I made a custom Payload CMS block that allows to create and update excalidraw diagrams within the CMS. It supports dark and light mode switching and rendering inline or as external SVG.
And last weekend I added MCP server with Oauth so I could generate and update those diagrams and add them to post drafts from Claude. I think it is more convenient since I don't have to use API billing model and don't need to build a custom UI.
Originally I wanted to sync posts from Obsidian but it doesn't have good enough image handling which I sometimes need and I needed extra metadata to unlist or password protect or noindex some posts.
You are correct, but integration with CI/CD and other services as a part of pull-request process in a modern platform is very convenient. I would not go back to e-mail. Especially since I can self host the whole platform like Gitea.
You can not trust the code or reviews it generates. You still have to review it manually.
I use Claude Code a lot, I generate a ton of changes, and I have to review it all because it makes stupid mistakes. And during reviews it misses stupid things. This review part is now the biggest bottleneck that can't yet be skipped.
An in an open source project many people can generate a lot more code than a few people can review.
In new installs you do stuff everything in EFI partition and skip the old /boot partition as such.
The better solution is to use tpm, unified kernel image and secure boot skipping the network unlock.
The whole process is like this -
1. enable secure boot;
2. generate and install your own secure boot keys (using sbctl);
3. use clevis to enable automatic unlocking of the root fs only when secure boot check passes;
4. generate the unified kernel image (in EFI partition) that is signed by your secure boot key;
4. use efibootmgr to enable booting of said kernel image.
(5.) If your CPU supports it, enable memory encryption in BIOS (to mitigate cold boot attacks).
The unified kernel image doesn't accept additional kernel parameters, so only parameters that are set during generation of the initram are used. The secure boot makes sure no one else has tampered with the boot chain. And TPM stores the disk key securely.
You can still add some additional network level check to make sure that your computer is in your expected location before unlocking.
And you can also include some recovery tools + dropbear in your initram (within the unified kernel image), if you expect that you will have to do some recovery from the other side of the world.
> 3. use clevis to enable automatic unlocking of the root fs only when secure boot check passes;
Can also use systemd-cryptsetup/systemd-cryptenroll for this. I've not used clevis myself, but I'd imagine you have to do somewhat more rolling-your-own compared to the systemd tools.
> The unified kernel image doesn't accept additional kernel parameters, so only parameters that are set during generation of the initram are used. The secure boot makes sure no one else has tampered with the boot chain. And TPM stores the disk key securely.
FYI, multi-profile UKIs are a thing. You can have one UKI with multiple different command lines, e.g. one for regular boot, one for emergency mode, etc.
You should see the apps on MacOS. Almost every single app that is not installed from Appstore has that shitty update popup, it is driving me nuts.
I think Linux has the best solution for this - good package managers for bases system and Flatpak with Flathub repo for other apps. So you never get stupid popups, and update managers use signed packages and check those signatures before installation.
I don't think it is because they can't do it or that they want to be a base for other distros. They simply let the user choose what the user wants. And if you don't know what you want then you learn it.
I switched to arch 15 years ago to learn Linux. And it is by far the best way to understand it.
Having used Arch I can easily maintain almost any distro out there, but it doesn't work the other way around.
> Having used Arch I can easily maintain almost any distro out there, but it doesn't work the other way around.
I think this is an important thing to recognize. It's exactly why I tell people that want to learn Linux to do it (but not people who want to use Linux). The struggle is real, but the struggle is part of the learning process. The truth is that distros are not that different from one another. The main difference is in the package manager and the release schedule of their package databases.
I'd also like to tell any Linux newbies, the Arch Wiki is your best friend. It doesn't matter if you're using Ubuntu, Mint, or whatever. The Arch Wiki is still usually the second place I go to for when I need help. The first is the man pages (while there's some bad documentation out there it is quite surprising how well most man pages are written. Linux really has shown me the power and importance of writing good documentation)
I have claude code hooks that send local computer notifications when action is required or processing finished. And when I step away from computer, I get those notifications through pushover. Then I login on phone to ssh (mosh) with Termius and connect to the tmux session running claude. I use this approach when watching TV with the family and laptop is not appreciated on the sofa. :)
Every time I read these "I've managed to control Claude Code from my phone posts", they come with some variation of "so that I can continue being on my computer" during some other activity. It's a very personal decision, but feels like on of these points where people should re-evaluate. Just because we can, doesn't mean we should.
> it was so good that I caught myself coding from my phone while out with friends… and decided that this is something I should stop, more for mental health than anything.
I wouldn't want to code from phone. Ugly to type code on a tiny screen. But this feels different. Voice typing emails to an agent, from a space removed, taking a step back? It gives perspective. It's a good way to work, I find.
You can be in your day. You don't have to be 'head in the code'. Let the agent take care of it. That's what I made it for. To get you out of that!
I am not coding while out with friends. I am just checking status and giving new instructions between breaks. It lets me spend more time away from the computer screen without feeling unease.
I made a custom Payload CMS block that allows to create and update excalidraw diagrams within the CMS. It supports dark and light mode switching and rendering inline or as external SVG.
And last weekend I added MCP server with Oauth so I could generate and update those diagrams and add them to post drafts from Claude. I think it is more convenient since I don't have to use API billing model and don't need to build a custom UI.
Here is an example post: https://www.janhouse.lv/blog/network/self-hosting-tailscale-...
Originally I wanted to sync posts from Obsidian but it doesn't have good enough image handling which I sometimes need and I needed extra metadata to unlist or password protect or noindex some posts.
reply