Scribbles for my memory

Menu

Menu

  • Blog
  • Email
  • Feed
  • Log in

Categories

  • Tutorial
  • Database
  • English
  • Tips
  • Networking
  • Git
  • Movies
  • Essays
  • Programming
  • Linux

Pages

  • About me
  • Links
  • Vegetable Garden

Recent Posts

  • VM can ping the host but…
  • gitbash test fixtures: anchor…
  • tg-relay 能否驱动非 tmux 的 Claude…
  • Git for Windows nagging…
  • `claude install` says success…

Archive

  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025

June 2026

  • VM can ping the…

    I was inside a Windows Server 2025 VM (running on a Linux host via libvirt/Vagrant) trying to scp a file from the host. The host answered ping fine, but every ssh/scp to it just hung and failed. The obvious suspect — the Windows firewall on the VM — was a red herring. The real culprit was ufw on the Linux host, which MX Linux configures to default-deny incoming and only allow the LAN. The giveaway: ICMP works, TCP doesn't. ufw permits ping by default but drops unlisted TCP ports, so connectivity "looks" fine while SSH silently dies. If you can ping but not connect to a port, suspect a host firewall, not a routing problem. Check what the host actually allows: sudo ufw status verbose In my case port 22 was only open to the physical LAN (192.168.68.0/24), while the VM lived on the libvirt NAT subnet 192.168.121.0/24 — a different network the rules never mentioned. So the VM's packets hit the default deny (incoming) and vanished. Fix: explicitly allow the VM subnet to reach the…

    Permanent link to “VM can ping the host but SSH/SCP fails? Check the host's ufw”

  • gitbash test…

    git -C /tmp/tmp.XXX/repo fails on gitbash with cannot change to C:\Users\<u>\AppData\Local\Temp\2\tmp\tmp.XXX\repo — note the doubled tmp segment. git's Cygwin path resolver treats /tmp/foo as <Temp2>/tmp/foo, so a path the shell resolves fine ends up looking for a directory the disk doesn't have. Anything that pipes mktemp output into git -C hits it; mine broke ~20 of 60+ tests in one go. The fix is to set TMPDIR to the real Windows temp root before any mktemp -d call. mktemp then returns C:\Users\<u>\AppData\Local\Temp\2\tmp.XXX (no leading /tmp/) and git's resolver is happy. cygpath -w /tmp gives the right value: if [[ -n "${MSYSTEM:-}" ]] && command -v cygpath >/dev/null 2>&1; then export TMPDIR="$(cygpath -w /tmp)" fi A few related landmines I tripped over while getting to a green suite — bundle them since you will hit them too: ln -sfn and readlink round-trip through Cygwin form. Symlink the Windows form…

    Permanent link to “gitbash test fixtures: anchor TMPDIR at the real Windows temp root”

  • tg-relay 能否驱动非 tmux…

    tg-relay 的 inbound 路由依赖 tmux pane ID(%NN)——收到 Telegram 消息后,它调 tmux send-keys 把 /tmp/tg-*.md 注入对应 pane。mux.driver local 跑的是前台进程,没有 tmux pane,所以 relay 找不到投递目标,直接失败。 Outbound 没问题:notify_shuke 不依赖 tmux,local driver 下照常发 TG,reply index 里用 MUX_DRIVER_SLUG 代替 %NN 记录身份。问题只在 inbound。 可行路径:named FIFO + Stop hook exit 2 每个 local session 启动时用 slug 创建一个 named FIFO: mkfifo /tmp/mux-tg-${MUX_DRIVER_SLUG}.fifo tg-relay 看到 reply index 里的 pane ID 是 slug 而非 %NN,就写这个 FIFO 而非调 tmux: echo "$message" > /tmp/mux-tg-${slug}.fifo Claude Code 的 Stop hook 在每个 turn 结束时检查这条 FIFO: # Stop hook fifo="/tmp/mux-tg-${MUX_DRIVER_SLUG}.fifo" if read -t 0.1 msg < "$fifo" 2>/dev/null; then echo "$msg" exit 2 # 拦住 stop,把消息作为 additionalContext 注入 fi exit 0 exit 2 的语义:Claude 不停止,stdout 作为 additionalContext(system feedback)注入同一个 turn,Claude 继续处理。技术上不是新的 user message,是 same-turn 的 system context,但效果上 Claude 会读到并响应 TG 消息。 局限 hook 只在 turn 边界触发。FIFO 里的消息要等当前 turn…

    Permanent link to “tg-relay 能否驱动非 tmux 的 Claude Code session?”

  • Git for Windows…

    On a corporate Windows box, git pull/git fetch keeps stopping to ask: Unlink of file '.git/objects/pack/pack-305a05....idx' failed. Should I try again? (y/n) The cause is a security agent — SentinelOne, ZScaler, Defender — holding an open handle on the old .idx files while Git tries to repack. Git for Windows wraps unlink/rename failures in a retry prompt, and you end up babysitting every pull, mashing n. yes n | git pull works but you have to remember to prefix it every time. The permanent fix is one line in ~/.bashrc (the Git Bash one): export GIT_ASK_YESNO=false Git runs the value of GIT_ASK_YESNO as a command to decide whether to retry — a non-zero exit is treated as "n". false always exits non-zero, so every prompt is silently answered "no". It's cleaner than </dev/null redirection (works regardless of whether stdin is a tty) and doesn't touch the other interactive bits — commit-message editor, credential prompts — which go through different machinery.…

    Permanent link to “Git for Windows nagging "Unlink failed. Should I try again? (y/n)"? One env var kills it”

  • `claude install`…

    You run claude install, it prints "successfully installed! Version: 2.1.185", but claude --version keeps reporting the old 2.1.183. Reinstalling doesn't help. The cause: on Windows you cannot overwrite a running .exe. The native installer downloads the new build into ~/.local/share/claude/versions/<ver> fine, but the final step — copying it onto the launcher at ~/.local/bin/claude.exe — fails silently because a live claude.exe process holds that file locked. The installer reports success on the download, not on the swap. Confirm it's this by comparing checksums of the launcher against the version store: sha256sum ~/.local/bin/claude.exe ~/.local/share/claude/versions/2.1.185 ls -la ~/.local/share/claude/versions/ # newest version is there, but bin/claude.exe is stale tasklist //FI "IMAGENAME eq claude.exe" # the processes holding the lock If the launcher hash matches an older version in the store, the swap never happened. The clean fix is to exit every claude…

    Permanent link to “`claude install` says success on Windows but `--version` is still old”

  • xset s off vs xset…

    On Linux (especially XFCE, GNOME, or other X11 desktops), if you want to keep your monitors from auto-sleeping while still being able to manually turn them off with a hotkey, you'll see these two commands recommended: xset s off xset -dpms Do you need both? Usually not—but it doesn't hurt. Here's the difference: xset -dpms controls the monitor power management (hardware sleep). This is the main one you want—it prevents the monitor from entering standby/suspend/off automatically. xset s off controls the X11 screen saver (software blanking). In modern desktops, the screen saver usually just triggers DPMS anyway, so this often feels redundant. But it's a good safety layer to prevent "blank screen but not actually sleeping" behavior on some setups. The practical setup To never auto-sleep, but still allow manual off/on: xset s off # Disable screen saver blanking xset -dpms # Disable DPMS power saving Then bind this to a hotkey to turn monitors off: xset dpms force off Moving the…

    Permanent link to “xset s off vs xset -dpms: Do you need both?”

  • Replacing tmux…

    tmux send-keys became the backbone of multi-agent relay systems for one reason: it could inject input into a running AI agent process at any moment, simulating a human interrupt. It worked. But it was always a hack — it targets a terminal pane, not a process, and carries all of tmux's fragility on Windows Git Bash with it. The cleaner architecture separates the two things tmux was doing simultaneously: 1. Process lifecycle: supervisor loop Instead of an external process injecting /next-run <path> into a live agent's stdin, the agent writes its own handoff file before exiting: # supervisor wrapper handoff="/tmp/next-run-${session_id}.md" printf 'poll\n' > "$handoff" while [[ -f "$handoff" ]]; do claude-code "/next-run $handoff" done The agent finishes a cycle, writes the next handoff, and exits cleanly. The supervisor reads the file and restarts. No injection, no timing race, no tmux session required. The agent writes its last will…

    Permanent link to “Replacing tmux send-keys for agent coordination? stdin FIFO is the right answer, not an alternative”

  • Need a per-repo…

    When you build tooling around git repos, you eventually hit "where do I store a per-repo setting?" Committing a .toolrc pollutes the repo and needs a PR; a sidecar file in ~/.config can't easily be per-repo. The clean answer: put it straight into git config under your own namespace. # per-repo (lands in <repo>/.git/config — local, never committed) git config --local mux.adhocWorktree false # per-machine, all repos (lands in ~/.gitconfig) git config --global mux.adhocWorktree false # read it back, normalized to true/false git config --bool --get mux.adhocWorktree # -> false ; exit 1 if unset git lets you invent any <section>.<key> it doesn't recognize (mux.* here) and just stores it. That hands you three things for free that you'd otherwise have to build: A per-repo store that never leaks — .git/config is local to the checkout and never committed, so it won't pollute someone else's repo. Scope layering with native precedence — --local (repo) transparently…

    Permanent link to “Need a per-repo toggle for your own tool? Stash it in `git config`”

  • PI_CODING_AGENT_DIR…

    If you copy pi's default config to a custom dir and it silently "doesn't work at all" (no auth, no models), you probably pointed PI_CODING_AGENT_DIR one level too high. The trap is that pi's default and its env override are asymmetric: Default (no env var): the agent dir is ~/.pi/agent. Your auth.json/models.json live in ~/.pi/agent/. Override: PI_CODING_AGENT_DIR is used verbatim as the agent dir — no /agent is appended. So this looks right but isn't: # WRONG: pi reads ~/.piz/auth.json (empty) and ~/.piz/models.json (missing) PI_CODING_AGENT_DIR=~/.piz pi # even though your real config is in ~/.piz/agent/ The fix is to point the variable at the agent leaf, mirroring the default layout: PI_CODING_AGENT_DIR=~/.piz/agent pi The relevant resolution (packages/coding-agent/src/config.ts): export function getAgentDir(): string { const envDir = process.env[ENV_AGENT_DIR]; if (envDir) return expandTildePath(envDir); // used as-is return join(homedir(), CONFIG_DIR_NAME,…

    Permanent link to “PI_CODING_AGENT_DIR points at the agent dir, not the `.pi` home”

  • For a rotating…

    If you put Pi behind a local Anthropic gateway that rotates multiple Claude accounts, the interesting part is not the token format. The gateway may hand Pi a placeholder token like claude, while the real upstream auth happens inside the proxy. That means request shaping should be attached to the anthropic provider itself, not gated on whether the token looks like sk-ant-oat.... In pi-anthropic-auth, the fix was to make the transport wrapper unconditional for Anthropic requests. Pi already routes the built-in anthropic provider through the same registry transport, so once the request is in that lane, it can be shaped every time: pi.registerProvider("anthropic", { oauth: anthropicOAuthOverride, api: "anthropic-messages", streamSimple: createAnthropicOAuthStreamSimple(builtinTransport.streamSimple), }); That lets the proxy stay dumb and flexible. I ended up using ~/.pi/agent/models.json to point anthropic.baseUrl at the local gateway, and a placeholder OAuth record in…

    Permanent link to “For a rotating Claude gateway, key off the provider, not the token prefix”

  • Got personal files…

    When you want Git to ignore something that's yours — a local scratch dir, editor cruft, a personal plans/ folder, machine-local config — don't add it to the tracked .gitignore. That file is shared: a rule like plans/ or wiki-drafts/ forces your personal directory conventions onto everyone, and they don't have those dirs. Put it in .git/info/exclude instead. Same syntax as .gitignore, but it's per-clone and never committed — so it's invisible to teammates and travels with nothing: # .git/info/exclude .claude/settings.local.json .claude/plans/ .claude/wiki-drafts/ The rule of thumb: **.gitignore is for what the project should ignore (build output, node_modules/, *.user); .git/info/exclude is for what you happen to ignore on this machine.** If a teammate cloning fresh wouldn't also produce the file, it doesn't belong in the shared list. One gotcha with worktrees: info/exclude lives in the common git dir, so it's shared across all linked worktrees of the same clone — but still not across…

    Permanent link to “Got personal files to ignore? Use .git/info/exclude, not the shared .gitignore”

  • Shell scripts can't…

    A shell script always runs in a subshell. Any cd it executes vanishes when the script exits — the calling shell's working directory is unchanged. The fix: source the script instead of executing it. Sourcing runs the script in the current shell, so cd sticks. alias sw='. ~/bin/sw' Two things to update in the script itself. First, replace every exit with return. exit in a sourced script exits the entire shell, not just the script: exit 1 → return 1 Second, $0 in a sourced script is the shell binary (bash), not the script path. Use ${BASH_SOURCE[0]} wherever you need the script's own location: source "$(dirname "${BASH_SOURCE[0]}")/git-common.sh" script_name=$(basename "${BASH_SOURCE[0]}") The one tradeoff: functions defined inside the script leak into the shell's namespace after it returns. For a personal utility this is usually fine.

