Skip to main content

Found a Google XSS Vulnerability

· 3 min read

Programmer Matan found an XSS vulnerability and reported it to Google, receiving a reward of $3,133.7 (approximately ¥22,666 RMB).

Here are Google Bug Hunter's reward rules:

👉 Image from https://bughunters.google.com/about/rules/google-friends/6625378258649088/google-and-alphabet-vulnerability-reward-program-vrp-rules

Here's how it started. Matan read an article exposing a Google SSRF vulnerability that mentioned this Google website:

📍 https://toolbox.googleapps.com

So he began exploring, first by checking the robots.txt file:

#apps-toolbox
User-Agent: *
Allow: /apps/main
Allow: /apps/browserinfo
Allow: /apps/checkmx
Allow: /apps/dig
Allow: /apps/har_analyzer
Allow: /apps/loganalyzer
Allow: /apps/loggershark
Allow: /apps/messageheader
Allow: /apps/recovery
Allow: /apps/useragent
Allow: /apps/other_tools
Allow: /apps/encode_decode
Allow: /apps/screen_recorder
Disallow: *

robots.txt is a file at the website's root directory that tells web crawlers which pages can be crawled and which cannot, to avoid the website being overloaded with crawler requests.

In the robots.txt file, each link corresponds to a tool webpage.

But there's one exception: /apps/recovery cannot be accessed directly.

After a simple search, he discovered it has subpages:

recovery/domain_in_use
recovery/form
recovery/ownership

These subpages can all accept multiple URL parameters, for example:

recovery/domain_in_use?visit_id=xxx&user=xxx&domain=xxx&email=xxx

If you enter this continue redirect link:

https://toolbox.googleapps.com/apps/recovery/ownership?domain=example.com&email=email@example.com&case=45500368&continue=/apps/recovery/...

This link contains the parameter domain=example.com, and note there's also a continue=/apps/recovery/... parameter.

Entering this continue redirect link gives a prompt:

Here's where the problem was discovered - the CONTINUE button's link actually comes from the continue parameter!

Matan tested it by injecting JavaScript code: .../continue=javascript:alert(document.domain)

Successfully executed ✅

This website has no CSP security policy and no protective measures, so it can fetch resources from any external source.

He continued trying to load an external malicious script that retrieves the user's IP address:

.../continue=javascript:fetch(%27https://api.ipify.org?format=json%27).then(response=%3Eresponse.text()).then(data=%3E{alert(data);%20})

Also successfully executed ✅

At this point, the XSS vulnerability was confirmed.

Let's review XSS knowledge:

XSS (Cross-Site Scripting), cross-site scripting attack, occurs when validation is not properly done, trusting user input and accepting malicious input from attackers (usually JavaScript code), causing that malicious input to execute on other users' pages. XSS is generally divided into three types:

  1. Stored: Malicious input is permanently stored in the backend service. Whenever users open the website and retrieve that malicious input, the browser executes it.
  2. Reflected: Malicious input is embedded in URLs or other inputs and immediately forwarded by the backend. As long as users visit the crafted URL, the browser executes it.
  3. DOM-based: Attackers manipulate the user's DOM structure to execute malicious code.

Matan's example above is a typical reflected XSS.

But this XSS is so basic that even Matan himself found it hard to believe, especially since Google's technology is famously good in the industry.

However, Google habitually uses their own frameworks, and when these frameworks don't implement proper security policies, product failures are inevitable.

Can Zed Beat VS Code?

· 3 min read

Let me start with the conclusion: No.

Zed, yet another new text/code editor.

👉 https://zed.dev

It officially went open source on January 24th this year. In less than three months, it has already reached 30k stars on GitHub.

As Zed's slogan says: "Code at the speed of thought".

From actual experience, Zed is indeed smoother than VS Code.

⬇️ Zed

⬇️ VS Code

The official website also provides typing performance comparison:

To input the letter z and display it on screen, Zed only needs 58 milliseconds, while VS Code needs 97 milliseconds.

Zed is 1.4 times faster than VS Code.

In terms of input performance, Zed wins.

The second core feature Zed promotes is multi-user collaborative programming.

To be honest, I can't think of good practical use cases for this feature yet.


