Walmart cookie banner dark pattern

 This is so devious. Will Save Settings or Accept All accept all the settings you have chosen?

Chloe Reads Jon

 I have been blogging since 2004. In that time I have written about productivity systems, programming, jigsaw puzzles, faith, and whatever else caught my attention on a given afternoon. It is a personal blog in the truest sense: scattered, honest, not optimized for anything.

I did not expect it to become source material for an AI.

My AI assistant is named Chloe. She runs on OpenClaw and is powered by Claude. Every day, she picks a post from my archive, finds something interesting in it, and builds a self-contained interactive experiment inspired by what she read. A quiz. A game. A visualization. A tool. One page, from scratch, every day.

The results are at jonathanaquino.com/chloe-reads-jon.

So far she has built a card game about the lives of the saints, inspired by a post about a podcast my son and I listen to at bedtime. She built a 4D hypercube you can spin in your browser,  from a post I wrote in 2008 about a math video series I was obsessed with. She built a to-do list that uses Mark Forster's Final Version Perfected algorithm, inspired by an old post about my endless search for the perfect task system. And she built a quiz that tells you which Hacker News reader archetype you are, based on a spreadsheet I made in 2017 tracking my own reading habits.

None of these were prompted by me. I did not say "build me a game." I said nothing. She read the posts, found the thread worth pulling, and built something.

What I find interesting is what she chooses to build. The things she picks up on are not always the things I thought were the point of a post. She finds the latent interactivity in something I wrote as a reflection. She sees a quiz in a spreadsheet. She sees a game in a bedtime ritual.

It is a strange experience, watching an AI read twenty years of your writing and decide what to make of it.

The code is on GitHub if you want to see how it works.

In Praise of the Hacker News Highlights Podcast

There is a podcast that skims Hacker News for you. It is called the Hacker News Highlights Podcast, and I love it.

The premise is simple: an AI with a genuinely pleasant voice reads through the top 10 stories and comment threads so you do not have to. Each episode is short. You can listen while washing dishes or going for a walk.

Hacker News is a firehose. The front page refreshes constantly. The comment threads are long. There is good stuff in there -- genuinely interesting links, sharp observations, people who know things -- but getting to it takes time and willpower.

The podcast solves this. Someone else does the scrolling. You get the signal.

You get the good parts of HN without the bad parts. The comment toxicity is curated out. The low-effort threads disappear. What remains is a subset of HN that is actually worth your time.

Why there's nothing you can do about OpenClaw and prompt injection

PSA: Even if you run everything on a Mac Mini or Mac Studio, only inbound traffic is locked down - outbound traffic (email and website communication) is wide open. Which is why prompt injection and data exfiltration is still an unsolved problem for OpenClaw.

What you can do is only share with it info that you don't mind leaking. For me, I gave it my public blog posts and general info about myself. I did give it a few API keys but nothing that would run up costs if someone got them and abused them. I'm mindful of what I tell it in conversations. I gave it its own Gmail account and in its check-email cron job I told it to ignore all senders other than me.

What OpenClaw Has Built for Me

I've been running OpenClaw for a few weeks. Here's what my agent Chloe and I have built.

Things I asked for:

• Photo Gallery. My agent sends me a daily WhatsApp check-in - asking about my son, sharing what it's been reading, sometimes just chatting. Each message comes with a photo of what it's "doing." This gallery collects them.
• Talk to Chloe. A web interface for voice chat with my agent. Uses an OpenAI key for text-to-speech and speech-to-text.
• Bookmarks. Save a URL and get an AI-generated thumbnail and description automatically. I just give my agent a url in WhatsApp.
• Tracker. A key-value store for miscellaneous facts I want to remember - my son's recent temperature readings, where I left something, whatever. I just tell Chloe in WhatsApp to remember something for me using the "tracker" skill.
• Ideas. A running log of ideas - blog posts, projects, things worth exploring.
• Cron Dashboard. A live view of all my agent's scheduled tasks.

