep/overview.md

@@ -0,0 +1,7 @@
+# General Prep Overview
+
+**Behavioral Warmup:** Frame your pitch in three beats (role → impact → why now) and recall STAR stories for conflict, failure, and big wins. Quick prompts: [General interview questions](general_questions.md).
+
+**Authentication vs Authorization:** Authentication proves identity (passwords, MFA, SSO); authorization enforces least privilege once identity is confirmed. Visualize login → token → permission check before diving into [Authentication vs Authorization](authentication_vs_authorization.md).
+
+**Git Essentials:** Surface how you list/prune branches, decide between merge vs rebase, and clean untracked files safely (`git clean -n` before `-f`). Reference commands in [Git Interview Refresh](git.md).

02. Web Development/javascript.md

@@ -0,0 +1,23 @@
+# JavaScript Interview Refresh
+
+Focus on browser fundamentals, event handling, and language quirks to keep your JavaScript interviews sharp.
+
+## Cheat Sheet
+- Describe the event loop and microtask queue when explaining async behavior.
+- Know when to use `event.preventDefault()` vs returning `false` in handlers.
+- Share how `"use strict"` impacts `this`, variable declarations, and silent failures.
+
+## Quick Refresh
+- Explain event propagation (capture, target, bubble) and how `event.preventDefault()` differs from returning `false`.
+- Revisit ES modules versus CommonJS and how bundlers/transpilers affect delivery.
+- Recall how `"use strict"` changes scoping, `this` binding, and silent errors.
+
+## Interview Prompts
+- **Preventing form submission:** Compare `event.preventDefault()` with `return false`, discuss when each applies, and describe proper separation of concerns for inline handlers vs. addEventListener.
+- **Async patterns:** Walk through promises, async/await, microtasks vs macrotasks, and the event loop narrative.
+- **State management in the browser:** Outline local/session storage, cookies, and when to leverage IndexedDB.
+
+## Deep Dive Later
+- Read: **event.preventDefault() vs. return false** on [Stack Overflow](http://stackoverflow.com/questions/1357118/).
+- Practice with [16 Great JavaScript Interview Questions](http://www.toptal.com/javascript/interview-questions).
+- Refresh details in [JavaScript "Use Strict"](http://www.w3schools.com/js/js_strict.asp).

02. Web Development/overview.md

@@ -0,0 +1,5 @@
+# Web Development Overview
+
+**HTTP Lifecycle:** Trace DNS → TLS → CDN → app → database to explain latency and scaling decisions. Quick recap: [Web Development Interview Refresh](web_development.md).
+
+**JavaScript Fundamentals:** Revisit the event loop, microtasks vs macrotasks, and `preventDefault()` vs `return false`, including `"use strict"` implications. Details: [JavaScript Interview Refresh](javascript.md).

02. Web Development/web_development.md

@@ -0,0 +1,28 @@
+# Web Development Interview Refresh
+
+Re-center on fundamental web platform concepts so you can confidently explain request flows, security risks, and modern service communication patterns.
+
+## Cheat Sheet
+- Trace the full HTTP request path including DNS, TLS, CDN, app, and database layers.
+- Define XSS variants and prevention techniques (encode output, CSP, sanitization).
+- Compare REST vs gRPC and note why teams adopt HTTP/2 streaming for microservices.
+
+## Quick Refresh
+- Map the HTTP request lifecycle, including DNS, TLS, proxies, and caching layers.
+- Distinguish between transport (TCP) and application (HTTP) responsibilities.
+- Recall common web security pitfalls such as XSS and how to mitigate them.
+- Summarize service-to-service communication options, including REST and gRPC over HTTP/2.
+
+## Interview Prompts
+- **Explain HTTP vs TCP:** Clarify layering (OSI/Internet stack), reliability, connection management, and how HTTP leverages TCP streams. Be ready to touch on HTTP/2 multiplexing.
+- **What is XSS and how do you prevent it?** Describe reflected, stored, and DOM-based variants. Emphasize output encoding, CSP, input validation, and protected templating systems. Reference real-world examples:
+  - Injected `<script>` via search results that echo raw user input.
+  - Malicious profile data on social platforms leaking session data.
+  - SPA rendering unescaped client-side templates.
+- **How does the web work end-to-end?** Walk through URL entry → DNS resolution → TCP/TLS handshake → HTTP request → load balancer/CDN → application → persistence tiers.
+- **What is gRPC?** Highlight Protocol Buffers, HTTP/2 streaming, contract-first development, and typical use cases inside microservice ecosystems.
+
+## Deep Dive Later
+- [Hypertext Transfer Protocol](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol) and [Transmission Control Protocol](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) for protocol internals.
+- [How the web works](http://www.garshol.priv.no/download/text/http-tut.html) and [How the domain name system works](http://wiki.bravenet.com/How_the_domain_name_system_works) for lifecycle walkthroughs.
+- Revisit gRPC guides for auth, load balancing, and code generation best practices.