    Permanent link to “Shell scripts can't `cd` for you — source them instead”

  • Keep secrets out of…

    When you give an AI coding agent access to your workspace, any .env file in the project is fair game. The agent will read it, and the secrets end up in conversation history, logs, or tool call outputs. The fix isn't stricter prompting — it's structural: don't put the secrets there at all. credential-gateway is a local proxy that solves this by injecting credentials at the network level. Your application connects to localhost:8080 (or localhost:3307 for MySQL, localhost:6380 for Redis) with no credentials in the connection string. The gateway holds the real credentials in ~/.config/credential-gateway/config.yaml — outside every project worktree — and injects them before forwarding each request upstream. The config file lives at ~/.config/credential-gateway/config.yaml (or /etc/credential-gateway/config.yaml). The gateway refuses to start if the file is group- or world-readable, so a forgotten chmod doesn't quietly undo the whole point. # example: OpenAI-compatible HTTP proxy proxies: -…

    Permanent link to “Keep secrets out of your project files — even from AI agents”

  • Stuck mid-task…

    If you use Claude Code heavily, you've probably hit the quota wall mid-conversation and had to either wait or manually switch to a second account — digging up the right ANTHROPIC_AUTH_TOKEN, setting the env var, restarting. It's enough friction to break flow completely. agent-quota-gateway is a small Go reverse proxy you run locally on 127.0.0.1. You configure your Claude Code client to point at it instead of api.anthropic.com, and it manages a pool of your accounts behind the scenes. When one hits its quota limit, the gateway automatically switches to the next one and tells the client to retry — the mid-task context survives, the switch is transparent. # point Claude Code at the local gateway export ANTHROPIC_BASE_URL=http://127.0.0.1:9099 # the gateway reads credentials from env vars at startup AQG_POOL_MAIN_BACKEND_ACCT1=sk-ant-... AQG_POOL_MAIN_BACKEND_ACCT2=sk-ant-... A nice side effect: because the gateway does credential substitution on every request, your real OAuth tokens…

    Permanent link to “Stuck mid-task because your Claude account hit quota? Run multiple accounts behind a local proxy”

  • LightDM login…

    When earlyoom kills dbus-daemon under memory pressure, the user's systemd instance ([email protected]) enters a broken state: all user-level sockets fail with status=219/CGROUP because the cgroup delegation context is corrupt. The next login attempt connects to /run/user/1000/bus — the socket file is still there — but nothing is listening, so dbus-update-activation-environment gets "Connection refused" and xfce4-session (or any DE) crashes immediately. LightDM sees the session exit and returns to the greeter. The fix-display script (stop lightdm, kill stray X locks, restart lightdm) doesn't help here because the problem isn't an X lock — it's a dead D-Bus. Diagnosis cat ~/.xsession-errors # dbus-update-activation-environment: error: unable to connect to D-Bus: # Failed to connect to socket /run/user/1000/bus: Connection refused # /usr/bin/x-session-manager: X server already running on display :0 sudo -u davidw XDG_RUNTIME_DIR=/run/user/1000 systemctl --user list-units…

    Permanent link to “LightDM login bounces back to greeter after earlyoom kills dbus-daemon”

  • Native TUI hangs in…

    Launching a native Windows console TUI (Claude Code, codex, etc.) from a tmux pane on Git Bash gives you a frozen screen with a blinking cursor. The usual advice is "wrap it in winpty" — that's wrong, and it took three layers to get to the real fix. winpty cannot bridge through tmux winpty <app> works fine in plain mintty, so it's tempting. But inside a tmux pane it deadlocks: as the pane's initial command it hangs forever; as a child of the pane shell it exits with stdin is not a tty. winpty needs to own a Windows console and bridge stdio, and tmux's pty layer breaks that bridge. Don't reach for it in tmux. The console comes from ConPTY, which disable_pcon kills Native Windows apps can't use an MSYS/Cygwin pty as a console — to them it's just a pipe, so isatty() is false and the TUI renders garbled or bails. Modern MSYS solves this with ConPTY backing, controlled by the MSYS env var. Check yours: echo "$MSYS" # winsymlinks:nativestrict disable_pcon <- the…

    Permanent link to “Native TUI hangs in tmux on Git Bash? It's winpty, pcon, and fork-vs-exec”

  • Tired of Jira's…

    If your day looks like open Jira → wait for the SPA to boot → hunt for the ticket → click into the status dropdown → wait again, you already know the tax. Most of what we actually do to a ticket — move it, comment on it, assign it — is two seconds of intent buried under ten seconds of web app. jira-sh is a tiny bash CLI that skips all of it. One command, jr, talking straight to the Jira Cloud REST API. jr move PROJ-123 "In Review" jr comment PROJ-123 "Deployed to staging" jr view PROJ-123 No Electron, no browser, no waiting. It's a single bash script plus curl and python3 (standard library only for the core commands). Setup in four lines git clone https://github.com/shukebeta/jira-sh ~/Projects/jira-sh bash ~/Projects/jira-sh/install.sh # adds a source line to ~/.bashrc # put these in ~/.bashrc export JIRA_BASE=https://yourcompany.atlassian.net export [email protected] export JIRA_TOKEN=your-api-token source ~/.bashrc …more

    Permanent link to “Tired of Jira's slow UI? Drive it from your terminal with `jr`”

  • IT blocked SSH to…

    If a network policy change suddenly breaks git push/pull to [email protected]:..., the panic response is for r in */; do git -C "$r" remote set-url origin ...; done across N repos. Don't. Add this to ~/.gitconfig and never think about it again: [url "https://github.com/"] insteadOf = [email protected]: What it does: any URL starting with [email protected]: is transparently rewritten to https://github.com/... at fetch/push time. git remote -v still shows the SSH form (good for humans), but the actual network request goes over HTTPS (good for the firewall). Verify it works without pushing anything: GIT_TRACE=1 git ls-remote [email protected]:YOUR_USER/YOUR_REPO.git Look for run_command: ... remote-https ... in the output. If you see remote-ssh, the rule isn't matching (typo, wrong section, or a system-level gitconfig overriding it). The rule also covers submodule URLs and any URL that happens to embed [email protected]: — they're all rewritten the same way. If you have other GitHub…

    Permanent link to “IT blocked SSH to GitHub? One config line and you're done”

  • Two GitHub accounts…

    If you run gh auth setup-git, the GitHub CLI becomes git's credential helper — and it only ever hands out the token for the active account. The moment you git pull a repo belonging to your other account, you get the wrong token (403, or commits land under the wrong identity). There's no per-repo routing; you'd have to gh auth switch every single time you cross accounts. You can prove it to yourself — ask the helper for the non-active account and it returns nothing: "protocol=https`nhost=github.com`nusername=second-account`n`n" | & gh auth git-credential get # exit 1, no token The fix is to hand git over to Git Credential Manager (it already ships with Git for Windows). GCM picks the token by the username embedded in the remote URL, so routing becomes automatic. gh keeps working for gh issue/gh pr — it uses its own keyring, separate from the git helper. Switch the helper and point GCM at GitHub: git config --global --unset-all credential.https://github.com.helper git…

    Permanent link to “Two GitHub accounts on one Windows box, HTTPS only? Don't let `gh` be your git credential helper”

  • tmux Alt+z for pane…

    tmux's built-in pane zoom (Prefix+z) can be unreliable for users with Chinese input methods. The standalone z keystroke may be intercepted by the IME before tmux sees it, forcing you to switch to English mode first. Bind Alt+z as a prefix-free shortcut instead: bind -n M-z resize-pane -Z M-z (Alt+z) is sent as a Meta key sequence directly to the terminal, which most input methods don't intercept. The same logic applies to navigation—add hjkl pane switching without the prefix: bind -n M-h select-pane -L bind -n M-j select-pane -D bind -n M-k select-pane -U bind -n M-l select-pane -R This keeps tmus responsive regardless of your current input state.

    Permanent link to “tmux Alt+z for pane zoom works better with Chinese IME”

  • 网友语录 - 第83期 -…

    这里记录我的一周分享,通常在周六或周日发布。 人生可能有的两次觉醒 第一次是弗洛伊德 你明白了,痛苦、自卑、讨好与不安,往往来自童年的匮乏与创伤。你从此不再责备自己。 第二次是阿德勒 你明白了,纵然过去塑造了现在的你,但真正决定自己将来的,是当下的选择。你不再抱怨命运与现实的不公,不再随波逐流,而开始有意识地审视自己的每一个决定。 爽朗君QvQ. 必须学会当面拒绝别人 iklein 你努力回避的,正是你需要面对和反思的。 …more

    Permanent link to “网友语录 - 第83期 - 你努力回避的,正是你需要面对和反思的”

May 2026

  • Show each tmux…

    When you split a window into several panes — say a dev/planner/reviewer layout — it's easy to lose track of which directory each one is actually in. tmux exposes pane_current_path, so you can paint the cwd right onto the pane's top border: set -g pane-border-status top set -g pane-border-format " #{pane_index}: #{pane_title} [#{pane_current_path}] " Full paths get long and crowd out the title. Two ways to trim. #{b:...} gives just the basename (last component): set -g pane-border-format " #{pane_index}: #{pane_title} [#{b:pane_current_path}] " Or abbreviate $HOME to ~ with tmux's s/search/replace/ modifier. The neat trick is that the replacement is itself a format, so you can nest #{HOME} inside it — no hardcoded username, so the same dotfile works on every machine: set -g pane-border-format " #{pane_index}: #{pane_title} [#{s|^#{HOME}|~|:pane_current_path}] " s takes any delimiter after it; using | keeps the slashes in the path readable, and ^ anchors…

    Permanent link to “Show each tmux pane's working directory on its border (with ~ for $HOME)”

  • tmux `run-shell`…

    A common pattern for "hop to another session before killing this one" looks like this: bind Q run-shell 'next=$(tmux list-sessions -F "#{session_name}" 2>/dev/null \ | grep -v "^#{session_name}$" | head -1); \ if [ -n "$next" ]; then tmux switch-client -t "$next"; \ tmux kill-session -t "#{session_name}"; \ else tmux kill-session; fi' It doesn't work. run-shell expands all #{...} format strings before handing the command to the shell. So list-sessions -F "#{session_name}" becomes list-sessions -F "mysession" — a literal string, not a format specifier. Every session prints "mysession", grep -v strips them all, $next is always empty, and you drop straight to bash. The fix is one line: set -g detach-on-destroy off bind Q kill-session detach-on-destroy off is a native tmux option: when a session is destroyed, the client automatically switches to another surviving session. It only falls back to…

    Permanent link to “tmux `run-shell` eats your format strings — use `detach-on-destroy off` instead”

  • tmux: Hold Alt and…

    The standard way to switch to the previous tmux session is prefix + ( (or a custom prefix + b). The problem: every switch requires the full prefix chord again. You can't hold Ctrl and keep tapping — tmux swallows the first keypress as the prefix and expects a fresh command key each time. Use a no-prefix binding instead. Add to ~/.tmux.conf: # Alt+b to switch to previous session (no prefix needed). bind -n M-b switch-client -p The -n flag means "no prefix required." Now you hold Alt and tap b repeatedly to cycle through sessions — no prefix dance, no finger gymnastics. Why Alt+B and not something else: it's close to the default prefix (Ctrl+B) so it's easy to remember, and it doesn't conflict with any common terminal or shell binding. Your mileage may vary if you use Alt-heavy terminal apps.

    Permanent link to “tmux: Hold Alt and Spam B to Cycle Sessions”

  • Launch a new tmux…

    Tools like team and adhoc (from the mux-relay framework) derive the project root from $PWD at invocation time. The natural instinct is to open a new tmux window, cd to the target directory, then run the command. That works, but it leaves a ghost window in the original session — and if that window gets cleaned up or the session reshuffles, pane working directories can silently drift to deleted paths. A subshell avoids all of that: (j my-project && team) The parentheses spawn a subshell. Inside it, j (zoxide) changes directory to the project, then team launches the new session with the correct $PWD. Because new-session -d is detached and switch-client handles the jump, the new session is fully independent — no nesting, no leftover windows. When the subshell exits (right after team returns), the original pane's $PWD is untouched. You never left it. This pattern works for any command that reads $PWD but doesn't accept a -C / --directory flag: (cd ~/Projects/something &&…

    Permanent link to “Launch a new tmux session from the right directory — without polluting the current one”

  • diffstat: the first…

    When you're staring at a 5000-line diff, your eyes glaze over before you've read past the first file. diffstat gives you the bird's-eye view in one screen: gh pr diff 137 | diffstat lib/relay-runtime.sh | 2692 ----------------------------------- lib/relay/backends.sh | 142 ++++ lib/relay/cli.sh | 326 +++++++ lib/relay/cycle.sh | 99 ++ lib/relay/issue-comments..| 179 ++++++ lib/relay/issues.sh | 173 ++++++ lib/relay/project-regist..| 274 ++++++++ lib/relay/session.sh | 692 ++++++++++++++++++++++++++ lib/relay/telegram.sh | 389 ++++++++++++++++ lib/relay/tmux-send.sh | 337 +++++++++++++++ lib/relay/worktree.sh | 206 ++++++++ 11 files changed, 2848 insertions(+), 2686 deletions(-) From that one output you can immediately see: this is a file split (one huge file → ten smaller ones), the net change is roughly neutral, and session.sh is the biggest new file at 692 lines. That's enough to form a review strategy before reading a single line of diff. It also works with local diffs: git diff…

    Permanent link to “diffstat: the first thing to reach for when reviewing a big PR”

  • When your…

    The my-ai-team relay has a .my-ai-team/<mode>.md prompt override mechanism — drop a markdown file into a directory and it replaces the shipped system prompt for that agent mode. It never worked in practice. The code was there, the tests passed, but real users' override files were never found. The bug was a root resolution mismatch, not a logic error. The mechanism _mux_prompt_override() in lib/relay-runtime.sh decides which prompt file an agent gets: relay_root="$(_mux_relay_root)" override_path="${relay_root}/.my-ai-team/${mode}.md" It looks for .my-ai-team/<mode>.md under the relay root, then falls back to agents/<mode>.md. What went wrong _mux_relay_root() returns the install root (~/.local/share/my-ai-team/), not the project root. Meanwhile mux-agent-launch correctly receives MUX_PROJECT_ROOT (the user's project directory) and even cds into it — but _mux_prompt_override() never sees it. Users put .my-ai-team/ in their project. The code only…

    Permanent link to “When your "extensible" feature never works: trace the root, not just the hook”

  • "Permission denied"…

    You try to rename a directory and get blocked: # Git Bash $ mv my-ai-team my-ai-team.old.1 mv: cannot move 'my-ai-team' to 'my-ai-team.old.1': Permission denied # PowerShell, even elevated PS> Move-Item .\my-ai-team .\my-ai-team.old.1 Move-Item: You do not have sufficient access rights to perform this operation or the item is hidden, system, or read only. The instinct is to reach for chown/takeown/icacls. On Windows that's usually the wrong tree to bark up. When even an administrator shell is denied, the cause is almost never the ACL — it's a runtime lock: some process has a file inside the directory open, or has the directory itself as its current working directory. Windows surfaces that lock as "Access denied," which reads like a permissions problem but isn't. Rule out permissions in two commands …more

    Permanent link to “"Permission denied" renaming a folder on Windows is usually an open handle, not a permission”

  • Turn off Tailscale…

    If you enabled Tailscale's built-in SSH server with tailscale up --ssh and then realized you'd rather just use OpenSSH with a real key (no periodic browser auth to Tailscale, fewer moving parts), the way you turn it off matters. Use this: sudo tailscale set --ssh=false It flips that one flag and nothing else. tailscale status stops listing the SSH service, OpenSSH is untouched, your existing tailnet connection keeps running. The trap is reaching for tailscale up --ssh=false. up is sticky — it reapplies your full login configuration — so it can prod you to re-authenticate in the browser, and any other flags you tweaked but forgot about get reset to defaults too. set is the surgical knob for toggling a single option without disturbing the rest. Same shape applies to other booleans Tailscale exposes (--advertise-exit-node, --accept-routes, --shields-up): once the node is up and authenticated, prefer tailscale set --flag=... over re-running tailscale up.

