Flaviu Vlaicu← whois

The Operator’s Manual for Hermes Agent Building an AI assistant that can act, remember, and improve Operator’s Manual · Edition 3.2 · Verified against official Nous Research documentation About This Manual This manual explains how to deploy and operate Hermes Agent as a persistent “operator” — an AI system that runs continuously, uses tools, remembers context across sessions, and improves over time — rather than as a single-session chatbot. It covers architecture, installation, the core mental model, day-to-day workflows, the operator loop, common failure modes, advanced configuration (including offline skill optimization with GEPA), and a distilled set of operational lessons. ...

I bought a Minisforum MS-A2, lived with it for months, modified most of it, pushed it harder than most people will, and then sold it. This review is the long answer to why, and it isn’t a clean recommendation either way. The MS-A2 is one of the most impressive small machines you can buy. It’s also one I’d never put on my desk or in my living room. I’ll explain how both of those are true. ...

Q-Feeds delivers curated indicators of compromise (IPs and domains) on a schedule. The OPNsense plugin is purpose-built to consume the IP feeds, and the official documentation assumes you’ll feed the domain side into Unbound. If you’re running AdGuard Home as your primary DNS resolver instead of Unbound — as I am — that integration path doesn’t apply directly, and you have to wire the domain feeds in manually. A two-layer threat intelligence setup is only as good as the DNS path that feeds it. This post walks through wiring Q-Feeds into OPNsense (IP layer) and AdGuard Home (DNS layer), and then — the part that turned out to matter most — actually forcing every device on the network to use that DNS path, instead of just offering it. ...

Most Claude Code setups are static. You write a CLAUDE.md, list your conventions, and hope Claude follows them. When it doesn’t, you correct it. Next session, it forgets. You correct it again. This guide builds something different: a system where every correction you make gets captured and logged, repeated corrections automatically become permanent rules, discovered patterns get verified before they’re trusted, and a periodic audit command decides what stays, what gets promoted, and what gets pruned. ...

Problem When using mosh with a FIDO2-backed SSH key (sk-ed25519 / sk-ecdsa, e.g. YubiKey), the touch prompt is never shown. The YubiKey blinks — meaning it received the signing request — but the terminal hangs silently until timeout. This affects any tool that invokes SSH as a subprocess without a proper controlling TTY, including mosh and ansible. Root Cause Mosh calls SSH internally with the -n flag: ssh -n -tt -S none -o ProxyCommand=... <host> -- mosh-server new ... The -n flag redirects SSH’s stdin from /dev/null. libfido2 needs a real /dev/tty to print the touch prompt. With -n in effect, the signing request reaches the YubiKey hardware (hence the blinking) but the prompt is swallowed and there is no way to respond. ...

If you’ve ever had an SSH session freeze mid-command because you switched from Wi-Fi to mobile, or lost your work because a hotel network dropped for three seconds, Mosh is the tool that fixes all of that. What is Mosh? Mosh (Mobile Shell) is a remote terminal application that replaces SSH for interactive sessions. It uses SSH only for the initial authentication handshake, then hands off to its own UDP-based protocol (SSP — State Synchronization Protocol) for the actual terminal session. ...

uv + direnv A manual, lightweight approach to Python virtual environment management that auto-activates when you cd into a project and deactivates when you leave — without ever running source .venv/bin/activate again. Why This Approach? Traditional Python workflows require manually activating and deactivating virtual environments. Forget to activate? You install packages globally. Forget to deactivate? You pollute one project with another’s dependencies. This setup eliminates that entire class of mistakes. ...

Features Smart Update Logic: Intelligently handles dual-stack environments. It preserves existing IPv4 records when adding IPv6 (and vice versa), eliminating race conditions. Automatic PTR Generation: Automatically generates reverse DNS (Pointer) records in both standard and in-addr.arpa formats. Persistence & Repair: Includes rc.syshook.d scripts to ensure patches survive OPNsense firmware updates and system reboots. Dedicated Logging: Writes detailed, timestamped activity logs to /var/log/kea-unbound.log with automatic rotation via newsyslog. Smart Hostnames: Automatically generates hostnames from MAC addresses or DUIDs if the client device does not provide one. Non-Destructive: Uses OPNsense’s native hook system to inject configuration safely without modifying core system files. Prerequisites Before installing, ensure the following services are enabled in OPNsense: ...