So far, Zed is merely a decent text editor.

You could even say Zed hasn't made any substantial breakthroughs - it's a self-indulgent product.

Zed's advertised high performance doesn't represent a quantum leap, making it hard to impress users.

The gap between "58 milliseconds" and "97 milliseconds" isn't that significant.

Any actual developer knows that the bottleneck in programming isn't typing speed.

As for multi-user collaboration, this scenario currently seems unfriendly.

For document collaboration, domestic products like Feishu Docs and Tencent Docs are leaders that would crush Zed.

For code collaboration, Git is obviously the mainstream solution.


Zed is too young. It hasn't even implemented basic markdown preview yet.

VS Code set the standard with its open-source, plugin-based ecosystem that attracted a massive following.

While Zed also has a plugin mechanism, how many contributors can we expect?

The book "Rework" mentions that people who fail in their first startup have the same probability of failing in their second.

Zed's team previously made the Atom editor, and now Atom exists in name only.

The team failed with Atom, and their comeback with Zed still isn't enough.

Zed will likely capture a portion of users, but won't become a domain success.


How can Zed break through? The most important thing is to go with the flow.

Think about VS Code's timing: the prosperity of the internet drove open-source development, Eclipse was outdated, JetBrains was expensive, frontend specialization was emerging and urgently needed lightweight editors - these were all momentum for VS Code.

Currently, Zed's best momentum is obviously the AI direction.

But Zed clearly lacks sufficient support, only having Copilot code completion and Chat capabilities.

VS Code not only has these features but implements them more comprehensively.

The Zed team should think about what kind of editor they want to make that adapts to the current AI trend and creates new opportunities.

If they continue to be satisfied with insignificant performance improvements and vertical collaboration, continuing to compete in vertical tracks, then I wish them luck.

Guide to 100% Maximizing GitHub Copilot

· 5 min read

Long before OpenAI launched ChatGPT, OpenAI had already partnered with GitHub to launch GitHub Copilot.

Hereinafter referred to as Copilot

Copilot caused a sensation in the programming community at that time.

The radical claim back then was: Copilot will replace programmers.

Three years later, calm down - Copilot hasn't replaced programmers as hoped.

Instead, it's a powerful assistant that improves efficiency. Mastering it can multiply your programming efficiency.

Copilot Pricing

Domestic developers are relatively price-sensitive.

Copilot officially offers two subscription types: Individual and Team.

Let's skip the team version - if you have company support, you don't need to worry about this.

Individual pricing comes in two options:

  1. Monthly subscription, $10 per month, ¥72.37 RMB
  2. Annual subscription, $100 per year, ¥723.7 RMB

The individual version includes a 30-day free trial period, so you can try it first.

GitHub is quite friendly - it supports domestic credit card payment, including China Merchants Bank, GuangFa Bank, China Construction Bank, etc.

For unofficial channels like Taobao or uTools plugins, they might be unstable but are cheaper.

Copilot Family Suite

Using Copilot is simple - install the corresponding plugin in VSCode/JetBrains, then log in with your GitHub account.

👉 VSCode: https://marketplace.visualstudio.com/items?itemName=GitHub.copilot 👉 JetBrains: https://plugins.jetbrains.com/plugin/17718-github-copilot

After installation, when typing code, Copilot will automatically suggest code. Press Tab to complete.

JetBrains' Copilot plugin integration provides sidebar Chat functionality:

For VSCode users, to enable sidebar Chat functionality, you need to install the additional Copilot Chat plugin:

After installation, the sidebar menu will have a new "Chat" option, with a chat interface like ChatGPT:

VSCode is indeed a bit more troublesome, but has an advantage.

New Copilot features will be launched on VSCode first, like Copilot Voice.

Install this plugin in VSCode 👇 to experience voice programming.

Although it currently only supports English, multilingual support will surely come soon.

Speech to text in Visual Studio Code Chat

Even with English-only support, I believe Chinese developers who've been learning English since childhood have excellent English skills.

Copilot Code Completion

Besides Copilot's automatic triggering, we can also use Option + \ to manually trigger code completion.

Windows: Alt + \

Although the manual shortcut is rarely used, it's useful for testing Copilot during network fluctuations.