    Permanent link to “Turn off Tailscale SSH without re-logging in”

  • Designing "Explore"…

    I run a small multi-agent dev setup (my-ai-team) with three session modes: team (planner/developer/reviewer relay), adhoc (one agent owns the whole delivery cycle), and explore. The explore mode is still an RFC — we haven't shipped it yet. But the design already taught us something useful about how to scope agent autonomy. The first draft was all negatives The obvious way to define an investigation-only mode is to list what it can't do: no issues, no branches, no PRs, report findings and stop. That works — until it doesn't. The problem: there's always a case the fence didn't anticipate. If poking at a bug turns up a one-line fix, the rules force an awkward choice between "break protocol and just fix it" or "hand off to a separate session for a trivial change." Neither is right. Define by entry condition instead The fix was to redefine explore by how it starts, not what it's forbidden from doing. Team and adhoc carry a delivery obligation from the first message —…

    Permanent link to “Designing "Explore" Mode: Define by Entry, Not by Fences”

  • "Might could"…

    Non-native English speakers — especially those whose native language stacks modals freely — sometimes write things like: "One thing we might could improve..." This is a double modal. It exists in some regional American dialects (Southern US) but is grammatically incorrect in standard and professional English. Pick one modal: might or could. The right choice depends on intent: "One thing we could improve" — confident suggestion, implies you see a concrete area to fix. This is usually what you mean. "One thing we might improve" — tentative, sounds like you're unsure whether improvement will happen at all. Weaker than you probably intend. "One thing we might want to improve" — works, but adds unnecessary words. "Could" is cleaner. The other trap in the same sentence: "the pipeline I re-run" vs "the pipeline I reran". "Re-run" is the present tense or a noun; if the action already happened, it's reran (past…

    Permanent link to “"Might could" sounds natural to you but it's a double modal in English”

  • Garbled text before…

    You SSH into a machine and see garbage like ile://host/home/userurrentDir=/home/user before your prompt. Locally everything is fine. What happened? Your PROMPT_COMMAND includes an OSC 7 / OSC 1337 sequence that reports the current directory to the terminal emulator. Locally, WezTerm (or iTerm2, etc.) intercepts these invisible escape sequences. Over SSH with TERM=linux, no terminal emulator is listening — the raw bytes print as text. The fix is a guard condition before wiring __report_cwd into PROMPT_COMMAND: if [[ -n "${TERM_PROGRAM:-}" || "${TERM:-}" =~ xterm|screen|tmux|wezterm|alacritty ]]; then [[ ":$PROMPT_COMMAND:" != *__report_cwd* ]] && \ PROMPT_COMMAND="__report_cwd${PROMPT_COMMAND:+; $PROMPT_COMMAND}" fi When TERM=linux (plain SSH) and TERM_PROGRAM is empty, the function is skipped entirely. No escape sequences, no garbage. After deploying the fix, start a fresh shell — PROMPT_COMMAND is already set in the running session and…

    Permanent link to “Garbled text before PS1 over SSH? Your OSC sequences are leaking”

  • Short-lived tokens…

    You protect ~/.bashrc.secret with chmod 444 so nothing accidentally overwrites your API keys and passwords. Then your token-refresh script needs to write a new session cookie somewhere — and hits Permission denied. The fix isn't adding a second writable secrets file. It's stop persisting short-lived tokens entirely. Refactor the refresh script to output TOKEN HASH on stdout and let the caller capture it: # refresh_token — reads credentials, prints session token to stdout CREDENTIALS=$(bash ~/bin/refresh_token 2>/dev/null) TOKEN=$(echo "$CREDENTIALS" | awk '{print $1}') HASH=$(echo "$CREDENTIALS" | awk '{print $2}') No file writes. No second secrets layer. The token lives in the process environment for the duration of the operation and disappears when it's done. This works because session tokens are cheap to re-obtain — one HTTP call with stored credentials. The only reason to persist them is avoiding that call, which is almost never worth the complexity of…

    Permanent link to “Short-lived tokens don't belong in the same file as long-lived credentials”

  • One Telegram Bot +…

    Running the same Telegram bot relay as a systemd service on multiple machines means both instances poll the same bot token. Telegram delivers each update to one consumer only — so messages vanish at random, or land on the wrong host. Both sides think they're healthy; neither is. The fix: one bot per machine, one channel per bot. Each channel becomes a dedicated console for exactly one host. No coordination needed, no distributed locks, no split-brain. To manage multiple bot tokens in a shared dotfiles repo, key them by hostname: # dotfiles — all tokens in one file, encrypted as usual export TG_TOKEN_homeserver="token_aaa" export TG_TOKEN_vps="token_bbb" # relay picks its own token at runtime export TG_TOKEN=$(eval echo \$TG_TOKEN_$(hostname)) Every machine runs the same service file unchanged — hostname resolves to the right token automatically. Adding a third machine is just a new bot, a new channel, and one more TG_TOKEN_<hostname> line. TG Channel:…

    Permanent link to “One Telegram Bot + Two Machines = Silent Message Loss”

  • `exec bash` vs…

    After changing your hostname with hostnamectl set-hostname, the current terminal still shows the old name. You want a fresh shell — but bash and exec bash behave differently. Running bash spawns a child process. Your old shell is still alive underneath, and $SHLVL increments by one. Environment changes (like the new hostname) are picked up, but you've added a layer: $ echo $SHLVL 1 $ bash $ echo $SHLVL 2 Nested shells can cause subtle issues — exit only drops you back to the parent, aliases and env vars may differ between layers, and deep nesting is easy to accidentally accumulate. exec bash replaces the current process in-place (same PID). The old shell is gone, a new one takes over, and $SHLVL stays the same: $ echo $SHLVL 1 $ exec bash $ echo $SHLVL 1 This is the clean way to reload your shell config after changing .bashrc, updating $HOSTNAME, or any other env-level change. No nesting, no leftover state.

    Permanent link to “`exec bash` vs `bash`: don't nest your shells”

  • Telegram Bot Custom…

    Telegram bots can show a command menu when users type / in a chat. Registering commands is a single API call — no approval, no webhook setup, no special bot-side handling. curl -s -X POST "https://api.telegram.org/bot<TOKEN>/setMyCommands" \ -H "Content-Type: application/json" \ -d '{"commands": [ {"command": "status", "description": "Show active host"}, {"command": "switch", "description": "Switch active host"} ]}' From the bot's perspective, /status or /switch desktop arrives as plain text in message.text — you parse it like any other message. Scope-aware deletion deleteMyCommands supports optional scope and language_code parameters so you can clear commands for specific contexts (private chats, groups, a single chat, a specific language). But there's no API to delete individual commands. The elegant part: setMyCommands always does a full overwrite. Sending an empty…

    Permanent link to “Telegram Bot Custom Commands: setMyCommands and the empty-array delete”

  • Tmux Windows…

    If you're still using terminal tabs, tmux windows do the same job with extras you didn't know you needed. The hierarchy: Session > Window > Pane. A session holds multiple windows, each window can be split into panes. The bottom status bar shows all windows at a glance: [main] 0:bash* 1:vim- 2:server * marks the active window, - marks the previous one. You always know where you are. Key bindings to internalize: Action Key New window Ctrl+b c Next window Ctrl+b n Previous window Ctrl+b p Jump by number Ctrl+b 0~9 List all windows Ctrl+b w Rename window Ctrl+b , What tmux gives you over plain terminal tabs: Survives disconnects — SSH drops? Reconnect with tmux attach, everything is still there. Terminal tabs are gone the moment the connection dies. Panes — Split any window horizontally or vertically without opening another tab. Scriptable — Create and arrange windows/panes from a script or config. The one real risk: if the machine itself reboots, the session is gone. tmux-resurrect…

    Permanent link to “Tmux Windows Replace Terminal Tabs (And Then Some)”

  • nohup Is Insurance,…

    Both prevent a process from dying when you close the terminal, but they work at different stages and with different guarantees. nohup intervenes before launch. It sets the process itself to ignore SIGHUP via sigaction, so no matter who sends the signal, the process won't react. It also redirects stdout/stderr to nohup.out (or a file you specify). POSIX-standard, portable to any shell. disown intervenes after launch. It removes the process from the shell's job table so the shell won't notify it on exit — but the process has no built-in signal immunity. Some SSH/terminal implementations broadcast SIGHUP to the entire process group on disconnect, bypassing the shell entirely. In that case disown alone won't save you. # nohup: know you need it upfront nohup python train.py > train.log 2>&1 & # disown: the "oh crap I need to leave" rescue ./long_task.sh # already running... # Ctrl+Z to suspend, then: bg disown %1 # Belt and suspenders — use both nohup cmd >…

    Permanent link to “nohup Is Insurance, disown Is a Lifeline”

  • Prevent Linux OOM…

    When a Linux box slowly bleeds memory over hours, the kernel OOM killer kicks in too late — by then the machine is already frozen. Two complementary fixes: earlyoom kills a hog before the system locks up, and a periodic memory snapshot gives you post-mortem data next time it happens. earlyoom Install and go — on Debian it's one command and the service auto-enables: sudo apt-get install -y earlyoom systemctl status earlyoom.service Defaults (Debian package): kills when available RAM drops below 10% and available swap drops below 10%. Sends SIGTERM first, then SIGKILL. Configurable via /etc/default/earlyoom or override flags in the systemd unit. Memory snapshot every 5 minutes When the machine eventually does die, you want to know what was growing. A systemd timer + shell script + logrotate gives you that with near-zero overhead. The capture script (/usr/local/bin/memsnap-capture): …more

    Permanent link to “Prevent Linux OOM Freezes with earlyoom + Lightweight Memory Forensics”

  • Attach a GNU screen…

    You have a screen session running in one terminal and want to interact with it from a second terminal on the same host. Two modes: Share it — both terminals see and type in the same session: screen -x <session> Great for pair debugging. Both clients are attached simultaneously. Take it over — detach the other client and bring the session here: screen -d -r <session> Use this when you're switching from SSH to local, or reclaiming a session you accidentally left open elsewhere. Find your session name first: screen -ls If the session belongs to a different user, you'll need that user's permissions (or sudo).

    Permanent link to “Attach a GNU screen session from another terminal”

  • tmux send-keys…

    When dispatching commands between tmux sessions, tmux send-keys -t <target> '<command>' Enter exits 0 and the command text appears in the target's input buffer — but the Enter never commits. The agent sits idle. The dispatcher sees success. Nothing happened. This hits hardest with long commands that trigger tmux's bracketed paste mode: the trailing Enter gets absorbed into the paste block instead of executing it. Two other failure modes: the target app is in a modal state (dialog, secondary prompt) that swallows Enter, or the input handler is loaded and drops the keystroke. The fix is a verify-and-retry loop after every dispatch: dispatch() { local target="$1" cmd="$2" # 1. Send tmux send-keys -t "$target" "$cmd" Enter # 2. Wait for the target to start processing sleep 3 # 3. Verify it's actually working, not just staged if tmux capture-pane -t "$target" -p -S -10 | tail -10 \ | grep -qE…

    Permanent link to “tmux send-keys silently drops the final Enter”

  • 网友语录 - 第82期 -…

    这里记录我的一周分享,通常在周六或周日发布。 懒聪 我们终其一生寻找的应该是,自己喜欢的生活和自己本该成为的人。所以多走点弯路没关系,花很多时间在路上也不要紧。只要你一直在成为自己的路上就行。命运的仁慈就在于,只要你往前走,它总是给路。 One could say in the first quarter-century of my life, that while I was always fascinated by programming, I could never overcome the guilt of not really knowing whether the tool I am building right now isn’t already superceded by some much better implementation someone else has already written 30 or 40 years ago; I could write a TSV-aware search and replace, or I could find out about awk and solve that entire class of problems in one fell swoop, for example. My central conceit is that this is a trap. You need to reinvent a couple of wheels to get to the edge of what we know about wheel-making, not a thousand wheels, and not zero; probably four or five is sufficient in most domains, maybe closer to twenty or thirty in the most epistemically rigorous and developed fields like mathematics or computer science. Each wheel you reinvent, and every directed question you ask…

    Permanent link to “网友语录 - 第82期 - 人一定要学会两件事,一个是靠自己,一个是为自己。一定要保持独立”

  • AI coding CLIs all…

    When you need a clean slate — testing, debugging, or isolating a project — each major AI coding CLI lets you override its config directory via an environment variable: # Claude Code CLAUDE_CONFIG_DIR=/tmp/claude-clean claude # GitHub Copilot CLI COPILOT_HOME=/tmp/copilot-clean copilot # OpenAI Codex CLI CODEX_HOME=/tmp/codex-clean codex These replace the entire config directory (~/.claude/, ~/.copilot/, ~/.codex/), so existing sessions, permissions, and plugins won't carry over. Copy the default directory contents if you need to preserve anything. Copilot also has a separate COPILOT_CACHE_HOME for marketplace cache and update packages — setting COPILOT_HOME alone won't relocate those.

