AI-generated music | eshlox I discovered Polish folk music on YouTube that I genuinely enjoyed. Then I found out it was AI-generated, and I stopped listening. I'm still not sure why.

#AI generated #music.

eshlox.net/ai-generated...

Devs on my feed: #TUI to #GUI, #AI gets access to everything.

Me: back to the #terminal, #sandbox everything I can.

Am I the weird one here? 🤔

Automatic tmux window names with just | eshlox Using just recipes to rename tmux windows based on the running task, then restore the name when the command exits.

Automatic #tmux window names with #just.

eshlox.net/tmux-window-...

Think twice before you install | eshlox The more software I install, the bigger the chance that I run something unsafe. One mistake, and everything the app can access is at risk.

eshlox.net/think-twice-...

So I install less. I #sandbox what I can. I keep as little sensitive data on the computer as possible, encrypt what stays, and restrict what the apps can reach.

Compiling from source only helps if someone actually reads the code, and almost nobody does.

There are a lot of interesting apps and libraries released every day, but how can I trust all of them? The App Store (in case of #Apple) is a safer default because apps there are sandboxed and reviewed by Apple, but it’s not a guarantee.

It’s nothing new, but now more than ever it’s time to think about what we install.

- Is it sandboxed?
- What access does it have?
- Do we trust the source?
- Do I really need this app?
- Is there a more secure alternative?

The new attack surface is #AI tooling. #MCP servers, agents, browser and editor extensions. They often get more access than a regular app, and we install them without thinking, because they are useful and the hype is big.

And it’s not only about the app itself. Most of the risk hides in the dependency tree. One small package deep inside, compromised or taken over, and the whole app is compromised with it. You don’t pick those packages, the devs do.

The more software I install, the bigger the chance that I run something unsafe. One mistake, and everything that the app can access is at risk of a leak.

I should trust that the devs use YubiKeys, #2FA, secure their computers, use sandboxes, scan and pin dependencies, take care of publishing and access to third-party services, and keep the security at the top level.

I should trust that the devs not only write good code, but also review the AI-generated code.

To protect my computer from malicious #software, I would need to install only the apps that I trust. I should trust that the code does what it is supposed to do. 🧵

Paste clipboard images as files with Hammerspoon | eshlox A Hammerspoon hotkey that saves clipboard images to the current tmux pane directory. Workaround for AI sandboxes that do not support image pasting.

I use a Hammerspoon hotkey to save clipboard images as files because my AI sandbox can not see the clipboard. It works, but feels hacky. Anyone have a better way?

eshlox.net/clipboard-image-to-file-hammerspoon

Running Claude Code in Docker sandbox (sbx) | eshlox A quick guide to running Claude Code in a Docker sandbox using sbx. No permission prompts, isolated environment.

Running #Claude Code in #Docker #sandbox (sbx)

eshlox.net/running-clau...

My Ghostty config on macOS | eshlox A minimal Ghostty terminal config for macOS. No titlebar, auto tmux, Catppuccin theme, and a few quality of life tweaks.

My #Ghostty config on #macOS.

eshlox.net/ghostty-conf...

Global justfile: run recipes from anywhere | eshlox A single justfile for commands you need everywhere, not just in a project.

Global #justfile: run recipes from anywhere

eshlox.net/global-justf...

AI and my blog posts | eshlox I use AI to help me write some of the blog posts. Here is why and how.

#AI and my #blog posts.

eshlox.net/ai-and-my-bl...

How to protect your project from npm supply chain attacks | eshlox A practical guide to protecting your JavaScript project from npm supply chain attacks using pnpm, Socket Firewall, and frozen lockfiles.

How to protect your project from npm supply chain attacks.

eshlox.net/npm-supply-c...

term.css: a classless CSS framework with terminal aesthetics | eshlox A minimal CSS framework that styles semantic HTML out of the box. No classes required. Terminal-inspired, themeable, accessible.

term.css: a #classless #CSS #framework with #terminal aesthetics

eshlox.net/term-css

VoiceInk: local voice-to-text on macOS | eshlox VoiceInk is a macOS app that transcribes voice to text locally on your device. Private, fast, one-time purchase, no subscription.

#VoiceInk: local #voice-to-text on #macOS

eshlox.net/voiceink-loc...

Dotfiles backup with a bare Git repo | eshlox Back up macOS config files to GitHub without symlinks or extra tools. Just Git.

Dotfiles #backup with a bare #Git repo

eshlox.net/dotfiles-bar...

AI commit messages in lazygit | eshlox Let Claude generate commit messages from your diff, right inside lazygit.

#AI commit messages in #lazygit

eshlox.net/ai-commit-me...

Automate tmux sessions with tmuxinator | eshlox Define your tmux workspace in YAML and start everything with one command.

Automate #tmux sessions with #tmuxinator

eshlox.net/tmuxinator-a...

Caps Lock as a super key on macOS with Hammerspoon | eshlox One key for Escape, Ctrl, and app switching. Using hidutil and Hammerspoon on macOS.

Caps Lock as a super key on #macOS with #Hammerspoon

eshlox.net/capslock-sup...

just: a simple command runner | eshlox A justfile in every project. Run commands with fuzzy search instead of remembering them.

#just: a simple command runner

eshlox.net/just-command...

lazygit: a better way to use Git | eshlox A terminal UI for Git with staging, rebasing, and side-by-side diffs. My config with Catppuccin Latte and delta.

#lazygit: a better way to use #Git

eshlox.net/lazygit-setup

Do you have a blog where you write about #programming, #blockchain, #devops, #tech, #health, or #games? Drop a link. I'd love to add it to my #RSS reader!

My tmux setup | eshlox How I use tmux for multi-project work with Ghostty, session-per-project, and prefix-free shortcuts.

My #tmux setup.

eshlox.net/tmux-setup