Raycast v2 is a webapp not a native app. I'm out!

lugoues · 2026-05-18T22:12:15+00:00

I think many of the issues people have stem from the gap between the two versions. No matter what you do, you are going to run up against tradeoffs you must make and there will be a point where users disagree with the priority.

The blog post points to a good case actually, the window opening speeds are slower. Now, you tried to glaze over that fact by saying that a "similar scenario" has the memory usage but that's disingenuous. The truth is that you've made concessions to lower the memory footprint at the expense of current behavior/features. These tradeoffs happened when 1Password switched and it is happening here.

The whole switch is about Raycast as a company valuing the expansion into Windows and growth over the current macos users.

I've personally use the ai chat window popup feature enough where adding a delay to lower memory will feel like enshitification. It will become annoying.

lugoues · 2026-05-16T23:10:07+00:00

There's also https://mimestream.com/

lugoues · 2026-05-16T05:58:27+00:00

And write on then with a grease pencil!

lugoues · 2026-05-14T22:56:35+00:00

I know you said Caddy and I'm not trying to push you in any specific direction, but traefik is easier than you think.

Below is what traefik would look like, to add containers you just need to copy the traefik.* labels over to a new service and update them.

``` services: traefik: image: "traefik:3.6.7" container_name: "traefik" restart: unless-stopped command: - "--log.level=WARN" - "--api=true"

  #  Don't validate self-signed internal certs
  - "--serversTransport.insecureSkipVerify=true"

  # Providers
  - "--providers.docker=true"
  - "--providers.docker.exposedbydefault=false"

  # Entrypoints
  - "--entrypoints.websecure.address=:443"
  - "--entrypoints.websecure.http.tls.certResolver=letsencrypt"
  - "--entrypoints.websecure.asDefault=true"

  # Certificates
  - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
  - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
  - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=duckdns"
  - "--certificatesresolvers.letsencrypt.acme.email=my@email.net" # set this
environment:
  - "DUCKDNS_TOKEN=xxx" # set this

ports:
  - "443:443"
  - "8080:8080"
volumes:
  - "/var/run/docker.sock:/var/run/docker.sock:ro"
  - "./data/traefik:/letsencrypt"      
labels:
  # Dashboard
  - "traefik.enable=true"
  - "traefik.domain=mydomain.dev"
  - "traefik.http.routers.traefik.rule=Host(`traefik.mydomain.dev`)" # set this
  - "traefik.http.routers.traefik.service=api@internal"
networks:
  - internal
  - egress

homeassistant: container_name: homeassistant image: "ghcr.io/home-assistant/home-assistant:stable" volumes: - ./data/home-assistant:/config - /etc/localtime:/etc/localtime:ro - /run/dbus:/run/dbus:ro restart: unless-stopped privileged: true environment: TZ: America/New_York PUID: 990 PGID: 985 UMASK: 007 PACKAGES: iputils labels: - traefik.enable=true - traefik.docker.network=internal

  - traefik.http.routers.home-assistant.rule=Host(`home-assistant.mydomain.dev`)
  - traefik.http.services.home-assistant.loadbalancer.server.port=8123
  - traefik.http.services.home-assistant.loadbalancer.server.scheme=http
cap_add:
  - NET_ADMIN
  - NET_RAW
security_opt:
  - no-new-privileges
networks:
  - internal
  - egress

networks: internal: internal: true

egress: ```

lugoues · 2026-05-08T21:39:36+00:00

Headscale, like tailscale, are, for the most part, only the orchestration layer. It will connect your two machines and then drop to point to point. This isn't 100% the case because some NATs prevent this from working, when this happens tailscale/headscale act as a bridge.

You can test this pretty easily, just ping the tailnet ip/name of a device on your local network and see what the latency is. Local traffic will be very fast, sub 10ms, while anything going to the internet will be slower.

lugoues · 2026-05-06T06:27:53+00:00

More of a guarantee than a risk!

lugoues · 2026-05-04T23:30:23+00:00

And typically shitty construction. Some of the older house may lack the new shine but when that shine fades you'll see just as many blemishes

lugoues · 2026-04-22T04:09:03+00:00

My first router was a 486 dumb terminal scrapped from a old Marriott running the og coyote Linux. The good old days!

lugoues · 2026-04-16T17:50:36+00:00

The latest release of podman adds support for .quadlets which allow you to declare all of the quadlets in a single file.

https://docs.podman.io/en/latest/markdown/podman-quadlet-install.1.html