    Permanent link to “AI coding CLIs all support a custom config directory”

  • One IP, Multiple…

    In the HTTP era, virtual hosting was trivial: one IP serves many domains, the Host header tells them apart. HTTPS breaks this because TLS handshake happens before any HTTP header — the server must pick a certificate before knowing which domain the client wants. SNI — the standard fix Server Name Indication is a TLS extension where the client sends the target hostname during handshake. All modern clients support it. Nginx uses it automatically — just define separate server blocks: server { listen 443 ssl; server_name a.com; ssl_certificate /etc/ssl/a.com.crt; ssl_certificate_key /etc/ssl/a.com.key; } server { listen 443 ssl; server_name b.com; ssl_certificate /etc/ssl/b.com.crt; ssl_certificate_key /etc/ssl/b.com.key; } Each domain gets its own certificate. Nginx routes based on SNI. Zero extra config needed. When you'd rather use one certificate For a handful of related domains, a SAN certificate (Subject Alternative Name) covers multiple names in one cert: server { listen 443 ssl;…

    Permanent link to “One IP, Multiple HTTPS Domains on Nginx — SNI Solves It”

  • Git alias could run…

    I Wrote a git alias using [[ ... ]] and =~. Works fine in my interactive bash. Run the alias and it explodes: $ git co master ... Syntax error: "(" unexpected (expecting "then") First instinct: "but I have bash installed": $ ls -l /bin/bash -rwxr-xr-x 1 root root 1298416 ... /bin/bash $ /bin/bash --version GNU bash, version 5.2.37(1)-release ... Doesn't matter. A git alias starting with ! is hardcoded to run under /bin/sh — it doesn't read $SHELL, doesn't care what your login shell is. On Debian/Ubuntu /bin/sh -> dash, and dash doesn't understand [[, =~, == or other bash extensions: $ ls -l /bin/sh lrwxrwxrwx 1 root root 4 ... /bin/sh -> dash $ echo '[[ "a" == a* ]]' | /bin/sh /bin/sh: 1: [[: not found The source is run-command.c::prepare_shell_cmd() in git itself — it literally calls sh -c. Two fixes: Wrap in bash -c explicitly (minimal change, but the nested quoting inside an alias gets ugly fast): co = "!bash -c 'f() { ...bash…

    Permanent link to “Git alias could run in dash, not bash — even if `/bin/bash` exists”

  • Run Multiple Claude…

    Use CLAUDE_CONFIG_DIR to point Claude Code at a different config directory — credentials, settings, sessions all go there instead of ~/.claude. mkdir -p ~/.claude-work CLAUDE_CONFIG_DIR=$HOME/.claude-work claude Set up aliases in your shell config for quick switching: alias claude-work='CLAUDE_CONFIG_DIR=$HOME/.claude-work claude' First launch in the new directory triggers the login flow — that's how you get account isolation. Both instances can run simultaneously without interference. Share session history between instances CLAUDE_CONFIG_DIR is all-or-nothing — no built-in way to share just sessions. Symlink the projects/ directory back to the original to get shared session history with separate settings: mkdir -p ~/.claude-work cp ~/.claude/settings.json ~/.claude-work/settings.json ln -s ~/.claude/projects ~/.claude-work/projects This gives you independent config/credentials but a unified session list. New sessions written by either instance appear in both (bidirectional). No…

    Permanent link to “Run Multiple Claude Code Instances with Separate Configs”

  • WSL SSL Certificate…

    If curl throws SSL certificate problem: unable to get local issuer certificate every time in WSL, it's usually a stale CA bundle — especially common on corporate networks running SSL inspection (Zscaler, etc.). First, refresh the bundle: sudo apt-get update && sudo apt-get install -y ca-certificates sudo update-ca-certificates That fixes most cases. If not, try a full reinstall: sudo apt-get install --reinstall ca-certificates sudo update-ca-certificates --fresh On corporate networks, you likely need your company's root CA certs. You probably already have them somewhere in your Windows filesystem (.crt or .cer files). Copy them all into the trusted store: sudo cp /c/Certificates/*.crt /usr/local/share/ca-certificates/ sudo cp /c/Certificates/*.cer /usr/local/share/ca-certificates/ sudo update-ca-certificates Skip .pfx files — those contain private keys and are a different format. If you don't have the certs handy, export them from Windows: # PowerShell — list all root certs,…

    Permanent link to “WSL SSL Certificate Errors on Corporate Networks”

  • whoseport: Find…

    ss -tlnp and lsof -i :PORT tell you the PID and command name, but for Node.js or Python processes, "node" or "python" alone doesn't tell you which project is running. The working directory is what you actually need — and it's sitting right there in /proc/$pid/cwd. Put this in ~/.bashrc: whoseport() { if [ -z "$1" ]; then sudo ss -tlnp | tail -n +2 | while read -r line; do port=$(echo "$line" | grep -oP ':\K[0-9]+(?=\s)') pid=$(echo "$line" | grep -oP 'pid=\K[0-9]+' | head -1 | tr -dc '0-9') [ -n "$pid" ] && echo "PORT: $port | PID: $pid | CMD: $(ps -p $pid -o comm=) | CWD: $(readlink /proc/$pid/cwd)" done else whoseport | grep 'PORT: '$1 fi } Usage: $ whoseport 6173 PORT: 6173 | PID: 1326886 | CMD: node | CWD: /home/davidw/Projects/ccode_viewer/server $ whoseport # list all listening ports PORT: 61217 | PID: 1356 | CMD: tailscaled | CWD: / PORT: 22 | PID: 1385 | CMD: sshd | CWD: / A few things that went…

    Permanent link to “whoseport: Find What's Listening on a Port (With Working Directory)”

  • Git Worktree:…

    Need to work on two branches simultaneously without stashing or cloning? git worktree creates a separate working directory that shares the same .git — no duplicate objects, no wasted space. git worktree add <path> <branch> For example, to checkout feature/login into a sibling directory: git worktree add ../my-feature feature/login This creates ../my-feature with the branch checked out and ready to work. Commits, branches, and remotes are shared — it's one repository, multiple workspaces. Day-to-day operations: git worktree list — see all linked worktrees git worktree remove <path> — clean up when done One restriction: the same branch cannot be checked out in two worktrees at once. Git enforces this to prevent conflicting writes to the ref.

    Permanent link to “Git Worktree: Checkout an Existing Branch Into a Separate Directory”

  • WSL2 Won't Run on…

    Most EC2 Windows Server instances don't expose nested virtualization to the guest OS. WSL2 requires Hyper-V extensions, so it simply won't start. WSL1 works fine — it's a translation layer, not a VM. Enable the WSL feature and reboot in an Admin powershell window: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux Restart-Computer After reboot, pin the default version to 1: wsl --set-default-version 1 On Windows Server, Add-AppxPackage is often broken or unavailable, so the standard wsl --install route fails. Use wsl --import with a rootfs tarball instead: Now use a non-admin powershell: mkdir $HOME\WSL mkdir $HOME\WSL\Ubuntu Then: wsl --import Ubuntu $HOME\WSL\Ubuntu .\ubuntu.tar.gz --version 1 What you lose with WSL1: no Docker, no real Linux kernel, no systemd, weaker filesystem compatibility. Fine for CLI tooling, scripting, and build environments. If you need a real kernel, spin up a native Linux EC2 instance instead.

    Permanent link to “WSL2 Won't Run on EC2 Windows Server? Use WSL1”

  • Auto-run startup…

    Oracle's diagnostic files (trace, incident dumps, listener logs) grow without bound inside the container. If you're running doctorkirk/oracle-19c locally, they'll silently eat your disk. The fix: mount a startup script into /opt/oracle/scripts/startup/ — this directory runs on every container start (unlike /docker-entrypoint-initdb.d/ which only runs on first database creation). # docker-compose.yml volumes: - ./startup-scripts:/opt/oracle/scripts/startup # startup-scripts/init.sh (chmod +x) #!/bin/bash echo "=== Oracle startup config starting ===" # Set ADR purge policies — auto-delete old diagnostic files adrci <<EOF set home diag/rdbms/orcl/ORCL set control (SHORTP_POLICY = 24) set control (LONGP_POLICY = 48) set home diag/tnslsnr/$(hostname)/listener set control (SHORTP_POLICY = 24) set control (LONGP_POLICY = 48) EOF echo "ADR purge policy set: SHORT=24h, LONG=48h" # Disable listener log (it's huge and rarely needed locally) lsnrctl set log_status off…

    Permanent link to “Auto-run startup scripts in Oracle 19c Docker to keep disk clean”

  • tmux mouse…

    With set -g mouse on in tmux, dragging to select text enters copy mode but the selection stays trapped inside tmux — it never reaches the system clipboard. The fix is a two-line binding that pipes the selection through xclip: # ~/.tmux.conf set -g mouse on # Auto-copy on mouse drag end bind -T copy-mode MouseDragEnd1Pane send -X copy-pipe-and-cancel "xclip -selection clipboard" # Fallback: also copy on simple mouse-up (covers cases where drag is too short) bind -T copy-mode MouseUp1Pane send -X copy-pipe-and-cancel "xclip -selection clipboard" You need xclip installed (sudo apt install xclip). Reload with tmux source-file ~/.tmux.conf. The copy-pipe-and-cancel does three things at once: grabs the selection, pipes it to xclip -selection clipboard, then exits copy mode (which clears the highlight). That's how you know it worked — the highlight disappearing means the text is in your clipboard. Why two bindings MouseDragEnd1Pane only fires on a proper drag. If you…

    Permanent link to “tmux mouse selection not copying to clipboard? Bind MouseDragEnd + MouseUp”

  • WezTerm stealing…

    WezTerm binds Alt+Enter to toggle fullscreen by default. That hijacks Alt+Enter newline in Claude Code, GitHub Copilot, and other terminal-based tools. Drop this in ~/.wezterm.lua to disable the default and remap fullscreen to Ctrl+Shift+F11: local wezterm = require 'wezterm' local config = wezterm.config_builder() config.keys = { { key = 'Enter', mods = 'ALT', action = wezterm.action.DisableDefaultAssignment, }, { key = 'F11', mods = 'CTRL|SHIFT', action = wezterm.action.ToggleFullScreen, }, } return config Config takes effect immediately on save — no restart needed.

    Permanent link to “WezTerm stealing Alt+Enter? Here's the fix”

  • 网友语录 - 第81期 -…

    这里记录我的一周分享,通常在周六或周日发布。 如月中天 #神秘的摘抄 没有人会知道自己最终会走向何方,选择可以引申出千万种可能,但是属于我们的当下只有这么一个。即便是有许多缺憾的它,依然有很多值得我们珍惜和守护的人与事物。 Marskay 他不喜欢讲话,但是做了老师不得不讲。他更希望的生活状态是只和很少人说话,写完一本书接着写另一本。等他退休了,他想去山里住,种竹子和芭蕉。竹子干净,它的竿上有细细的绒毛,没有别的东西,在竹子上写字好看,芭蕉叶上写字也好看。春天,竹子生长的声音很大。夜里,雨打在芭蕉上的声音也很大。 闽南大翠花 任何时候都不要期望着自己能够改变任何人,就像天正在下雨,你可以选择撑伞或叫出租车,唯独不能跟雨较劲。 mywaiting Cloudflare Zero Trust 有一个 Free 方案,支持最多 50 个用户。对于个人远程运维、管理家庭服务器或实验室设备来说,这个额度绰绰有余。而且支持 Tunnel 代理 SSH,直接浏览器访问就能操作服务器 SSH 而无需暴露任何端口配置,完美啊!(听起来和tailscale有一拼,但我并不知道这个产品,有时间拿来试试 桌面宠物 dimlau 2026-05-04 Codex Pet 是 OpenAI 为 Codex 推出的一项桌面端体验功能,本质上是一个像素风的桌面互动陪伴宠物。 我突然想起前两天偶然翻到的 2007 年的一篇文章里写到: 如果能有一个桌面宠物——没有程序边框的,宠物活动的时候也不影响进行其它程序操作的——集成一些实用的功能,并且带有一点哪怕很粗糙的人工智能、情感养成系统等等,应该是很酷很科幻的一件事吧!- 订阅的 feed 或者你的邮件有更新了宠物会提醒你查看; 通过“阅读”你订阅的文章,宠物也能学习一些日常用语和你对话; 虽然很讨厌但是它还是会不时的提醒你“对着电脑很久了,该歇歇了”; 你长时间没有对它操作时,它会通过网络去同样养宠物的桌面串门,虽然很冒昧,我觉得可爱宠物入侵一般不会有人怪罪吧?被串门的电脑用户,可以选择喂来访宠物或者驱走它,同时你的宠物串门完毕后会根据别人的招待程度留下一份记录,你可以通过这份记录得知一些陌生人的网站、blog、feed 地址,并知道这个人对你的宠物干了什么; 你对宠物的照料决定了它会不会离家出走不回来; …… 原谅我 24…

    Permanent link to “网友语录 - 第81期 - 属于我们的当下只有这么一个。即便是有许多缺憾的它,依然有很多值得我们珍惜和守护的人与事物”

  • Setting…

    Trying to isolate a child process by setting an env var in .env, only to find the value inherited from your shell wins instead. dotenv by default does not overwrite existing process.env values. This bit me in HelloEDi. I wanted to spawn claude -p with CLAUDE_CONFIG_DIR pointing at an isolated dir so the user's global ~/.claude/CLAUDE.md (which carries a personal persona) wouldn't leak into the assistant. .env had: CLAUDE_CONFIG_DIR=/home/davidw/.helloedi/claude-home But my shell already exports CLAUDE_CONFIG_DIR=/home/davidw/.claudeh for my own Claude Code setup. dotenv loaded .env, saw the var already set, did nothing. The server's process.env.CLAUDE_CONFIG_DIR was still the shell's value. The spawned claude happily read the persona from there. The assistant introduced itself with the wrong name. The fix is to never put the canonical var name in .env when your dev environment is likely to export it. Use a project-internal name and translate on spawn: # .env…

    Permanent link to “Setting `CLAUDE_CONFIG_DIR` in `.env`? It silently loses to your shell.”

