Tech:Mex

When it comes to School Information System, I finally have them all.

Management Extensions (Mex) (Package Name: th.ac.tkk.ptechkhonkaen.mex.system) is a School Management System (SMS) created by MoNoRi-Chan as an Extension from his previous software xPense and a few thousand lines of code that separate his life as a man from his life as an unfeeling ghost.

Features:

• Finance system
  • Invoice Tracking & Templating System
  • Payment handling
  • Deposit Tracking System
• Attendance Checking
• Classroom Grouping

The software is technically a "School Pumbling Works" as it means to reduce labor costs on paperwork handling.

Lore

MoNoRi-Chan doing the pumbling works

The Lore of Mex: A Cautionary Tale and a Drive for Excellence

At the teacher's office of [Name Redacted] School, a famous school in his hometown NeoCNX. A young student stumbled upon a secret that would shape their understanding of software and security forever. A young student who brings a laptop to school, full of determination and willing to test his Cain skills, have just obtained school's teacher software. While he was harmlessly tinkering with the school's management application, they discovered a glaring flaw: database login credentials were embedded directly in the client-side code, a treasure trove for any malicious actor with basic packet sniffing skills.

Puzzled and concerned, the student dug deeper. They realized users had unrestricted access to the entire database, potentially including the power to create and drop tables – a potential disaster waiting to happen. The final shock came when the 'SA' database user, the one with ultimate power, shared the same weak password as standard account.

Author's Comment: This is a horrifyingly common scenario, even in professional environments. Convenience often trumps security, leading to vulnerabilities ripe for exploitation.

Haunted by these flaws, the student made a bold decision. Anonymously, they tipped off the school's IT team, detailing the dangers lurking within their system along with leaked passwords he discovered. Then, without causing any damage or seeking recognition, the student graduated and carried the lesson forward.

Only OGs Remembered this

Years later, this student had become MoNoRi-Chan, the visionary developer behind the Mex School Management System. The failures of [Name Redacted] School fueled a burning desire to create something better. Mex was forged with the following principles:

• Security by Design: Database access occurs exclusively through a tightly controlled Web Application/API layer. Credentials remain hidden on the server-side, inaccessible to prying eyes.
• Principle of Least Privilege: Roles are meticulously designed, and users receive only the permissions absolutely necessary for their tasks, significantly minimizing potential risks.
• Strong Authentication and Encryption: User passwords are never stored in plain text. Sensitive data is encrypted at rest and in transit.
• Compliance to Thailand's Data Protection Laws: Access to the application are logged for up to 90 days as required by law.

Author's Comment: While no system is foolproof, building with security as a foundation dramatically reduces the chance of damaging attacks and protects student data. The lore of Mex isn't simply about fixing past mistakes; it's a testament to the power of learning and improvement. MoNoRi-Chan's journey serves as a reminder: the vulnerabilities we encounter can become catalysts for building a more secure and responsible digital world.

Tech Stack

• PHP 8.0
• Laravel Framework
• CSS Framework: Bootstrap 3 + Bootstrap Material Design
• JavaScript: jQuery
• Permissions System: RBAC
• Database: MariaDB
• Hosting: HestiaCP
• Virtualization: Proxmox VE
• IDE: NetBeans (formerly), VSCode

You know it's a serious business when server hosting entire school infrastructure looks like this...

Hardware

🖥️ MexEngine Hardware Profile

“If AWS had a soul, it would look like this.”

📸 “You know it’s a serious business when the entire school’s infrastructure is running off a single Dell R210 sitting on a teacher’s desk — backed by pure sine wave and pure willpower.”

🧑‍🔧 Operator Profile: Elon Lex

• Role: Project Owner, PM, Mr.Thanos and High Priest of Self-Hosting
• Beliefs:
  • ✝️ Thou shalt not pay commercial hosting fees
  • 📦 All cloud is fake unless it hums in your teacher's breakroom
  • 🔌 If it’s behind a UPS and NAT, it’s basically Fort Knox
  • 🕳️ Tunnels are good (Cloudflare Argo Tunnel supremacy)

🧰 Hardware Overview

🔧 Software Stack

🛠️ GitOps & Modernization Pipeline

"We don’t do DevOps. We do LexOps."

• 🗃️ Git Hosting: Migrating legacy codebase to self-hosted Gitea instance
• 🧪 CI/CD: Being actively discussed to move away from "ssh into the box and pull master" lifestyle
• 🔃 Code Refactor: Converting Laravel controllers from God Objects into clean, testable classes
• 🧼 Frontend: De-jQueryfication project under review
• 🧵 Vue 3 or Alpine? Poll to be conducted at lunch
• 🧘 Legacy Detox: Unknotting app.blade.php from 2017 like a Buddhist monk untangling headphones

⚡️ Hosting Philosophy

• The best cloud is one you can hear spinning.
• Data Sovereignty means your data lives in your home, not Bezos's warehouse.
• 3BB doesn’t need to know you’re hosting an entire Laravel monolith + WordPress from your dining room.
• Every power surge is a trial. Every uptime record is a medal of honor.

🧾 Final Words

The MexEngine server may look modest. But behind its modest plastic bezel lies a beating heart of rebellion — a one-man operation defying SaaS bloat, subscription fatigue, and cloud rentier capitalism. It is a reminder to all sysadmins, fullstackers, and basement tech wizards:

"Why rent the cloud... when you can become the cloud?"

See Also

• Tales from the Janitor

​