After triggering code completion, pressing Tab accepts all the code, but sometimes we only need partial completion.

You can use Command + → to accept completion code step by step:

Windows: Ctrl + →

If you're not satisfied with the current completion, you can press Option + ] or Option + [ to switch to the next or previous completion:

Windows: Alt + ] or Alt + [

For VSCode, press Command + I to invoke Copilot Editor in code:

Windows: Ctrl + I

Using Copilot Chat

Copilot Chat is like having GPT-4 directly in your editor, allowing quick Q&A about project issues:

For JetBrains IDEs, you need to right-click on files to show references:

JetBrains IDEs are currently clumsy, requiring manual right-clicking to specify files and referencing entire files.

VSCode doesn't need explicit specification - it automatically determines whether to reference the entire file or just the selected portion:

Some Small Joys with Copilot

Let me mention some of Copilot's nice-to-have features, like directly generating Commit Messages:

Generating Git Commits is really convenient - it detects all file changes and generates appropriate messages.

Another feature is variable renaming, though it's currently unstable, so I'll skip it for now.

Copilot CLI

Copilot CLI is now fully available, allowing you to use Copilot in the command line.

For example, we can ask Copilot to explain what the sudo apt-get command means:

However, CLI is still quite dumb. It's better to use Warp's AI features, as mentioned in my previous article 👉

Beautiful, Functional + Free AI-Powered Terminal Tool: Recommending Warp!

Three Developers Supporting One Trillion Active Uses

· 2 min read

For many developers, SQLite is certainly familiar.

We know it's powerful, but didn't expect it to be THIS powerful.

SQLite currently has over one trillion (1e121e12) active uses.

It's mainly used in:

PlatformContains SQLite
Mobile DevicesEvery Android device, every iPhone and iOS device
ComputersEvery Mac, every Windows 10 machine
Web BrowsersEvery Firefox, Chrome, and Safari web browser
Communication AppsEvery Skype instance
Media AppsEvery iTunes instance, every Dropbox client
Financial SoftwareEvery TurboTax and QuickBooks
Programming LanguagesPHP and Python
Home EntertainmentMost televisions and set-top boxes
AutomobilesMost automotive multimedia systems
OthersCountless millions of other applications

👉 Table source: https://www.sqlite.org/mostdeployed.html

And SQLite's entire development team? Just three people:

👉 Image source: https://www.sqlite.org/crew.html

  • D. Richard Hipp: Started the SQLite project on May 29, 2000 and continues as the project architect. Richard was born in, lives in, and works in Charlotte, North Carolina. He holds a Master's degree in Electrical Engineering from Georgia Tech (1984) and a Ph.D. from Duke University (1992), and is the founder of the consulting firm Hwaci.
  • Dan Kennedy: An Australian currently living in Southeast Asia. He holds a degree in Computer Systems Engineering from the University of Queensland and has worked in various fields including industrial automation, computer graphics, and embedded software development. Dan has been a major contributor to SQLite since 2002.
  • Joe Mistachkin (pronounced "miss-tash-kin"): A software engineer and one of the maintainers of Tcl/Tk. He is also the author of the TclBridge component and the Eagle scripting language. He has been in the software industry since 1994.

Another interesting fact is that SQLite doesn't accept any external code contributions.

In other words, SQLite is open source but not open to code contributions.

This is mentioned in SQLite's copyright statement:

👉 Image source: https://www.sqlite.org/copyright.html

Many times, we can't help but marvel at the marginal cost of software.

One piece of code can be distributed to ten people, or to one billion people.

Three developers supporting one trillion active uses.

The value created by SQLite is unparalleled. Technology changes the world.

REFERENCES

Beautiful, Functional + Free AI-Powered Terminal Tool: Recommending Warp

· 2 min read

Recently, Warp has gained quite a reputation, with many people recommending this terminal tool, so I decided to download and try it out.

After several days of in-depth experience, the conclusion is that it can indeed replace my previous iTerm.

Warp has good aesthetics, looks comfortable, and satisfies the fancy requirements of frontend engineers.