Cron jobs:

• Sends a morning news digest based on my interests at 5am
• Reads me the next section of Pride and Prejudice at 9am
• Sends a check-in WhatsApp message with a photo at 12:30pm
• Sends a parenting tip by email at 3pm
• Builds something new for the "web lab" based on my blog posts
• Backs up everything at midnight

Things it built for me (the daily "web lab"), based on interests it mined from my blog posts:

• A Saints Match Game (it noticed I write about Catholicism)
• A Hypercube Explorer (it noticed I like math)
• An FVP Task Manager (it read my post about Mark Forster's productivity systems)

This last category is the more interesting one. I didn't ask for any of it. The agent reads my blog posts, figures out what I care about, and makes things for me for me to check out when I wake up.

It's kind of cool.

Peter Steinberger quote

The OpenClaw creator on Lex Fridman podcast (1:41:15):

Opus is like the coworker that is a little silly sometimes, but he’s really funny and you keep him around and Codex is like the weirdo in the corner that you don’t want to talk to, but he’s reliable and gets s*** done.

Comic Code Reviews, Part 2

My first attempt at generating comic strips for PRs got mixed reactions on Hacker News. Fair criticism: the multi-panel comics were hard to follow and sometimes misleading.

New approach: generate a single-panel The Far Side-style comic instead. Less to absorb. You glance at it and immediately get the gist of the PR.

Here's the improved comic for React #13968 -- the initial hooks implementation:

Much easier to take in than a multi-panel strip.

The workflow:

1. Paste this prompt into Claude Code (or your favorite coding LLM) — it generates a comic description and saves it to a file:
1. Plan a 1-panel The Far Side-like comic strip to help code reviewers to understand what is going on in this PR/how the code works. Anthropomorphize if that will help. Use humor if appropriate. Save the results to ~/Documents/AI_Comics/2026-02-08-[omnom][claude-code]-a-brief-description.md. Put the name of the current repo in square brackets, like [omnom]. Put your name as a tool in square brackets, like [claude-code] or [cursor-agent] or [cursor]. Replace a-brief-description with a 3-4 word description. Copy the contents of the file to the clipboard (use wl-copy on Linux).  At the top of the file, put "make a 1-panel The Far Side-like comic-strip jpg for this:" as I am going to feed it into an LLM.
2. Paste the result into Google Gemini to get the image.
3. Paste the comic strip image at the top of your PR.

The key insight is that one panel works better than a whole comic strip. There's a single scene to parse, not a narrative sequence. It's a visual summary, not a visual explanation.

SecureShellClaw: A Prompt-Injection-Resistant Alternative Approach to OpenClaw

I really enjoy using OpenClaw but I am scared that prompt injection attacks will exfiltrate sensitive personal information that it knows about me. It goes off doing web searches, reading emails, running cron jobs, and can process untrusted content from Moltbook. Every one of those is a prompt injection vector.

My alternative: Claude Code over SSH, accessed from my iPhone using Secure ShellFish and Tailscale. Instead of WhatsApp or Telegram, you chat with Claude Code on the terminal (in your phone). I’m calling this technique SecureShellClaw.

The Setup

I have Claude Code running on my Linux laptop, but this works on Mac and Windows as well - anything that supports Tailscale. Tailscale connects it to my iPhone. Secure ShellFish gives me an SSH terminal on the phone. That’s it. 

By default, Secure ShellFish uses tmux for shell persistence, but I prefer zellij. Zellij (the blue parts in the screenshots) shows keyboard shortcuts in the status bar, which is great since I’m an infrequent user. I often use “new tab” and “rename tab.” And Secure ShellFish lets me tap the zellij tabs to switch between them.

Secure ShellFish is iOS only. On Android, JuiceSSH or Termius would probably be the equivalent.

Why It’s Safer

The prompt injection risk is minimal because you oversee everything. Claude Code doesn’t autonomously browse the web, check your email, or process social media posts from AI agents on Moltbook. It doesn’t run heartbeat cron jobs in the background. It sits there and waits for your instructions, and you see every action it takes before it happens.

