Weeknotes 240

1st February, 2026

“Always use hot glue”

The Mecha Comet looks like a cool little handheld computer which I would never use.
Make Ghostty look as much like iTerm as possible

Thanks to help from my mate Claude, I now have Ghostty configured to match iTerm with only a tiny difference (that I’ve noticed so far) so I’m moving over to give it a proper try.
typr

Most Beautiful Typing practice plugin for Neovim with dashboard

This does look very nice.
An unfortunate event: bleach on my new black hoodie 🙀 First I attempted to colour it in using black sharpie. That resulted in the coloured in bit being too black. So I resorted to dyeing it. No cigar. It is now a gym hoodie.
I “fixed” my Soundcore speaker again. You could say there is no “again” because I’m here fixing it a second time. I am of course blaming the speaker. The switches I bought were wrong. I used hot glue to fix it this time. Always use hot glue.
dol – “Detect dark/light mode on the CLI”

The definition of Unix – one thing well.
European alternatives for digital products

We help you find European alternatives for digital service and products, like cloud services and SaaS products.
“Secure by default” - how Phoenix keeps you safe for free

A lot of “indie hackers” apparently think that security isn’t important. Sure, it’s better to be secure than insecure, but you have a business to launch - security is a cost you can live without, so get your MVP out the door asap then you can worry about security later.

This has always been a problem with cowboy coders and I’m afraid that it’s only going to get worse with all the vibe coders out there. People who didn’t care before are even less likely to care now when they’re not even writing the code. AI is only going to exacerbate the problem.
Why Regex Serialization Changed in Elixir 1.19/OTP 28
WHY DOES SSH SEND 100 PACKETS PER KEYSTROKE?

This is a really interesting.

In 2023, ssh added keystroke timing obfuscation. The idea is that the speed at which you type different letters betrays some information about which letters you’re typing. So ssh sends lots of “chaff” packets along with your keystrokes to make it hard for an attacker to determine when you’re actually entering keys.

This is why I’m very suspicious of people who think they can roll their own security. Not quite a fair example here as obviously SSH is having to do things that most of us writing web applications are not, but still you need to be aware of things like timing attacks which are a lot more difficult to handle than a simple username and password.

I think they’re sometimes right! Interacting with LLMs is a new skill, and it feels pretty weird if you’re used to writing software like it’s 2020.

Very true. This new LLM stuff is learning how to use them effectively.
Todoist Ramble looks like a nice implementation.
Announcing TLSA Record Support

TLSA records bind TLS certificates to DNS names using DNSSEC. Instead of relying solely on Certificate Authorities (CAs) to validate certificates, TLSA records let you publish certificate information directly in your DNS zone. When a client connects to your server, it can verify that the certificate presented matches what’s published in DNS.
Some notes on starting to use Django

Around the same time as I was getting into Ruby I was also playing around with Python and I always liked it. I never got around to learning more though because it sort of felt like I had my “scripting language” bases covered with Ruby. Maybe that was silly.

Reading this kinda made me wonder what would’ve happened if I’d chosen Python and Django back then.
DS_Store Inspector — “Inspect .DS_Store files”

Might be useful to the right audience?
The Little Book of C

This looks like a nice introduction for the C curious amongst us.
Hopefully some advice to future me one day. People who are offering a software product, please tell me what it does and what problems it solves! It’s scalable? Oh, cool. It can streamline my blah? Sweet. What does your thing do? And include screenshots, for god sake.
nerdlog

Nerdlog: fast, remote-first, multi-host TUI log viewer with timeline histogram and no central server

This looks useful.
I noticed some burn-in on my Apple Studio Display this week. Not good. I do not want. I suspect this is my problem for not starting the screensaver enough.
How do you decide which JavaScript date picker to use? The paralysis by analysis is now affecting 3D printing activities. There is just so much stuff out there, which is wonderful, but deciding between this or that is very difficult. And given what I was saying last week about waste I’m doubly keen to not make mistakes.