There are multiple themes to choose from:

Warp directly provides command prompt functionality, without the hassle required with iTerm:

The best feature, of course, is the AI capability. You can open "Warp AI" in the upper right corner. If you forget a command, you can chat directly:

For Free users, you get 20 free queries per day, which is sufficient for personal use:

Warp also provides "Warp Drive", which allows you to save and share commands within your team:

Currently, Warp only supports Mac and Linux, but Windows support is coming soon:

If you think Warp looks good, give it a try: 👉 URL: https://app.warp.dev/referral/Q9ZVGQ

How to Run Windows on Mac Without Spending a Penny (M1/M2 Version)

· 2 min read

Here's the effect of experiencing the latest Windows 11 on MacOS M1:

VMware Fusion can run Windows and Linux systems, with a free license for personal use.

Installation guide here 👉 https://zhuanlan.zhihu.com/p/452412091

From applying for a Fusion license to downloading images, to installation pitfalls.

This article explains everything in great detail.


Fusion has excellent support for Windows 11, but doesn't support other versions.

Here I recommend UTM. This is UTM running Windows 7:

UTM is also a free virtual system software.

Official website 👉 https://mac.getutm.app

Note: UTM can be downloaded directly from the official website

But downloading from the App Store requires payment. If you want to support UTM, you can choose to pay for the download.


UTM installation is quite simple.

First download the desired image. Images can be downloaded from MSDN 👉 https://msdn.itellyou.cn

Then download the corresponding configuration file from UTM https://mac.getutm.app/gallery/

After downloading, you'll get a file with .utm extension, then open that file.

After opening, you need to change the system image path.

In the upper right corner, change it to the corresponding downloaded system image:

After changing, restart and you're done!

Save Your VSCode, Try This Beautiful Code Font

· 2 min read

Monaspace, an open-source code font by GitHub, is a monospace code font family containing 5 variable fonts with stunning aesthetics ++.

These 5 fonts are:

1️⃣ Radon Handwriting Style Font

2️⃣ Krypton Mechanical Style Font

3️⃣ Xenon Serif Style Font

4️⃣ Argon Humanist Style Font

5️⃣ Neon Modern Style Font

👉 Project Repository: https://github.com/githubnext/monaspace?tab=readme-ov-file#coding-ligatures

Download Instructions

MacOS

Install using brew:

brew tap homebrew/cask-fonts
brew install font-monaspace

Windows

Download the files from: https://github.com/githubnext/monaspace/tree/main/fonts/otf

Drag them to C:\Windows\Fonts and click install.

After downloading, if you're using VSCode, you can find font-family in settings and change it to: 'Monaspace Radon', monospace

Using AI as a Multiplier: Creating a Year of the Dragon Greeting Card Mini-Program

· 5 min read

The emergence of AIGC at the end of 2022 made 2023 the first year of Artificial General Intelligence.

This is the best of times. With AI, things that previously existed only in imagination can become reality.

With just a few words, you can create a colorful painting - a realistic and rich painting.

Currently, there aren't many large models for AI image generation. The famous Midjourney is closed-source and inconvenient for domestic users.

Stable Diffusion, a free, open-source, and powerful AI image generation model, is becoming the darling of AI art.

For example, this New Year celebration image was created by Stable Diffusion:

Stable Diffusion supports text-to-image (generating images from text prompts), image-to-image (generating images from base images + text prompts), text-to-video, and video-to-video.

Here's an example of image-to-image, generating a realistic apple image (right) from a hand-drawn base image (left):

And here's the AI transformation video that was popular on TikTok recently:

To explore the boundaries of Stable Diffusion's imagination, as the Year of the Dragon approached, we decided to develop a Dragon Year greeting card mini-program. Here's the effect:

We chose an open-source framework called Comfy UI, which uses workflow-based interactions to make Stable Diffusion arrangement and image generation more convenient and efficient:

Comfy UI officially describes itself as: "The most powerful graphical interface for Stable Diffusion"

👉 Official link: https://github.com/comfyanonymous/ComfyUI

Despite having Comfy UI's support, we hit a wall from the start - unable to generate text, as shown:

The left image "Happy Dragon Year" (龙年大吉) is the base image we input to Stable Diffusion, and the right is the generated image based on the base image and prompts.

As you can see, the text is completely chaotic.