03. Backend & Frameworks/django.md

@@ -0,0 +1,21 @@
+# Django Interview Refresh
+
+Keep these ORM patterns and framework concepts handy so you can surface Django-specific depth quickly. Pair this with the [Python interview refresh](python.md) for language fundamentals.
+
+## Cheat Sheet
+- Outline Django’s request flow: URL routing → view → ORM → template → response.
+- Differentiate `select_related` vs `prefetch_related` with a concrete performance example.
+- Mention auth customizations (custom user model, signals, permissions) when discussing security.
+
+## Quick Refresh
+- Explain Django’s MTV (Model-Template-View) architecture and request lifecycle.
+- Contrast `select_related` vs `prefetch_related` and when to apply each for query optimization.
+- Review how Django handles configuration via settings, middleware, and apps.
+
+## Interview Prompts
+- **Query optimization:** Discuss how `select_related` joins foreign keys in a single query while `prefetch_related` performs separate queries suited for many-to-many relationships. Show an example where each shines.
+- **Authentication & authorization:** Outline the default auth system, custom user models, and per-object permissions.
+- **Scaling patterns:** Talk about caching (per-view, per-template, low-level), async support with channels, and background task integration (Celery, RQ).
+
+## Deep Dive Later
+- [select_related vs prefetch_related in Django ORM](https://stackoverflow.com/a/31237071/718722) for nuanced query behavior and performance tips.

03. Backend & Frameworks/java.md

@@ -0,0 +1,23 @@
+# Java Interview Refresh
+
+Revisit JVM fundamentals and language features that frequently appear in Java interview conversations.
+
+## Cheat Sheet
+- Explain autoboxing costs and prefer primitives in hot code paths where possible.
+- Summarize how the JVM manages memory (heap regions, GC pauses, tuning levers).
+- Highlight concurrency utilities (executors, CompletableFuture) and how you avoid race conditions.
+
+## Quick Refresh
+- Clarify the difference between primitives and wrapper classes, including autoboxing costs.
+- Review memory management concepts: heap vs stack, garbage collection tuning, escape analysis.
+- Summarize concurrency utilities (executors, futures, completable futures) and best practices.
+
+## Interview Prompts
+- **Autoboxing vs primitives:** Discuss when autoboxing occurs, performance implications, and pitfalls with `==` comparisons.  
+  Reference: [Why do we use autoboxing and unboxing in Java?](http://stackoverflow.com/questions/27647407/why-do-we-use-autoboxing-and-unboxing-in-java)
+- **Collections framework:** Compare `ArrayList`, `LinkedList`, `HashMap`, `TreeMap`, and concurrent variants.
+- **JVM tuning:** Explain how you would diagnose high GC pauses and tools you might use (VisualVM, JFR, profilers).
+
+## Deep Dive Later
+- Refresh Java release highlights (records, sealed classes, pattern matching) relevant to roles you target.
+- Revisit Spring Boot, Micronaut, or Jakarta EE notes if the interview leans toward framework-heavy environments.