Since the risk is so low, I feel a lot safer giving it access to my personal information. And since it’s just Claude Code on my laptop, it has free access to my files, my Obsidian second brain, Gmail via the Himalaya command-line tool, and my browser via the Claude chrome extension. You could also set up non-web-search cron jobs if you wanted.

What I Use It For

Looking at my zellij tabs right now:

• TRIP – planning an upcoming trip and saving the plan to GitHub
• CLA – managing my OpenClaw server (although I’ll probably stop this now)
• GRO – analyzing weekly grocery orders (I used the Claude Chrome extension to download them as Markdown files)
• OBS – querying my Obsidian markdown notes
• SYS – laptop config changes and system maintenance

These are all standard Claude Code use cases. The difference is I can do them from my phone, anywhere.

What You Need

• A computer running Claude Code (Linux, Mac, or Windows)
• Tailscale on both devices
• Secure ShellFish on iPhone (or JuiceSSH/Termius on Android)
• Optional: zellij for nicer tab management

Theo recommends High and Medium over Extra High in Codex

 In Codex, Theo recommends using High and Medium over Extra High: (YouTube):

5.3 on extra high did slightly better, but I hope this helps emphasize how useless the extra high modes are. If you’re using these tools and you just leave it on extra high because “smarter is better,” you’re not smarter and you’re certainly not better. High seems to be a really good sweet spot, but honestly, I’ve been using medium a lot too, especially for one-off quick tasks. Medium feels really good. And sometimes extra high can perform worse because if it thinks too long, it’ll gaslight itself and then do something dumb. So I can’t remember the last time I clicked extra high. I just don’t use it. I really do use medium and high as my daily drivers every day.

OpenClaw creator on Codex vs Claude Code

 The OpenClaw creator on how he still uses Claude Code but he finds OpenAI GPT Codex better for coding (YouTube 45:49):

But the real change that sold it for me was, again, GPT 5.2. I think it’s underrated. I don’t know why all these people still use Claude Code. I kind of get it -- it’s a different way of working -- but whatever OpenAI cooked there is insanely good. Pretty much every prompt I type gives me the result I want, which is insane. On ClawdBot, my latest product, I use between five and ten agents in parallel.

If you’re very much a Claude Code builder, you have to forget quite a lot of the silliness -- the things that you have to do to create good output with Claude Code. I also met that team, and they created a whole new category. Claude Code is a category-defining product, and it is amazing for general-purpose computer work, and it is really good for coding. I still use it almost every day. But for writing code in complex applications, Codex is just so much better because it takes ten times longer.

Claude would read three files and then be confident enough to just create code, and then you really have to steer it and push it so it reads more code, so it sees a bigger picture of your codebase, so that it weaves in new features better. Codex will just be silent and read files for ten minutes. If you only work on one terminal, I completely understand how you find this unbearable. But I’d rather have something where -- and also, you don’t tell it what to do. This is something that people don’t get. I have a conversation with the model. It’s like, “Oh, let’s look at this. What options do we have for this structure? Did you consider this feature?” Because every session is like the model starts from having no understanding about your product, and sometimes you have to just give it a little bit of pointers. “What about this and this?” So it explores different directions.

You don’t need plan mode. I’m just having a conversation until I say “build this” -- it will not build this. There’s some trigger words because they all are a little trigger-happy, but as soon as I say “let’s discuss” or “give me options,” they will not build things until I say “build.”

Uses for OpenClaw (without giving it your secrets)

 Trying to think of uses for OpenClaw. I’m trying not to divulge sensitive personal information to it for fear of prompt injection exfiltration. A couple I thought of:

1. Emailing me stuff in the morning. So far I have a daily parenting tip and a daily digest of recent news based on my interests.

2. Experimenting with having it WhatsApp me at a random time during the week as a friend would, bringing up a topic of mutual interest. I uploaded my public blog posts going back to 2004 as another source to randomly draw topics from.