Even the mighty Midjourney can't solve this pain point, due to the special nature of text.

Take Chinese characters for example - there are seal script, clerical script, regular script, running script, cursive script, etc., with arrangements from left to right, right to left, top to bottom, etc.

Another solution approach is to use text as one of the base images, like this "Happy Dragon Year" image:

Generation result:

This approach seemed workable, but we quickly ran into trouble. For slightly complex characters, the generation effect was poor, like "甲辰臻祥" (Auspicious Year of Jiachen):

To solve this problem, given time constraints, we had to make changes at the product level. The greeting card image consists of template + main image, with templates pre-made and main images generated by AI without text:

Another issue is with complex content involving people, like hands and faces. The generation effect is poor, as shown in this little girl's hands:

There are several solutions:

  1. Choose an appropriate Stable Diffusion model
  2. Use plugins for hand and face correction
  3. Add negative prompts

With the above exploration, we finally began our multiplication journey.

First, we selected New Year elements like dragons, the God of Wealth, lanterns, cranes, etc.

Second, styles - we explored over ten styles generated by Stable Diffusion:

Stable Diffusion is rock solid, mastering all styles.

Through Element×StyleElement \times Style, we generated corresponding style images for each element.

The power of multiplication is self-evident. In just a few weeks, we generated over ten thousand images for the greeting card mini-program.

Before AIGC, this was absolutely impossible. All we could do was addition, and we'd need professional designers.

Assuming a designer creates one image in 5 minutes, ten thousand images would take at least 34 days working non-stop:

10000×5÷60÷24=34.722222222210000 \times 5 \div 60 \div 24 = 34.7222222222

This kind of labor and time cost was instantly reduced by AI.

AI is still in its early stages. I believe as time goes on, AI capabilities will become stronger and application scenarios will expand. Let's wait and see.

The mini-program has officially launched with a festive name: "Hua Nian" (Draw Year)

Simple operation - choose a template you like and generate with one click:

If you're not satisfied, you can adjust the image or blessing message:

If you need New Year greeting cards, feel free to try this mini-program. It's currently free to use.

ChatGPT Founder Sam Altman's Secrets to Effective Productivity

· 5 min read

This is a blog post written by ChatGPT founder Sam Altman in 2018, offering effective advice on how to improve productivity.

What Are You Doing?

The Essence of Long-termism is the Compound Interest Formula

Compound interest is a financial term, but it also applies to personal careers. If you produce output every day, your compound returns after 50 years will be enormous. Improving your productivity is extremely important - increasing from 1% to 10% daily improvement will make compound returns even greater.

See the compound interest formula at 👉 The Essence of Long-termism is the Compound Interest Formula

The Core of Improving Productivity: Do What You Love

Moving forward in the wrong direction is moving backward. Take time to think deeply about what you love to do. Only things you're passionate about can truly improve your productivity.

Delegate What You Don't Like to People Who Do

Doing what you love multiplies your efficiency, but for things you don't like, try not to do them - delegate, avoid, or find other ways. When delegating, make sure to delegate to people who enjoy doing those things, because based on the principle that "doing what you love improves efficiency," the delegate should also be able to complete the task efficiently.

Stick to Your Convictions

What has left a deep impression on me over the years are people with strong convictions - such people are rare in the general population. If you find yourself always agreeing with others, that's not a good thing. Stick to your convictions. Sometimes you might be wrong, but when others are confused and you do what's right and important, you'll become more brave and extraordinary.

Avoid People Who Drain You

To accomplish something great, you should strive to be around smart, positive, productive, and cheerful people who won't casually belittle your ideals and ambitions, who can push you forward and bring you inspiration. Within your ability, avoid being with people who drag you into mental exhaustion - otherwise the cost will be enormous.

Find the Right Problems and Solve Them

We're basically all in red ocean industries with fierce competition. What we need to do is work smartly and diligently, find the right problems and solve them correctly. There aren't many shortcuts here.

Priorities

Three Basic Principles

  1. Get important things done
  2. Don't waste time on BS
  3. Make lots of lists

Strongly Recommend Using Lists

Write down annual, monthly, and daily tasks in lists. Lists help you focus on current tasks and allow you to handle multiple tasks (because your brain is freed up from having to remember so many tasks).