  • Your .bashrc bails…

    The first non-comment line in most .bashrc files is this: [ -z "$PS1" ] && return It means: if this shell isn't interactive, do nothing. Innocent-looking, but it silently breaks any agent that shells out via bash -c '...' — the child shell gets no PATH additions, no cargo env, no API keys you carefully exported in .bashrc.custom. Your terminal works fine, your CLI agents don't, and the failure mode is some bare command name "not found" that has nothing to do with the actual problem. The fix is to split the file by purpose (env vs interactive), not by file (.bashrc vs .bashrc.custom), and use BASH_ENV as the loader for non-interactive shells. Split env from interactive Pull every export, every PATH= mutation, every . ~/.cargo/env and . ~/.bashrc.secret out of .bashrc.custom and put them in a new file. Call it ~/.bashrc.env. It must be idempotent and produce no output (no echo, no which). # ~/.bashrc.env — env-only, safe for both interactive and…

    Permanent link to “Your .bashrc bails out before agents see PATH — fix it with BASH_ENV”

  • Stop opening admin…

    If you've been alt-tabbing to an admin cmd window to run mklink every time you wanted a symlink on Windows, there's a much cleaner way nobody seems to mention. Two settings, set them once, forget about it. The reason ln -s in git-bash silently turns into cp by default is two unrelated barriers stacked together: Windows non-admins can't create symlinks unless Developer Mode is on. MSYS (git-bash's runtime) doesn't even try to create native symlinks without the MSYS env var set. Fix the first once with admin, fix the second in your shell profile. # Run once in admin PowerShell, or use Settings → Update & Security → For developers → Developer Mode Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" ` -Name "AllowDevelopmentWithoutDevLicense" -Value 1 -Type DWord # In ~/.bashrc export MSYS=winsymlinks:nativestrict nativestrict makes failures loud — ln -s errors out instead of silently copying when symlinks aren't supported. Avoid…

    Permanent link to “Stop opening admin cmd just to mklink — git-bash can do real symlinks”

  • WT keeps opening as…

    Your Windows Terminal default tab is opening with admin privileges and you don't remember asking for it. The intuitive guess is the AppCompat Layers registry — that's where ticking "Run as administrator" on a shortcut's compatibility tab gets stored, and it persists across reinstalls. Worth checking, but it's the second place to look for WT. The first place is settings.json: { "commandline": "C:\\Program Files\\Git\\bin\\bash.exe", "elevate": true, "guid": "{17c3a2bf-...}", "name": "Git Bash" } WT 1.18+ added elevate as a per-profile flag. When it's true and that profile is also pointed to by defaultProfile, every new window silently opens elevated — no UAC prompt at the tab level because the elevation happened at WT launch. Delete the line, restart WT, done. If you still want an admin tab on demand, add a second profile with a fresh GUID and a different name (e.g. "Git Bash (Admin)") that keeps…

    Permanent link to “WT keeps opening as Administrator? Check settings.json before the registry”

  • VARCHAR2(4000 CHAR)…

    VARCHAR2(4000) means 4000 bytes, not characters. Most people know this. What's less obvious: VARCHAR2(4000 CHAR) doesn't guarantee 4000 characters either. Under the default MAX_STRING_SIZE=STANDARD, the hard column cap is 4000 bytes regardless of whether you declared BYTE or CHAR. In AL32UTF8, a Chinese character takes ~3 bytes, so VARCHAR2(4000 CHAR) on a column storing CJK text will fail once the actual byte count exceeds 4000 — around ~1333 characters in. To actually store 4000 CJK characters in a single VARCHAR2, the instance needs MAX_STRING_SIZE=EXTENDED (12c+), which raises the limit to 32767 bytes. This is not the default — not even in 19c — and it's a one-way migration that requires running utl32k.sql in upgrade mode. Oracle keeps it off by default precisely because it changes data dictionary behavior and breaks compatibility. Quick check for your instance: SELECT value FROM v$parameter WHERE name = 'max_string_size'; STANDARD = 4000-byte ceiling. EXTENDED = 32767-byte…

    Permanent link to “VARCHAR2(4000 CHAR) Might Not Store 4000 Characters”

  • Suppress SQLcl…

    When scripting with Oracle SQLcl, the startup banner (version, copyright, connection info) clamps your output. The -S (silent) flag suppresses all of it: sql -S user/password@connect_string @script.sql This gives you clean output suitable for piping or log capture. For even more control inside the session, pair it with: set heading off set feedback off set pagesize 0 set echo off -S is the entry-level switch. The set commands handle the rest.

    Permanent link to “Suppress SQLcl Banner and Version Noise with -S”

  • Cloning an EC2…

    AWS console offers three ways to duplicate an EC2 instance, differing in whether disk data is carried over. Create AMI (recommended, full clone) — preserves the system disk, installed software, and all configuration. In the EC2 console, select the target instance → Actions → Image and templates → Create image. Wait for the AMI status to become available (a few minutes to tens of minutes), then go to AMIs → select it → Launch instance from AMI. Adjust instance type, subnet, Security Group as needed. Launch More Like This (fastest, no data) — copies only instance configuration (type, SG, subnet, tags). The system disk is brand new. Actions → Image and templates → Launch more like this. The Launch page opens with config pre-filled; confirm and launch. Good for stateless instances, e.g. web servers initialized via userdata. Launch Template — if the original instance had a Launch Template saved, launch directly from it. EC2 → Launch Templates → select template → Actions → Launch instance…

    Permanent link to “Cloning an EC2 Instance: Three Ways”

  • 照着现有 EC2 开一台一样的:三种方式

    AWS 控制台里有三种复制 EC2 的方式,区别在于是否携带磁盘数据。 创建 AMI(推荐,完整克隆) — 保留系统盘数据、已安装软件和所有配置。 EC2 控制台选中目标实例 → Actions → Image and templates → Create image。等 AMI 状态变为 available(几分钟到几十分钟),再到 AMIs 页面选中它 → Launch instance from AMI,按需调整 instance type、subnet、Security Group 即可。 Launch More Like This(最快,但不含数据) — 只复制实例规格配置(type、SG、subnet、tags),系统盘是全新的。 Actions → Image and templates → Launch more like this,进入 Launch 页面时配置已预填好,确认启动就行。适合无状态实例,比如用 userdata 初始化的 web server。 Launch Template — 如果原实例之前保存过 Launch Template,可以直接从模板启动。EC2 → Launch Templates → 选模板 → Actions → Launch instance from template。 大多数场景用 AMI,只需要同规格全新系统时用 Launch More Like This。

    Permanent link to “照着现有 EC2 开一台一样的:三种方式”

  • Why Vite dev server…

    In development, your frontend runs on localhost:5173 and your API server on localhost:3000. The browser blocks cross-origin requests — that's CORS. Vite's dev proxy solves this by forwarding /api/* requests to the backend, making them look same-origin to the browser: // vite.config.ts server: { proxy: { '/api': 'http://localhost:3000' } } In production this proxy disappears. The built frontend is just static files (HTML/JS/CSS) — no port, no process. Nginx or a CDN serves them, and reverse-proxies /api/* to the backend the same way Vite did in dev: user → Nginx :80 ├── /api/* → backend :3000 └── /* → dist/ static files One port from the user's perspective, no CORS issue. The backend port is always real and needed; the frontend "port" only exists during development because Vite's dev server is a live process.

    Permanent link to “Why Vite dev server needs a proxy (and production doesn't)”

  • Linux suddenly…

    Your Linux box resolves a host to its AAAA (IPv6) record, connects, but the remote isn't actually listening on IPv6. You see telnet hang on an IPv6 address. This happens when your system starts preferring IPv6 over IPv4. One-off fix — force IPv4 for a single command: telnet -4 api.z.ai 80 Permanent fix — edit /etc/gai.conf and uncomment this line: precedence ::ffff:0:0/96 100 This tells getaddrinfo() to return IPv4-mapped addresses with higher precedence than IPv6. Changes take effect immediately — no restart needed. gai.conf is re-read on every getaddrinfo() call, so the next DNS lookup picks up the new rule. Existing connections are unaffected. If /etc/gai.conf doesn't exist, just create it with that single line.

    Permanent link to “Linux suddenly preferring IPv6 and breaking connectivity? Fix gai.conf”

  • `--data-raw "$VAR"`…

    When posting multipart form data via curl in a bash script, it's tempting to build the body in a variable and pass it with --data-raw "$DATA". On Linux this often works fine. On Windows Git Bash, it silently breaks — the server receives the request but fields like body come through empty. Two things go wrong at once. First, Windows-style paths (C:\Users\...) passed to bash utilities like tail and file are misread — the backslashes get misinterpreted and the file read returns nothing. Fix that with cygpath: filename=$(cygpath -u "$1" 2>/dev/null || echo "$1") Second, even with the right path, storing the body in a shell variable and passing it via --data-raw is unreliable. Shell variable expansion, CRLF handling, and platform-specific curl behavior all interact badly. The body gets mangled before it reaches the wire. The fix is to bypass variables entirely: write the multipart payload to a temp file and send it with --data-binary @file. Since the post…

    Permanent link to “`--data-raw "$VAR"` silently drops multipart body on Windows Git Bash”

  • Ctrl+M is the…

    If you're using Codex CLI and want to insert a newline in the prompt box without submitting, Shift+Enter won't work. Ctrl+J works with old versions but not recent ones, now, you have to use Ctrl+M instead. Ctrl+J is the ASCII control character for line feed (\n). Many terminal TUI libraries interpret it as "insert newline" rather than "submit," which is exactly what Codex CLI's input component does. Unfortunately, in the recent version they changed to Ctrl+M instead. Shift+Enter looks like the right key (it works in browser-based chat UIs), but whether it inserts a newline or submits depends entirely on how the TUI library handles raw key events — and Codex CLI's library doesn't treat it as a newline. So: Ctrl+J Ctrl+M to insert a newline, Enter to submit.

    Permanent link to “Ctrl+M is the newline shortcut in Codex CLI's TUI”

  • autossh + SSH…

    autossh has its own connection monitoring that opens an extra port for heartbeats. But this is redundant — SSH already has native keepalive via ServerAliveInterval. The extra port can even cause problems if it's not available on the remote side. The modern approach: disable autossh's built-in monitoring with -M 0 and let SSH's native heartbeats handle it. When SSH detects a dead connection (after ServerAliveInterval * ServerAliveCountMax seconds of no response), autossh automatically reconnects. Put everything in ~/.ssh/config: Host gateway HostName your-gateway-ip User ec2-user ServerAliveInterval 30 ServerAliveCountMax 3 LocalForward 8080 internal-soap-ec2:8080 Then the command reduces to: autossh -M 0 -Nf gateway -M 0 is the only autossh-specific flag you need. Everything else — host, user, keepalive, even the tunnel — lives in SSH config where it belongs. ServerAliveInterval 30 sends a heartbeat every 30 seconds through the SSH port itself (no extra ports needed), and…

    Permanent link to “autossh + SSH Keepalive: The -M 0 Trick”

  • Newline in OpenAI…

    Shift+Enter doesn't insert a newline in the OpenAI Codex CLI. This isn't a terminal or environment issue — you'll see the same behavior whether you're using iTerm2, the macOS Terminal app, or anything else. It's built into Codex itself. The shortcut for a new line is Ctrl-J. This catches people off guard because Shift+Enter is the standard multiline shortcut in virtually every chat and code editor (Claude Code, ChatGPT web, VS Code, etc.). The muscle memory is strong and there's currently no way to remap it — Codex doesn't expose a keybinding config.

    Permanent link to “Newline in OpenAI Codex CLI: It's Ctrl-J, Not Shift+Enter”

  • AWS SSO login on a…

    AWS CLI v2.22.0+ switched the default SSO login flow to PKCE, which requires a browser on the same machine. If you're SSH'd into a server with no GUI, aws sso login just hangs waiting for a browser that doesn't exist. The fix is two flags: aws sso login --profile prod --no-browser --use-device-code It prints a URL and a one-time code. Open the URL on any other device (phone, laptop, tablet), enter the code, authenticate, and you're done. The CLI polls in the background and picks up the token automatically.

    Permanent link to “AWS SSO login on a headless server? Use `--use-device-code`”

  • I Automated My Blog…

    I write a lot of short tech notes — things I learn during daily work that are worth remembering. For years the workflow was: learn something → forget to write it down → never find it again. Then I built a pipeline: a Claude Code skill writes the note, a script publishes it to my Chyrp Lite blog, and a cron job keeps the session alive. Now I type /record and it's done — note saved, blog posted, zero friction. The Pipeline Three pieces, each doing one thing: /record skill — Claude writes a tech note from the current conversation pub_tech_note — publishes the markdown file to my blog via curl refresh_chyrp_token — re-logs into the blog monthly to keep the session cookie fresh The Skill The skill is a SKILL.md file that tells Claude how to distill a conversation into a short article. Key rules: find the one non-obvious insight, pick a title that makes someone click, write like a colleague's quick tip not documentation. After writing the file, the skill runs ~/bin/pub_tech_note…

    Permanent link to “I Automated My Blog Publishing Pipeline with a Claude Skill and Three Shell Scripts”

  • Automating Chyrp…

    Chyrp Lite has no API — the admin panel is the only way to create posts. But since it's just standard HTML forms, you can automate it entirely with curl. Here's the full pipeline: auto-login, extract CSRF token, create posts. Step 1: Auto-login to get a session cookie The login form at /login/ uses standard URL-encoded POST with a CSRF hash. You need to fetch the login page first to extract the hash from the hidden field, then POST credentials: # Fetch login page, extract CSRF hash LOGIN_HTML=$(curl -s -c /tmp/chyrp_cookies.txt https://blog.example.com/login/) HASH=$(echo "$LOGIN_HTML" | grep -oP 'name="hash"\s+value="\K[^"]+') # POST login curl -s -D /tmp/chyrp_headers.txt -b /tmp/chyrp_cookies.txt -c /tmp/chyrp_cookies.txt \ -X POST https://blog.example.com/login/ \ -H 'content-type: application/x-www-form-urlencoded' \ --data-raw "login=${USER}&password=${PASS}&hash=${HASH}&submit=" # Extract session token TOKEN=$(grep -oP…

    Permanent link to “Automating Chyrp Lite blog posts with curl”

  • Ansible playbook…

    Ansible loads AWS credentials once at startup. If your playbook runs longer than the SSO role session (typically 1 hour), boto3 has no chance to refresh them — subsequent AWS API calls fail with expired credential errors. The fix: a credential_process profile that boto3 calls each time it needs credentials. Add to ~/.aws/config: [profile prod] sso_session = my-sso sso_account_id = 123456789012 sso_role_name = AdminRole region = ap-southeast-2 [profile prod_sdk] region = ap-southeast-2 credential_process = aws configure export-credentials --profile prod --format process Login once, then run Ansible with the wrapper profile: aws sso login --profile prod AWS_PROFILE=prod_sdk ansible-playbook site.yml Each time boto3 needs credentials, it calls aws configure export-credentials, which reads the cached SSO token from prod and returns fresh role credentials — no browser, no interaction. Don't put aws sso login in credential_process. It opens a browser and will silently hang in the…

    Permanent link to “Ansible playbook fails after 1 hour? Your AWS SSO token expired”

  • SSH in a script?…

    When SSH runs in a script and the key isn't set up, it prompts for a password — and your script hangs forever. BatchMode=yes disables all interactive prompts (password, passphrase, host key confirmation) and fails immediately instead. ssh -o BatchMode=yes user@host "echo ok" Returns exit code 0 on success, non-zero immediately on failure. Perfect for connectivity checks in CI/CD or Ansible pre-tasks.