03. Backend & Frameworks/overview.md

@@ -0,0 +1,7 @@
+# Backend & Frameworks Overview
+
+**Python Fundamentals:** Explain GIL impact, mutable vs immutable semantics, and doctest-style validation; see [Python Interview Refresh](python.md).
+
+**Django Patterns:** Show how `select_related`/`prefetch_related` cut query counts, customize auth, and layer caching/async features; review in [Django Interview Refresh](django.md).
+
+**Java Essentials:** Contrast primitives vs wrappers (autoboxing cost), outline JVM memory/GC tuning, and highlight concurrency utilities like `CompletableFuture`; details in [Java Interview Refresh](java.md).

03. Backend & Frameworks/python.md

@@ -0,0 +1,83 @@
+# Python Interview Refresh
+
+Use this guide to re-ground yourself in Python language fundamentals, runtime characteristics, and coding exercises that often surface in interviews. Also review the dedicated [Django interview refresh](django.md) for framework-specific questions.
+
+## Cheat Sheet
+- Define the GIL impact and when to reach for multiprocessing or async alternatives.
+- Contrast mutable vs immutable types and how that affects function arguments.
+- Explain text vs bytes handling in Python 3 and interoperability with external systems.
+
+## Quick Refresh
+- Explain the Global Interpreter Lock (GIL) and how it affects multithreading in CPython.
+- Differentiate between Python’s core built-in data structures and when to use each.
+- Contrast mutable and immutable types, especially when discussing function arguments and thread safety.
+- Describe how Python handles text (`str`) versus binary (`bytes`) data across versions.
+
+## Interview Prompts
+
+### Global Interpreter Lock (GIL)
+`GIL` is a mutex that prevents multiple native threads from executing Python bytecode simultaneously. It simplifies memory management but limits CPU-bound parallelism in CPython. Review mitigation strategies such as multiprocessing, asyncio, or alternative runtimes.  
+Read: [Global Interpreter Lock](https://wiki.python.org/moin/GlobalInterpreterLock)
+
+### Core Data Types
+- Built-in collections: `dict`, `list`, `set`, `frozenset`, `tuple`.
+- Python 3 uses `str` for Unicode text and `bytes` for binary data (contrast with Python 2’s `str`/`unicode` split).  
+Read: [Python Data Types](https://docs.python.org/3/library/datatypes.html)
+
+### Mutability
+- Immutable examples: numbers, strings, tuples.
+- Mutable examples: dictionaries, lists, sets.  
+Discuss implications for hashing, thread safety, and default arguments.
+
+### Tuple vs List
+Tuples are immutable, lists are mutable. Highlight performance differences, memory usage, and typical use cases (e.g., fixed records vs dynamic collections).
+
+### Sets
+Sets are unordered collections of unique elements implemented with hash tables—great for membership checks and deduplication.  
+Read: [set](https://docs.python.org/2.7/library/stdtypes.html#set)
+
+### Numeric Precision
+Floating-point arithmetic introduces rounding errors (e.g., `0.1 + 0.1 + 0.1 - 0.3`). Demonstrate using `Decimal` for precise calculations.  
+Read: [decimal](https://docs.python.org/3/library/decimal.html)
+
+## Code Drills
+
+### Mutable Default Arguments
+```python
+def append_value(val, items=None):
+    if items is None:
+        items = []
+    items.append(val)
+    return items
+```
+Be ready to explain why the defensive `None` check is necessary and show the buggy version that reuses a shared list.
+
+### Quick Testing with Doctest
+```python
+def my_range(x, y):
+    """
+    >>> my_range(3, 3)
+    []
+    >>> my_range(0, 3)
+    [0, 1, 2]
+    """
+    return list(range(x, y))
+
+if __name__ == "__main__":
+    import doctest
+    doctest.testmod()
+```
+Use this to illustrate lightweight verification and emphasize when to prefer pytest or unittest for complex scenarios.
+
+### Inspecting Source
+```python
+import inspect
+from django.core import context_processors
+
+print(inspect.getsource(context_processors.request))
+```
+Shows how to explore library internals during debugging or interview whiteboarding.
+
+## Deep Dive Later
+- [Iterators](https://wiki.python.org/moin/Iterator) and [Generators](https://wiki.python.org/moin/Generators) for lazy evaluation discussions.
+- [Porting Python 2 Code to Python 3](https://docs.python.org/3/howto/pyporting.html) if legacy migrations surface.