diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml
index c838cf3..68cb4d8 100644
--- a/.github/workflows/linters.yaml
+++ b/.github/workflows/linters.yaml
@@ -10,7 +10,7 @@ jobs:
         uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: '3.12'
+          python-version: '3.13'
       - name: install poetry
         run:  curl -sSL https://install.python-poetry.org | python -
       - name: install myself
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index fc1f08a..4fec2bc 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -12,7 +12,7 @@ jobs:
             - uses: actions/checkout@v3
             - uses: actions/setup-python@v5
               with:
-                python-version: '3.12'
+                python-version: '3.13'
             - run:  ls
             - name: install poetry
               run:  curl -sSL https://install.python-poetry.org | python -
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 997dcef..667a53b 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -3,13 +3,13 @@ on:
   pull_request:
 jobs:
   Unit-Tests:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
       - name: check out our code
         uses: actions/checkout@v3
       - uses: actions/setup-python@v5
         with:
-          python-version: '3.12'
+          python-version: '3.13'
       - name: install poetry
         run:  curl -sSL https://install.python-poetry.org | python -
       - name: install myself
diff --git a/guidance/setup.md b/guidance/setup.md
new file mode 100644
index 0000000..5e53f5d
--- /dev/null
+++ b/guidance/setup.md
@@ -0,0 +1,37 @@
+# On Setup
+
+## Basics
+
+* Learn touch typing.
+* Understand the shell, do a basics `bash` course.
+* Use scaffolding for bootstraping your project, e.g. `cookiecutter`. Good for standardizing your organization's projects and saving time on setup.
+* Never write wikis, always scripts.
+* Get your minimal hooks set up from the start with your CI.
+  * tests, linters, formatters.
+* Use pull requests from the start.
+* If reasonable, use a build system, `make` or `rake` or `just`.
+* Know your ecosystem, e.g. `uv` for Python, `cargo` for Rust, `npm` for node, etc.
+  * use lock-files for reproducible builds.
+  * Save artifacts tagged by commit hash.
+  * Leverage ecosystem documentation.
+* For a very lean project, the README lists
+  * one liner for setting up the project
+  * one liner for running tests
+  * minimal further explanations
+  * expand this only when actually needed: e.g. team members cannot onboard without it.
+* Story Tests are the ultimate user guide
+
+## Security
+
+* Know what secrets are
+* Scan for accidentally committed secrets with a pre-commit hook (e.g. `gitleaks`, `truffleHog`).
+* Audit your dependencies for known vulnerabilities. Automate it in CI.
+* DO NOT BE LAZY with root-level permissions. Use the principle of least privilege.
+* Use vaults for secrets management, e.g. `vault` or `aws secrets manager`.
+
+## Advanced
+
+* Use docker for a full working environment.
+* Everything should be text based.
+* Use mock services for E2E tests.
+* Use infrastructure-as-code even for small projects (terraform, CloudFormation). "I'll do it properly later" never happens.