    Permanent link to “SSH in a script? Use `-o BatchMode=yes` or it'll hang”

  • "Download a folder"…

    S3 has no real directories — what looks like a folder is just a key prefix. So there's no "download folder" operation, only "download all objects with this prefix". aws s3 sync is almost always what you want: aws s3 sync s3://your-bucket/path/to/folder/ ./local-folder/ It's incremental — run it again and it only downloads new or changed files. aws s3 cp --recursive works too, but re-downloads everything every time. Filter with --exclude / --include: aws s3 sync s3://your-bucket/logs/ ./logs/ --exclude "*" --include "*.log"

    Permanent link to “"Download a folder" from S3? Use `sync`, not `cp`”

  • 网友语录 - 第80期 -…

    As such, LLMs highlight how essential our human laziness is: our finite time forces us to develop crisp abstractions in part because we don't want to waste our (human!) time on the consequences of clunky ones. 大语言模型揭示了人类"懒惰"的本质价值:正是因为时间有限,人类有动力去锤炼简洁(好)的抽象。 —— Bryan Cantrill, The peril of laziness lost Juven 当我们不理解在发生的新事物的时候,我们就使用旧事物的隐喻来描述新事物,因为新的语词还未形成,或旧的语词中新的含义还未广泛渗透,隐喻帮助大家理解也帮助大家误解,误解的部分是那暂时无法清晰言说之处。 有科学研究表明,在观看非母语视频时,假装自己是母语者,刻意不看字幕能让大脑听到更多有效信息,理解更多内容。 也就是说,如果刻意强调自己是在“学外语”,反而不利于学外语。因为焦虑会夺取几乎所有的注意力,从而极大的影响你有效吸收信息的能力。 把“学外语”也当成是用外语,在阅读或听时都假装自己是母语者,遇到个生词先放过而不是立刻去查(因为这就又在强调“学”外语了),能够让自己更快学会一门外语。这个生词如果真的重要,肯定会在更多上下文里出现。先读完听完再说。母语者在工作生活里遇到生词很少会立即却查字典,实在好奇也常常是会问身边的人(这就又是在用语言)。 泽林 如果说人是生活在彼此记忆中的社会动物,只有在被所有人遗忘的时候才真正死去,那每次身边有亲密的人去世,我存在这个人身体里的部分也就跟着死掉了吧。在这个人眼中的我自己就此永远消失了。 “她死的那个夏天,仿佛我自己的一部分也死掉了” 也许是一种事实而非比喻。 郝靠谱 google notebooklm真好用啊,可惜gemini太难用了😂需要轻量级低成本的零碎想法收集和挖掘服务。现在我会把一些和Claude聊的奇奇怪怪话题塞进notebook里面然后再去生成新问题进一步思考,like it! fomalhaut…

    Permanent link to “网友语录 - 第80期 - 觉得人生无聊那是因为你不开支线,人生作为一个开放世界游戏,丰富的支线任务带来更大乐趣”

April 2026

  • Just 5 Minutes –…

    Last updated: April 2026 Just 5 Minutes is a Chrome extension that helps you build awareness of your browsing habits. This policy explains how it handles your data. Data Collection Just 5 Minutes does not collect, transmit, or share any personal data. All information — including your distraction site list and extension settings — is stored locally on your device using Chrome's built-in storage API. Third Parties No data is sent to any server. No third-party services, analytics tools, or advertisers are involved. Permissions The extension requests the following permissions solely to provide its core functionality: Storage — to save your site list and settings locally Tabs — to detect navigation to sites on your list and close tabs on request Alarms — to enforce your chosen time window (5 or 15 minutes) Host permissions — to monitor navigation to sites you have added to your list Changes to This Policy If this policy changes in a future version, the updated policy will be published at…

    Permanent link to “Just 5 Minutes – Privacy Policy”

  • 网友语录 - 第78,79期 -…

    这里记录我的一周分享,通常在周六或周日发布。(上一周懒了,本周两期合一期) The road to happiness lies in an organized diminution(有计划的减少) of work. -- Bertrand Russell When using the GLM Coding Plan, you need to configure the dedicated Coding endpoint - https://api.z.ai/api/coding/paas/v4 instead of the general endpoint - https://api.z.ai/api/paas/v4 Note: The Coding API endpoint is only for Coding scenarios and is not applicable to general API scenarios. Please use them accordingly. (虽然文档说这个接口仅适用于写码场景,但是并没有做任何限制。所以.... 如果一个普通人的目标是成为好人,那要做的第一件事是对自己好,只有对自己足够好伤害别人的冲动才会消失...对自己好才是真正的行善积德。 馬走日 “悠长假期”这个名字的来历在剧中是说:如果人生有不如意的时候,就当是放了个长假吧。还有片子里反复出现的楼顶的音乐频道广告拍,上面写着:don't worry, be happy. 这些都是朴素的人生哲学啊。人生不如意十之八九,可我们要珍惜的其实就是那十之一二。( 看过这个剧,虽然情节已经不记得了,但剧里的音乐旋律久不能忘 It’s true that if all you care about is the how, you can build useful models. But without the why, you’ll only be parroting, not understanding, let alone eventually moving the field forward with your own contributions. 最后这这句 “let alone eventually moving the field forward with…

    Permanent link to “网友语录 - 第78,79期 - 在哪里吃、与谁一起吃,才是东西好吃的原因”

  • Git over SSH…

    Some public networks (libraries, hotels, offices) block SSH's default port 22, which breaks git push/pull to GitHub. GitHub supports SSH over port 443 as a workaround. Test it first: ssh -T -p 443 [email protected] If you see Hi <username>!, it works. Update your repo's remote URL: git remote set-url origin ssh://[email protected]:443/your-username/your-repo.git Then git push as normal. Want this permanently? Add to ~/.ssh/config: Host github.com Hostname ssh.github.com Port 443 This transparently redirects all GitHub SSH traffic to port 443 — no need to change remote URLs in any of your repos.

    Permanent link to “Git over SSH blocked on public WiFi? Try port 443”

  • 网友语录 - 第77期 -…

    这里记录我的一周分享,通常在周六或周日发布。 The thing about agentic coding is that agents grind problems into dust. Give an agent a problem and a while loop and - long term - it’ll solve that problem even if it means burning a trillion tokens and re-writing down to the silicon. ... But we want AI agents to solve coding problems quickly and in a way that is maintainable and adaptive and composable (benefiting from improvements elsewhere), and where every addition makes the whole stack better. So at the bottom is really great libraries that encapsulate hard problems, with great interfaces that make the “right” way the easy way for developers building apps with them. Architecture! While I’m vibing (I call it vibing now, not coding and not vibe coding) , I am looking at lines of code less than ever before, and thinking about architecture more than ever before. — Matt Webb, An appreciation for (technical) architecture 我并不反对艺术家。我自己也组过摇滚乐队。我的问题在于,如果你需要政府补贴才能从事艺术创作,那你就不再是艺术家了——你只是个公务员。 ——哈维尔·米莱 itsumosobani…

    Permanent link to “网友语录 - 第77期 - 拥有欢笑的人生远比掌握管理权重要得多”

March 2026

  • 网友语录 - 第76期 -…

    这里记录我的一周分享,通常在周六或周日发布。 Linux用户 我们内卷是因为分配制度,广大劳动人民,能得到的分配比例太少了,不卷就饿死了,如果分配没有问题,大家都能活得比较体面。 与中国沿海其他港口不同,广州是重要的内河港口,便于顺利获得内地补给品、船只必备用品和包装所需物料的供应。珠江上游地区能够提供很好的制造包装箱具的物资,广州腹地也能够提供大量船只修理以及建造货仓所需的原材料。广州还有数量巨大的手工匠人群体能为贸易提供包括修缮商馆、修理外国船只等工作在内的服务。所有这些物料供应和服务对维持贸易顺利进行、常规化和长时间运作都十分重要。其他中国沿海港口也许有某些便利条件,但广州幸运地拥有全部的便利条件。 !image 安子 一个人的内心不是一块铁板,而是一个嘈杂的集市。 liszt1811(A teacher who teaches in Germany) I think Al is currently creating two categories of students. The first one being the ones that use it to learn everything. The second one being the ones that use it to never learn anything ever again. The second group is much bigger. 萧覃含 不要东张西望四处寻找和对比,当下此刻你觉得是快乐的,那你就是这个天下最幸福的人。 屠夫﹑酿酒商人﹑面包师给我们提供食品,他不是出于仁慈,而是为了获取回报。每个人在经济生活中,通常并不考虑自己的行为对社会利益起了多大作用,他盘算的是自己的好处。然而就在每个人追求个人利益的过程中,会有一只看不见的手,牵着每个人去实现他原本无意实现的目的,最终促进社会利益。——亚当 斯密 泽林的诗 在镀锌碳钢格栅上哭泣 眼泪会顺着格栅落下去 不会打湿自己 在高高的燃烧臂上哭泣 重力势能可以转化为动能 一跃而下 翅膀会在风中干燥 落地之前就能 再次张开 眼泪可以带走重量 就算只有几滴 身体也会稍稍 轻盈一点 听听风吧 生命里 有很多值得庆祝的东西 ——《荆棘鸟与太平洋正中的半潜式钻井平台》 郝靠谱 ...…

    Permanent link to “网友语录 - 第76期 - 人生终是这样的糊涂,盼得春来,又要把春辜负”

  • 网友语录 - 第75期 -…

    这里记录我的一周分享,通常在周六或周日发布。 很多传统的程序员技能重要程度都在快速降低,我们甚至都不太需要“初级程序员”了。但另一方面,对于技术和架构方面的品味和判断力,又要求程序员积累大量的实战经验才能培养出来,这看似是一种不可解的矛盾。不过乐观一点想,在 agent 的帮助下,我们做项目的速度大大加快了,那么所谓的经验积累是不是也能得到加速?另外借助 AI 来做基于实战的学习也变得前所未有的高效。所以只要对于软件的诉求在不断增长,相信程序员这个职业仍然能得到很好的发展。 … 任何要动手的事情,都可以提醒自己用 AI 试试。要相信 AI 的能力。 生成很便宜,不行就重来,不用执着于“修正”。 小步快跑敏捷迭代,不用执着于形成一份完美的 prompt 发给 agent,大多数任务都是在过程中持续发现和迭代的。 Context 意识,大概知道什么时候要新建一个对话,模型犯错时思考它少了什么信息。 代入 agent 视角,如果你仅仅拥有它可以用的信息和工具,你能不能完成这个任务? 不要用过多的人类经验来限制 agent 的能力发挥空间。花更多时间在思考,如何让 agent 的产出能更稳、更快、更安全地合并。 人类能阅读的 token 量是有限的,要充分利用 agent 自行使用 token 去探索、验证、自我闭环,最小化人类需要 review 的 token 量。 智能时代的业务和组织都需要重新思考和设计,才能真正释放 agent 带来的生产力。 https://mp.weixin.qq.com/s/yhWlwL0UQ8eWYrLQkNyK9g 佳瑶妈 打卡!喜欢的一段话:健康就是存款,快乐就是利息,照顾好自己,既有存款又有利息,世界才会属于我✌️ 安子 完美,意味着没有摩擦,没有阻力,没有任何迫使你面对自身局限的东西。真实的关系是有摩擦的,成长是有摩擦的,爱是有摩擦的。一个”完美环境”,在心理学意义上,往往是一个让人停止生长的地方。 戴季陶:人生是不是可以打算的?如果人生不可以打算,何必要科学。如果只靠打算,人们的打算,自古来没有完全通的时候。空间是无量的,时间是无尽的。任何考古学者,不能知道星球未成前的历史;任何哲学者,不能知道人类毁灭的日期……所以打算只是生的方法,不打算是生的意义。…

    Permanent link to “网友语录 - 第75期 - 健康就是存款,快乐就是利息,照顾好自己,既有存款又有利息”