You can write lists on paper for easy addition and removal, and taking notes during meetings won't offend others.

Review lists frequently, modify or delete tasks promptly. Don't waste time on categorizing and sorting - just mark important things with a "⭐️".

Prioritize Things That Build Momentum

Prioritize things that can generate "momentum" - when you complete one thing and feel accomplished, you continue to the next.

Learn to Be Ruthless

"To complete my most important projects, I become tough and ruthless - I've found that if I really want something to happen and I push hard enough, it usually happens."

I am relentless about getting my most important projects done—I've found that if I really want something to happen and I push hard enough, it usually happens.

"I try to be ruthless, saying no to irrelevant things, and implementing non-critical tasks in the fastest way possible. I probably take this too far—for example, I am almost sure I am terse to the point of rudeness when replying to emails."

"I try to be ruthless about saying no to stuff, and doing non-critical things in the quickest way possible. I probably take this too far—for example, I am almost sure I am terse to the point of rudeness when replying to emails."

Maintain an Open Social Network

Try to avoid meetings and conferences as they waste lots of time and energy. But keep some openness in your schedule to meet new people and ideas - maintaining an open social network is important. At conferences, while 90% is wasted time, the 10% that's valuable can make up for the loss.

Physical Aspects

This section covers sleep, exercise, and nutrition. Some are clichés, and Sam is an extreme vegetarian, so I'll skip this part. See the original text if interested.

Other Aspects

Comfortable Office Environment

An office that's quiet without interruptions, with natural light and a beautiful desk, plus multiple 4K monitors.

Some Tips

  • Write custom tools to handle annoying, repetitive tasks
  • Improve typing speed
  • Learn keyboard shortcuts

The Terrible "Period"

Like many people, occasionally there are one or two weeks of lost motivation, with no interest in anything.

There's no good solution yet, but believe that the "period" will always pass, and afterward you'll be energetic again to continue fighting.

Also, when in a bad mood, avoid contact with others - this is sincere advice.

Value Your Loved Ones and Family

Don't ignore your loved ones and family for the sake of efficiency - you've improved efficiency but lost happiness.

Finally

Sam's views on improving efficiency are worth considering, and he also emphasizes: Don't fall into the efficiency trap - improving efficiency isn't the goal, our goal is to complete tasks quickly and with quality.

10 Ways for Programmers to Improve Efficiency

· 6 min read

1. No Meetings in the Morning 📅

Everyone has 24 hours in a day, time is equal, but the value of time is not equal. One hour in the morning is worth 4 times that of the evening. Why?

Because morning is the golden time for the brain. After a night's sleep, the brain has been organized, recorded, and rested. Its state is at its fullest, suitable for high-concentration work like programming and learning foreign languages. If we waste time on low-concentration activities like meetings or scrolling through phones, we waste the value of the morning.

2. Don't Use the Pomodoro Technique 🍅

Sometimes when programming intently, we enter a "flow state" - a state of high concentration. When our focused state is broken, it takes 15 minutes to re-enter that state.

Many people recommend the Pomodoro Technique - setting a 25-minute countdown, forcing a 5-minute break, then entering the next Pomodoro. In my actual use of this method, I often encounter the problem of just entering the "flow" focused state when the Pomodoro timer rings, breaking concentration. It takes another 15 minutes to re-enter this focused state.

A good alternative is using a stopwatch. Like the Pomodoro, it visualizes time but counts forward, not breaking our "flow". When our programming concentration decreases, we can check the stopwatch to determine our break time.

3. Don't Use Your Phone During Breaks 📱

The brain needs to use 90% of its capacity to process visual information, and flickering screens excite the brain. This is why we still feel tired when returning to work despite having rested.