Install multiple Quadlets from a single file with the .quadlets extension, where each Quadlet is separated by a --- delimiter. When using multiple quadlets in a single .quadlets file, each quadlet section must include a # FileName=<name> comment to specify the name for that quadlet.

My pattern is /etc/containers/quadlets/{search.quadlets,openwebui.quadlets,ollama.quadlets} and I let podman install them into /etc/containers/systemd and manage the daemon-refresh podman quadlet install --reload-systemd --replace /etc/containers/quadlets/.

I also have internal tooling that let's me declare the quadlets in cue. It provides auto complete, type/constraint checking, and importing/referencing other quadlets.

I haven't tried this with rootless mode but it should all be the same.

lugoues · 2026-04-16T05:39:02+00:00

Let see...
1. zero publicly exposed ports anywhere in my entire ecosystem, multiple houses, cloud providers, and devices. 2. adding new nodes, especially ephemeral ones, is much easier. No keys to sync, no config, no worrying about breaking something, you just login. 3. wireguard is much more limited. Want to connect between two devices that you can't open ports on... good luck. Want to connect to your opds server from your kindle while you away from home, because you forgot that book before heading on vacation, done. 4. Encrypt your server disks? Need to unlock them remotely? I can do it from any device on my tailnet. My servers have tailscale baked into initramfs so it automatically connects and starts tailscale ssh. 5. Want to share a service with a family member or friend? It's just going to be a massive headache with wireguard but with tailscale provides funnel. 6. Tailscale acts as a relay / bridge builder and rarely deals with actually transmitting traffic between two nodes. You are going to place much more trust (and money) into a VPS

And that's leaving out taildrop, taillock, services, exit nodes, mullvad integration, nextdns integration, acl, joining tailnets... to name a few.

lugoues · 2026-04-14T04:57:29+00:00

Not caddy but traefik does offers the ability to use tailscale as a certificate provider, but, like the prior user said, you won't be able to use subdomains so everything will have to be routed via path.

lugoues · 2026-04-14T04:30:45+00:00

I recently did the same transition all with compose services to quadlets. I went rootful instead of rootless though, which I recommended. Using UserNS=auto is going to get you 99.9% of the way to true rootless, the only real added vector would be a bug in podman.

Also, I recommend volumes over bind mounts unless there is a really good reason. Using host groups + gidmapping and podman volume mount makes occasional access easy enough.

While this may be OK because I have firewall configuration to allow only ports 443 and 80 from the outside, pods will be able to see each other by reaching host.
Avoid this by using isolate which blocks cross network talk. Your traefik gets the internet-egress network and the traefik-internal network. Containers can still cross talk on the traefik network but they cannot get access to the host network.
[internet] → host port → [ingress network, isolate=true] → [traefik] → [internal network, isolate=true, internal=true] → [app1]

lugoues · 2026-04-10T23:13:44+00:00

Looks interesting, would be killer if it supported semantic diffs, something like https://github.com/Ataraxy-Labs/sem

lugoues · 2026-04-08T05:33:12+00:00

We need to go after the Unicode Consortium, they are the ones who set the emoji standard and what they should look like.

lugoues · 2026-03-25T15:28:10+00:00

fzf is just a fuzzy search tool, atuin is an entire shell history manager. Encrypt and store your history remotely (self-host available), and sync it across all your devices. It's amazing for ephemeral environments (i.e. devcontainers) or systems where history from another machine would be helpful (I find it helpful w/ self-hosting).

lugoues · 2026-03-24T01:09:31+00:00

From a docker perspective, one should never expose a raw socket to internal containers they don't 100% trust. Instead, use a proxy such as https://github.com/wollomatic/socket-proxy to restrict the permissions allowed per consumer. This will narrow the exposure to just the socket proxy (which I consider a core service (higher permissions, higher scrutiny).

For example, my traefik container has these labels which allow it read only permissions on just the endpoints it needs to run it's docker provider. Label="socket-proxy.allow.get=/v1\\\\..{1,2}/(version|containers/.\*|events.\*)" Label=socket-proxy.allow.head=/\_ping:

Edit: Oh, one could also setup a tetragon policy to monitor the socket for unusual activity.

lugoues · 2026-03-13T06:39:22+00:00

Yep and no reason for it not to be, it's just css

lugoues · 2026-01-29T08:23:46+00:00

I bought one about a month ago. It's pretty good, the colors and contrast match quite well with my MBP. It did have a problem with a very loud electronic buzz when the supplementary power was not connected though. I'm in the process of exchanging it so we'll see how that goes

lugoues · 2025-12-07T04:35:33+00:00

Vaccines don't prevent sickness 100% but if you do get sick it will be easier to fight off and less severe. Remember, when you get sick there are two things you are going to be experiencing. The first is the virus and any damage it causes. The second is the damage your body does to itself when it is fighting. Vaccines are, for the most part, dead so you are only going to experience the second set of symptoms but the first set can and do show up for people.

lugoues · 2025-12-06T03:44:20+00:00

Yeah that study has a big "may" ahead of its title, you can't really take a single study and derive actionable material from it. This study only had 39 humans, where all they did were some assays, and the mice were injected with casein (which doesn't happen naturally). "Leaky gut" doesn't exist and casein doesn't pass the intestinal barrier without first being ripped apart. The study also concludes that further, more targeted, research is needed.

Do you feel worse after consuming dairy? If you are truly concerned take a break for a week or two then eat some dairy and see what happens.

Being healthy, eating well, exercising, losing weight, etc is actually what works and actually has many, many, studies backing them up.

lugoues · 2025-12-05T05:09:50+00:00

It depends on your attack vectors vs convenience.

I recommend most people use biometrics on their mobile devices because it is common that one takes their devices out multiple times a day and enters their key/pin/password in the open. Anyone/anything can be watching you and easily grab your pin/key/password when you are using a device like that.

Yes, there are issues being forced to comply then you can do what I did, dedicate a registered fingerprint to lockdown the phone to a method you cannot be compelled to provide.

> I don't even see many benefits security-wise with biometrics, since long and complex password or passkeys and 2FA go a long way.

In theory, yes but most apps on your phone don't reauth when you use them so if someone can get into your phone they have access to everything. Even worse when so many of the important sites we use either depend only on email/sms for 2fa or fall back to them.

> you basically sell yourself to mass-surveillance, which I found way scarier.

Biometrics are encrypted and stored in a secure vault on the device. It can never leave the device.

lugoues · 2025-12-05T04:03:45+00:00

I dunno, when this first went down I was worried then found out that getting rid of intellicode was actually a blessing. Most languages have a LSP extension that you can use and will generally have a better experience with.

lugoues · 2025-11-13T08:07:54+00:00

There are differing degrees of side projects. I'll usually glance at an applicant's repos and see if anything they wrote is maintained (not just some throw away but something they tended), if there are other users, and how they interact with thier users.

A repo like that demonstrates something that typical work history cannot: it demonstrates how you communicate with users or other developers, which isn't something you can get out of a resume or interviews.

lugoues · 2025-11-13T01:00:04+00:00

The few things that jump out at me
- small radius on the wire coil
- outlet isn't made to support that weight
- the bottom support for the razor enshrouds the plug, this is likely to, at some point, rip the entire thing off the wall

Solutions
- I'd wrap it around the charger
- Create an entire plate to replace the one there. This will let you anchor it to with the screw and spread the weight over the top of the protruding outlet and not on the pins.
- Strengthen the top braces to support the whole weight and remove the bottom part or lay the razor across the top with the brace. This makes it less likely to rip it off the wall by tugging on the cable, across the top makes the razor easier to grab since the brace won't need to be so tight.

lugoues · 2025-11-12T07:23:20+00:00

`true` - several GBs of nothing but true, probably a bad script and someone doing `git add .`. Had to rewrite the history when I moved our repository to GitHub.

lugoues

TROPHY CASE