  • 网友语录 - 第74期 -…

    这里记录我的一周分享,通常在周六或周日发布。 辣白菜炒五花 我们不能傲慢地自以为有预测30年的能力。我们无法预知当现在的小朋友长大了,在他们30多岁的时候,社会需要什么样的人。 所以关注小朋友具体事项上的任务,实际意义不大,还影响亲子关系。 一定程度上软件开发是个探索发现过程,对于有一定复杂度的系统和需求,我们是无法在一开始就给出完美的 spec 的。而且即使写了,里面可能也有冲突,模型在遵循上可能也有问题。要写出详尽的 spec,一定程度上等同于把代码实现写出来了。 个人在实践中,有几次给了 agent 相对模糊的一个方向和验收的 high-level 标准,然后发现 agent 实现出来的方案非常的优雅,相比我一开始脑海中的思路来说明显更优。有点像著名的 AlphaGo 的第 37 手,让我深深感受到没有因为太过详细的 spec 而限制了它的发挥空间。 ... 未来人类员工之间的分工边界会是什么?当 agent 承接了大部分执行工作之后,人类角色的边界就从“我能做什么”转移到了“我能判断什么”。一个人能够闭环的 scope 上限,就是他全链路 review 能力的边界。(我:很可能这一整句都是GPT写的,因为后面这一句GPT味儿太重了) 可能被打醒的人会被这段话触动。所以,广而告之。RT@mywaiting 盼明君,盼清官,盼大侠,盼神仙,盼来世,中国古代传统文化几乎没有跳出过这五个盼的叙事,神仙和来世都能盼,就是没有盼过自己 yihong Be a human, not a claw. Don't panic. Don't FOMO. Spend more time with family and friends, less time with LLMs. A bot is just a bot, even a claw bot. Enjoy real life; if not, enjoy the moment. 一个观察,不一定对。 我不知道“游戏人生”是不是quality…

    Permanent link to “网友语录 - 第74期 - 我不祝你一路顺风,我祝你乘风破浪”

  • 论人的自尊心

    你的自尊心和我的自尊心不是一回事。 心理学上至少可以分成三种自尊:稳定型自尊、防御型自尊、以及外在依赖型自尊。它们对于人的成长所起的作用截然不同。 稳定型自尊是成长的基础。 它的特点是肯定自身价值,不因一次成败就忘乎所以或者否定自己。不论身处话题中心还是独处一隅,这样的人始终清醒地知道自己是什么样的人。研究显示,当一个人不刻意维护自我形象时,更容易从批评中汲取养分,也更愿意改变自己。 防御型自尊是成长的阻力。 它的本质是"身份焦虑"——过度在意别人怎么看,批评一来就触发羞耻或愤怒,失败了总是第一时间找理由。这种自尊只是为了"维护形象"。它的表现是回避挑战、不愿请教、热衷于包装。滋养这种自尊,你就只是原地踏步。记住,时间并不会在你停滞不前时停下脚本,不进则退。 外在依赖型自尊是一种波动 。它把自我价值绑定在金钱、地位、排名、他人评价上,评价高时自信爆棚,评价低时自我怀疑。 做为一个人类个体,请一定要准确地识别出你在意的是哪种自尊,滋养助你成长的稳定型自尊,摒弃只会帮倒忙的防御型自尊,以及外在依赖型自尊。

    Permanent link to “论人的自尊心”

  • mx linux install…

    mx linux install fcitx5 rime sudo apt install fcitx5-rime fcitx5-chinese-addons im-config zenity fcitx5-configtool fcitxt5-frontend-all run im-config and choose fcitx5 run fcitx5-configtool and choose Rime as input method Download rime config backup from https://files.shukebeta.com/Rime.tgz and extract it mkdir -p ~/.local/share/fcitx5/rime mv ~/Downloads/Rime/* ~/.local/share/fcitx5/rime/ log out and then log in again done

    Permanent link to “mx linux install fcitx5 rime”

  • 网友语录 - 第73期 -…

    这里记录我的一周分享,通常在周六或周日发布。 Truman AI支配人并没有听起来那么可怕,很多人没有意识到自己就正是被金钱支配的。AI无善恶,人才有善恶,恐惧AI支配人,本质是恐惧人支配人。 Simon Willison Please, please, please stop using passkeys for encrypting user data Because users lose their passkeys all the time, and may not understand that their data has been irreversibly encrypted using them and can no longer be recovered. Tim Cappalli: To the wider identity industry: please stop promoting and using passkeys to encrypt user data. I’m begging you. Let them be great, phishing-resistant authentication credentials. 「一个人,出生了,这就不再是一个可以辩论的问题,而只是上帝交给他的一个事实;上帝在交给我们这件事实的时候,已经顺便保证了它的结果,所以死是一件不必急于求成的事,死是一个必然会降临的节日」 史铁生,《我与地坛》(把死当成一个节日,真是浪漫) 管埋员 经常焦虑是你对自己要求过高,经常愤怒是你对别人要求过高。 郝靠谱 现实并不总是能双赢,健康关系里还包括付出和牺牲,以及理解对方的付出和牺牲。「@桑梓的味道 在一段重要关系中,只有双方都能够真实敞开地表达自己的需求、感受,在双赢的前提下主张自己的权利,并积极为关系的健康负起责任,既有边界又愿意彼此亲近,才会令关系产生正面价值,健康持久。」 DoDoPLS 老大每次半夜起床喝水或者尿尿都会遮住一只眼睛。我说你这是为啥啊。他解释说:露出的眼睛负责开灯看路。遮住的眼睛仍然保持夜间视力。一关灯马上又畅通无阻。他强烈建议我也试试。屡试不爽。。哈哈哈你真是个小机灵 congfu9442 自由的悖论:自由能容忍不自由的声音,但是不自由却无法容忍自由。 fomalhaut…

    Permanent link to “网友语录 - 第73期 - 对小孩应该是鼓励而不是表扬,应该是庆祝而不是奖励”

  • 网友语录 - 第72期 -…

    这里记录我的一周分享,通常在周六或周日发布。 安子 要怎么理解西方国家立法的低效?看看美国最高法院大法官尼尔•戈萨奇怎么说。 【以下译文是安子翻译的,仅供大家参考】 我能理解,对于那些认为国家征收更多关税很重要的人来说,今天的判决是令人失望的。我所能告诉他们的一切是:大多数影响美国人民权利和义务的重大决策(包括缴纳税费和关税的义务)都必须经由立法程序进行,这是有理由的。是的,立法可能很困难,也很耗时。是的,当出现一些紧迫的问题时,绕过国会确实是很诱人的。但是,立法程序的审议特性,正是设计它的全部意义所在。通过该程序,国家可以利用人民所选代表的集体智慧,而不仅仅是某个派别或个人的智慧。在此,审议缓和了冲动,妥协则把分歧打造为可行的决议。而且,由于法律必须获得广泛的支持才能在立法程序中得以通过,它们往往会长期有效,让普通民众可以安妥地规划自己的生活,而这在朝令夕改的状态下是不可能的。总之,立法程序有助于确保我们每个人都对约束我们自身的法律和对国家的未来拥有发言权。对一些人来说,这些特性的重要性在今天是显而易见的; 对另一些人来说,它或许并不是如此明显。但是,如果历史可以借鉴,那就是风水轮流转,总有一天,对今天的结果感到失望的那些人,会意识到立法程序是自由的坚实堡垒。 若锦 喝了一杯咖啡,当场又续了一杯。明知道家族都有心脏病史,我不能喝这么多咖啡,可是不喝会san值归零,今天都过不去。握着第二杯咖啡 ,心想自己和酒吧里那些酒鬼又有什么区别。 The concept of Mahjong is to create order out of chaos based on random drawing of tiles. It's sort of like life. It's sort of like every day. We try to make a little bit of order out of the chaos of life. Hopefully wisdom and kindness. 我平常不怎么看Youtube Shorts。但今天突然蹦到我眼前这个让我先是一笑,接着大为震撼。一个外国女生说她和闺蜜们每周打麻将,并不赌钱。只是边打麻将边聊天。接着她说了她理解的麻将的内在意义(上面这段话)。我觉得很有道理。 James Taino It's…

    Permanent link to “网友语录 - 第72期 - 命运是可以改变的,只要人的想法改变,一切都会改变 (一念起 天涯咫尺; 一念灭 咫尺天涯)”

February 2026

  • Set CPU Performance…

    Steps Install cpupower: sudo apt install linux-cpupower Edit the init script: sudo vim /etc/init.d/cpupower # put the following content into this file CPUPOWER_START_OPTS="frequency-set -g performance" Enable on boot: sudo update-rc.d cpupower defaults Apply immediately: sudo cpupower frequency-set -g performance Verify: cpupower frequency-info | grep "The governor" Should output: The governor "performance" may decide which speed to use Note: MX Linux 25 uses SysVinit.

    Permanent link to “Set CPU Performance Mode on MX Linux 25”

  • 网友语录 - 第71期 -…

    这里记录我的一周分享,通常在周六或周日发布。 泽林 玩 This war of mine 电子游戏的时候经常会出戏,因为我知道这里的情节起伏是剧本设计好的:为病重的女儿四处奔走找药的父亲注定在第一个建筑里一无所获,会卖给他药的杂货贩子注定会在第二天上门。 但是玩桌游的时候的体验就完全不同,骰子不会骗我:带着生命危险搜刮一晚上最后可能真的一无所获,伤口恶化可能撑不过今晚的人突然从抽屉里翻出救命的药物绝不是计算机的算法给我的怜悯,而是真真正正的纯粹运气。 这种时候人们对死亡和失败都会更淡然,对幸运的降临也更加珍惜。 ShiDeSheng 现代人很容易感到厌倦,现代人也很容易放弃,无论是对一个人,一件事,又或者是一种物件。从好的一面来说,这么做可以让人领略到更多人世的风景。从不好的一面来说,厌倦也会形成习惯的,放弃也会形成习惯的。 (大连)712公交我基本每周都会坐。712路的公交司机给我留下了深刻印象,他站着迎接乘客上车。我带着孩子坐公交,还跟小朋友打招呼。今天我看到一个报道才知道,他叫王永军,五一劳动奖章获得者,从少年开到两鬓斑白,开了快四十年公交了。 带孩子坐公交车,最喜欢老远就招手给小孩子让座的竟然是老年人,基本上每次都是这样子。 孙悦有一首歌《祝你平安》,这是对这个时代最好的祝福了 户谷 完整的、没有病痛的身体不是父亲这个角色从这场交易里能得到的最好的东西。一个普通人,活到一定年龄之后,很可能身边再没有新的人来爱你了,你也很难再爱上别人。但你一旦获得当爸爸的机会,小孩子只要对你笑一笑,你一天的阴霾就能被治愈。ta的小手、小脸、小脚,抱在怀里那么柔软细腻。你甚至想给ta最好的一切,你在幸福中而非疼痛中改变。你开始被人期待着了:期待着你满足ta的愿望,或者期待着你回家抱抱ta。这种温暖的期待不同于以往,充满了善意。你很有可能变成一个更好的人。在能当爸爸的时候放弃这种机会多么愚蠢。朱自清爸爸在去买橘子的途中是很幸福的。是孩子给了他肥胖的身体、笨拙的腿脚一个为爱行动的机会。真诚的父母感恩孩子的到来,要孩子感恩父母的,把一切都搞反了。 ‘德’就是‘信’,而‘信’源于太阳回归周期的绝对守时。 卡扎克 汉堡王这几天在哈萨克斯坦陷入了一场舆论危机。…

    Permanent link to “网友语录 - 第71期 - 真诚的父母感恩孩子的到来”

  • 网友语录 - 第 70 期 -…

    这里记录我的一周分享,通常在周六或周日发布。 ShiDeSheng 做自己是这几年国内外社交媒体最流行的话题之一。 一种做自己: 很多小朋友觉得做自己很简单啊,不喜欢工作就裸辞,不喜欢学习就不学,不想社交就断交,不顺意就正面刚把别人怼到爆,只要喜欢花多少钱都要买……不使劲的事谁都能干。 另一种做自己: 想做科研,读个博士进学术圈。 你想升职,把基本的职场技能学会。 你想当老板卖货,把货源、渠道、销售、管理这一套弄明白。 你想当作家,也得先读些书,写很多字。 …… 摆烂和做自己是有区别的。不被一些虚词迷惑了。 素绣藏金 还有一个深刻体会是:AI并非全能之神。在不熟悉的领域,它可以帮我们快速搭建初步的知识框架;但真正发挥其威力的,仍是在我们熟悉的领域中——学会如何驾驭AI。毕竟,倚天剑与屠龙刀,落在你我手里,充其量也就只能砍瓜切菜;可若握在张三丰手中,降龙伏虎也不过是砍瓜切菜罢了。 ShiDeSheng AI被设计(训练成)用来奉承你,而非挑战你。真正的学习需要摩擦,而非一味地鼓励。"友善”的AI会走向何方? ShiDeSheng 加班回家,我习惯拼车,一来便宜,二来可以看到晚上十点以后,各种各种为生活奔波的人。有些人是喝酒喝的很晚的,有的是跟朋友告别的,有加班下班的,还有晚上十点刚刚上夜班的……. 彼得 蒂尔 在一个变化如此迅速的世界里,你所冒的最大的风险,就是不冒任何风险。 The only way of knowing a person is to love them without hope. -- Walter Benjamin 摘自 The philosophy book We only think when we are confronted with problems. -- John Dewey 学语言不需要天才,而是决心! Duo (绿鸟) 大前研一:我在“麦肯锡”接触过几千名员工。我惊奇的发现:成功的人与平庸的人有一个巨大的差别。成功的人不论做什么工作,都从不厌烦,而平庸的人却总是挑挑拣拣。 世界上的工作都是一样的,工作是否开心关键在于工作方法是否有意思。 不是不在乎。在乎,但是没有办法 RT@野小合 为什么钞票一天比一天少,我们会紧张。可生命一天比一天少,却没有人在乎。…

    Permanent link to “网友语录 - 第 70 期 - AI被设计(训练成)用来奉承你,而非挑战你。真正的学习需要摩擦,而非一味地鼓励”

