# Sam Collins's Weblog

> A disorderly collection of shared notes. Words by human; code by clanker.

- [Defending against npm attacks is hard](https://samcollins.blog/ssca.md): Supply-chain attacks are rising. Blocking fresh package installs sounds simple, but enforcing it across npm, pnpm, curl, GitHub etc. is the hard part.
- [Using “underdrawings” for accurate text and numbers](https://samcollins.blog/underdrawings.md): A technique for accurate text and numbers in AI-generated images: generate the layout deterministically, then ask the image model to paint on top.
- [Talking with my books](https://samcollins.blog/talking-books.md): How to use Claude Code as a tutor for a specific book by importing the full text via @file — and the context-window tradeoffs that come with it.
- [Multi-State Checkboxes](https://samcollins.blog/checkboxes.md): An expanded markdown checkbox syntax for tasks with more than two states, designed to render cleanly in Obsidian without plugins.
- [Using caps lock for voice transcription (macOS)](https://samcollins.blog/caps-lock.md): Three bash commands to remap Caps Lock as a hotkey on macOS — for triggering voice transcription apps that don't support it natively.
- [Bicycle for the Mind](https://samcollins.blog/bicycle.md): On the bicycle for the mind metaphor and what the 1973 Scientific American chart showed me

## Site Footer

- [Email](mailto:sam@samcollins.blog)
- [X / Twitter](https://x.com/smcllns)
- [RSS feed](https://samcollins.blog/rss.xml)