  • 网友语录 - 第69期 -…

    这里记录我的一周分享,通常在周六或周日发布。 dimlau 我们知道,宇宙中任何有质量的物体,速度都不可能达到光速,但是宇宙本身,在以超过光速的速度膨胀。结果就是,宇宙远端如果有一颗恒星,它发出的光,以光速朝我飞驰而来,却渐行渐远,永远也到达不了我的眼睛——我,永远,看不到它。更诡异的是,组成我躯体的原子,和那遥远深空中的星尘,本是同一个奇点。我也将活过、追求过,带着遗憾死去。 郝靠谱 人不需要去跟AI比阅读量、加工整理能力,但要成为能驾驭机器的人,要持续学习、保持警惕,持续提升甄别信息的能力和那些AI不可复制的能力。 Routine 是人生的复利 2026-01-30 (LimBoy) 我们通常会觉得 Routine 是「自由」的反义词,它让人联想到枯燥的重复、僵化的日程表,或者那种一眼就能望到头的生活,这是一个巨大的误解。 在谈论 Routine 之前,我们先来看看复利公式: 把它放到人生这个大背景下,天赋、机遇和单次努力的强度,构成了那个基础的增长率 r。很多雄心勃勃的人都盯着 r 看。他们试图通过一次通宵工作、一个绝妙的点子或者一次爆发式的冲刺来获得巨大的 F。 但这很难持久。 Routine 的作用,是掌控指数 n。 在很多方面,Routine 就像是定投。如果只有在「感觉来了」的时候才去写作,或者在「状态很好」的时候才去锻炼,你的 n 是断断续续的,增长曲线是锯齿状的。 而一个好的 Routine 是一种承诺:无论我今天感觉如何,无论 r 是大是小,那个 n 都会自动加一。 当 n 足够大时,它就不再是线性的累加,而是指数级的爆发。那些伟大的小说家每天早起写几千字,不是因为他们每天都有几千字的灵感,而是因为他们把写作变成了一种像刷牙一样的生理节律。他们不对抗它,只是执行它。 这就是 Routine 的本质:它把困难的事情自动化,从而让时间站在你这一边。 很多人认为「我不设计 Routine,是因为我不想被束缚」。但真相是:根本不存在「没有 Routine」这回事。 如果你不主动设计你的生活流程,你的身体和环境会为你设计一套。这套「默认 Routine」通常由你的生物本能(懒惰)和外部世界(诱惑)共同编写。 当你拿起手机无意识地刷了两个小时,这本身就是一个极其高效和稳固的 Routine。 既然「默认…

    Permanent link to “网友语录 - 第69期 - 幸福的话杳无音信也没关系”

  • AI, Juniors, and…

    AI is changing the IT industry’s entry-level landscape. It reduces demand for juniors trained purely under the traditional apprenticeship model, but it does not eliminate the need for juniors altogether. What it changes is the baseline: new juniors are expected to work fluently with AI rather than work around it. This shift raises concerns about experience and continuity, especially as senior engineers retire. However, senior retirement itself is not the core risk. The real issue is how judgment, taste, and practical knowledge are formed and transferred. The traditional apprenticeship model still has real value. Engineers who have built systems end to end, debugged production failures, and lived with the consequences of technical decisions develop a sense of “better” that cannot be learned from prompts or outputs alone. This taste is shaped by cost, failure, and trade-offs. AI can amplify such judgment, but it cannot create it from nothing. At the same time, the old model does not…

    Permanent link to “AI, Juniors, and the Future of Apprenticeship”

  • 网友语录 - 第68期 -…

    这里记录我的一周分享,通常在周六或周日发布。 碗君西木子 其实是这件事情无法由别人完成 非要说逻辑的话 就是说只有你深刻地理解了自己 你才能判断别人理解了你没有 因为你是题目本身 你就是那个出题人 答案就在你那里 在你自己亮出答案之前 你会觉得所有人的解法都好像哪里不对 时间的玫瑰 ... 抽卡这个机制真的就是利用人们的赌博瘾啊,你让一个人花一千块钱人民币买一个人物他们可能会嫌贵,可是如果让他五块十块一百块的花,最后攒到了个旷世人物,他可能不仅不觉得昂贵,还会觉得自己运气超群,所向无敌。我看有人抽了个人物,各个频道炫耀好多天呢。 ... Ming Yin 做掘金的时候就知道一个事情,无论是再简单的东西大家都会不停的重复问:怎么安装 xxx、怎么配置 xxx、xx 和 yy 哪个更好、zz 账户怎么开、求 xyz 终极教程 善于阅读,从前人的经验里获取知识 明辨是非,高效获取高质量 Facts 这些能力都远比刷内容难得多 现在的自媒体、知识付费、“干货”内容往往授人以鱼,或者是授人以“渔”,而非真正的渔。真正的渔也不是方法,是获取方法的思想和动机。 真正的渔 是绝对不会出现“最佳实践”,“10分钟掌握”,“一次就学会”,“终极总结”,“高效掌握”这些词汇的 dasmaprop1296 Elect a Clown, Get the Circus. We are in the Dumbest Era. 小名儿 今日获悉,又一同事离世了。我曾经和他在一个办公室共事过。他是1958年生人,只比我大三岁,他还是最早的那批电大生。突然觉得,死亡的距离感好像并不取决于年龄,而在于和你有过一定量交集的同龄人的离去。 书摘 世界尽头的疯人院 - 比利时号南极之旅…

    Permanent link to “网友语录 - 第68期 - 这个世界上还有什么东西是不会过期的?是影像记录呀”

January 2026

  • How to: Remove…

    Run regedit, navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run then remove the line that contains "jusched.exe".

    Permanent link to “How to: Remove "Java Update Scheduler has stopped working" on Windows server 2022”

  • 网友语录 - 第67期 -…

    这里记录我的一周分享,通常在周六或周日发布。 如果总是要求帮助,别人就会质疑你的价值;如果从不要求帮助,你就会不必要的搞砸一些事情:身边的人很可能见过这个问题,而且有很成熟的解决方案。 弄懂不明白的问题是最好的学习方式。 碗君西木子 人的天赋是需要被点明的,在此之前与之后,看待事物的方式会有区别,也就是无意识与有意识的区别。 高敏感的人一生只有一个主线任务:内心的平静、深度的人际关系、专业上的精通,以及一种与自身价值观高度一致的生活方式。(这是任务,也是目标。但我觉得它和高敏感与不高敏感没有多大关系,它是普适的,只是有的人意识到的早,有的人晚,而有些人穷其一生也没有意识到。 A journey of a thousand miles begins with a single step. -- 老子 为爱皮 做一件事情,做自己喜欢的事情,干了就开心,而不是干成了才开心。~李诞 Shengyi Wang 我以前不知道是看唐德刚的书还是啥,对中国革命还是建国后政策有句评论:不嫌任重嫌道远。 我觉得这是人性本能,面对艰巨的任务斗志昂扬,但都会低估长久坚持需要的努力。 然后就有人针对“不嫌任重嫌道远”这种人性弱点开始收割韭菜,从 21 天学会 C++ 到写什么“一天内改变人生”的鸡汤文章。 Shengyi Wang 我就想起小时候看到的传说:把人类全部知识编码成一个数,前面加个小数点,然后在一根棍子上这个小数的比例处划一刀,那这根棍子就蕴含了全部的人类知识。 小时候想想没毛病啊,目眩神迷,居然有如此美妙的方法。可惜物理世界测量精度也好普朗克极限也好,都限制了你既不能这么精准的划一刀,划不了几位小数,也不能准确的读出来。 The enjoyment of one's tools is an essential ingredient of successful work. -- Donald E. Knuth 人类哀叹聪明的章鱼只有一两年寿命。又有谁知道是否另一个时空里有更长寿的智能生命哀叹聪明的人类只有不足百年的寿命呢? 人至晚年,父母亲朋纷纷离世,就连一起玩耍的小伙伴们也日渐凋零,离开这个世界并不会像尚年轻时那样不舍。 就章鱼而言,童年时候,唯一确认的就是努力活下去,而且它们知道自己大概率活不到成年。…

    Permanent link to “网友语录 - 第67期 - 做自己喜欢的事情,干了就开心,而不是干成了才开心”

  • 网友语录 - 第66期 -…

    这里记录我的一周分享,通常在周六或周日发布。 大多数人都把平安、健康当成空气一样,是自然得到的东西,(而)我们追求的都是平安、健康以外的目标。平安和健康,都不是自然而然的事情,想要得到它们,最好的办法就是去运动。 素袖藏金 石器时代的结束,不是因为石头不够了;石油时代的结束,也不会是因为石油用光了。 Moon in nowhere 独自前往的地方越多,我就越觉得自由。 Silence is the loudest answer to disrespect. 云五 | 古希腊消灭内耗的神 我真的特烦人为一些鸡毛蒜皮的事找借口,不想做就是不想做,不想做不需要借口,就是因为一直找借口所以才会一直需要找借口。只有你不找借口,周围人才会习惯你的决定就是最终决定,你就不用再找借口。 不爽吗? #不是鸡汤是驴杂汤 小青 哈哈哈我在听南城香年会汪哥发言,汪哥总是给我新启发。他说他不和纯投资者合作,不和钱合作,他只和“勤劳的双手和充盈的大脑”合作。他把重点放在研发炒菜机和炒菜。太有意思了。 小青 如果尽全力了都不行,那就不行呗,那不也是无怨无悔吗?你尽全力了都不行,谁苛责你谁就是大坏蛋,咱不和他玩,他闹由他闹。 小青 天塌下来了也先把饮食、运动、写作安排好,这是我余生的决定。 朋友圈这个名字起得不好。明明是一个记录生活的工具,非要引申这么多有的没的。不过我也几乎不发朋友圈,是因为我说得话审核员可能不爱听,而我又讨厌自己的随手写的东西被删除。我写笔记,用我自己的笔记app,存在我自己的服务器上,想发嘟的帖子,可以配置条件,符合条件的帖子就能自动发到mastodon上。虽然这样也就没有多少人看到,但那不是很重要,我自己开心就行。 赵赵赵老师 今天监考三年级语文,看了几眼孩子写的作文,充分感受到了孩子对写作文的厌恶。 伊丽莎白翠花 什么事都想知道,这其实是一种暴力,是自己对自己的暴力。 无论你练习什么,你都会精通什么。无论你练习的是好的技能还是坏的技能。So, go and pactice something new! 管埋员 从来没有什么以弱胜强,从来都是以强胜弱,无非是本质强还是表面强,是局部强还是整体强。 吴清源回忆录 书摘:…

    Permanent link to “网友语录 - 第66期 - 从来没有什么以弱胜强,从来都是以强胜弱,无非是本质强还是表面强,是局部强还是整体强”

  • 网友语录 - 第65期 -…

    这里记录我的一周分享,通常在周六或周日发布。 现在的学生拥有前所未有的优质教育资源,但他们却陷入成千上万种选择中不知该学什么、该用什么资源的困境。拥有资源并不意味着就能找到方向。 -- 《不要关闭你的大脑》(不只是学生,成年人又何尝不是如此? 幸福RT@邢早早 周日在汕头我地接社楼下一个小饭店里,吃了一碗潮汕焖香饭,吃第一口我差点哭出来。我高中时候自己在家,嘴馋,拿冰箱里的鱼丸和闷的黏糊糊的大米饭一起炒,炒完了撒一把白胡椒,放几粒花生米。就是这个味道,一模一样。我在遥远的潮汕吃到了我自己偶然创造的味道。 当你跑步时微微出汗,还能比较轻松地说话,呼吸、步频等节奏稳定,这就是有氧心率状态;相反,当你跑得上气不接下气,呼吸急促,无法维持当前的配速,那就是进入无氧运动状态了,这个时候就需要适当减速,让心率重新回到燃脂心率区间,然后继续跑下去。跑步指南 永远有人跑得比自己快,永远有人跑得比自己远,但记住,你只要在跑,你就是一个跑者。 fomalhaut The whole universe is all about love. 每天睡觉之前花几分钟写日记…算不上什么日记吧,只是三言两语,写写今天略微值得一记的东西。 说起来也没有什么用。但是,几年写下来之后,现在每天写之前都能看到过去几年的今天(如果有写的话)你都怎么过的。有悲有欢,有喜乐有哀愁。就觉得没有日子没有白过。 endif 为了维护现有复杂系统的质量,很多的讨论确实就是必要的,赶进度只会让系统的质量越来越低,背上越来越多的tech debt。 dimlau 我想起一些朋友聊天时提到当下才明白年少时曾听到的教诲是多么有道理。我倒觉得没什么好懊悔的,凡事大抵如此,如果没有亲身探索和经历过更丰富的可能性,就很可能不自知。而以人类有限的寿命,能体验的还是太少了,幸好还可以阅读。 webto 玩《异度之刃3》突然意识到:殖民这个词在中文语境下是纯负面的含义,但是 colony 这个词至今在西方语境下仍然有先进和浪漫色彩,大量文艺作品都是以开拓而非奴役/剥削来看待这个词的。 是你的SSR 只要能有一两件可以让我每天重复去做的事,我就能对抗这混乱的困境。没有重复的事,我就选择一件事来重复。(我之前每天小菜园拔草,饭后散步,现在又加上了晚间跑步:只是跑完步会很精神。也好,可以再读会儿书或者编会儿程。 野小合…

    Permanent link to “网友语录 - 第65期 - 永远有人跑得比自己快,永远有人跑得比自己远,但记住,你只要在跑,你就是一个跑者”

  • 网友语录 - 第64期 -…

    这里记录我的一周分享,通常在周六或周日发布。 苏慢慢 12月真的干了好多事情。只要你想启程,随时都可以出发。 This Acknowledgment conversation is all about putting the good stuff first. Not only is this easier and a whole lot more fun, it's also more effective. We're going to focus on being light, positive, and non-goal-oriented. We're not going to criticize or complain. We're not going to try to solve any problems. We're just going to get comfortable. This will help you and your partner build a solid foundation of sexual communication and trust. Sex Talks Repetition is one of the most powerful confident-building tools. (重复是建立信心最有力的手段之一) 种子萌发过程中,酶活跃起来,维生素合成,蛋白质和淀粉性质转变,更容易被人体吸收。所以豆芽的营养比豆子好。 凤凰飞 再深厚的友谊,一生可以见面的机会也屈指可数。 In general, emotional intimacy is a feeling of closeness. You care for each other, and you're willing to use your words and actions to help your partner feel understood, respected, and seen. There's a basic trust that your partner can be a safe container for your feelings and challenges. You feel like you can let down your…

    Permanent link to “网友语录 - 第64期 - 只要你想启程,随时都可以出发”
Archive of 2025