During break time, we should block visual information input. Recommendations:

  • Close your eyes and rest 😪
  • Listen to music 🎶
  • Walk around the office 🏃‍♂️
  • Chat with colleagues 💑
  • Stretch your neck 💁‍♂️
  • Meditate or practice mindfulness 🧘

4. Don't Eat Lunch at Your Desk 🥣

After a morning of intensive programming, the brain's concentration has dropped by 40%-50%. At this time, we need to restart our concentration. A good method is eating out. Benefits of eating out include:

  • Promoting serotonin secretion: Serotonin is a neurotransmitter that controls our sleep and wakefulness. Eating out can restore our serotonin, making us refreshed:
    • Sunbathing: Sun exposure while out promotes serotonin secretion
    • Rhythmic exercise: Walking is rhythmic exercise that also promotes serotonin secretion
  • Activating place neurons: Place neurons control location and space, existing in the hippocampus. Changing locations when eating out activates place neurons, promoting hippocampus activity and improving memory
  • Activating acetylcholine: Going to new restaurants, streets, and trying new things activates acetylcholine, which plays a huge role in "creation" and "inspiration"

5. Take a Nap 😴

Science has shown that napping is very important. It can:

  • Restore our physical state: A 26-minute nap can increase afternoon work efficiency by 34% and concentration by 54%
  • Extend lifespan: People who don't nap are more likely to die earlier than those who do
  • Prevent diseases: Reduces Alzheimer's, cancer, cardiovascular disease, obesity, diabetes, depression, etc.

Napping has many benefits, but should be appropriate - 15 to 30 minutes is optimal. More than that can be harmful.

6. Exercise Before Afternoon Work 🚴

2-4 PM is when people are least alert. 10 minutes of exercise can re-awaken our bodies and improve concentration. For programmers with limited workspace, recommendations:

  • 1️⃣ Squats
  • 2️⃣ Push-ups
  • 3️⃣ Jumping jacks
  • 4️⃣ Climb stairs (don't go down - it's hard on knees. Climb to the top floor, then take the elevator down)

7. 2-Minute Rule and 30-Second Decision 🖖

⚒️ 2-Minute Rule means if something can be completed within 2 minutes, strike while the iron is hot and complete it. This is a trick to solve procrastination. As programmers, we often encounter various unexpected problems. For some issues, we can't decide whether to complete them immediately. The 2-minute rule is a good auxiliary decision-making method.

💣 30-Second Decision means for daily matters, we only need 30 seconds to make decisions. This comes from "speed chess theory" - researchers had a famous chess player observe a game, then gave him 30 seconds and 1 hour respectively to decide the next move. They found 90% of decisions made in 30 seconds and 1 hour were identical.

8. Don't Work Overtime, Get Enough Sleep 💤

As programmers, we might often work overtime until 9 PM, get home at 10:30, shower and get to bed by midnight, then play with our phones until 2-3 AM.

Compressing sleep time means the brain doesn't get effective rest, reducing next day's concentration and work efficiency - creating a vicious cycle.

Think about our daytime work - much time is wasted ineffectively. If we force ourselves to set leaving time, innovate and change work methods, complete work with high efficiency, quality, and density, couldn't we reduce overtime, have more free time to learn new knowledge and technology, thereby improving our work efficiency and creating a positive cycle?

9. 2 Hours Before Bed 🛌

  1. Things not to do 2 hours before bed:
    • 🍲 Eating: Empty stomach promotes growth hormone, which increases blood sugar and eliminates fatigue. But eating raises blood sugar, stopping growth hormone secretion
    • 🥃 Drinking alcohol
    • ⛹️ Intense exercise
    • 💦 Hot baths
    • 🎮 Visual entertainment (gaming, movies, etc.)
    • 📺 Bright things (phones, computers, TV)
    • 💡 Being in overly bright places
  2. Things suitable to do:
    • 📖 Reading
    • 🎶 Listening to music
    • 🎨 Non-visual entertainment
    • 🧘‍♂️ Light exercise that relaxes the body

10. Don't Deliberately Sleep In on Weekends 🚫

Many people rest on a weekly basis, compressing sleep Monday to Friday, then catching up on weekends, sleeping until noon on Saturday and Sunday. But this conflicts with workday sleep rhythms, resulting in feeling particularly tired and anxious on Monday mornings.

Actually, weekends don't need catch-up sleep. The human body has a daily biological clock. Breaking the current biological clock cycle affects the next cycle, and readjustment takes time.

We should rest on a daily basis, go to bed early and wake up early, maintaining daily concentration.

References

Most of the above comes from the book "Why All Elites Are Time Controllers" by Shion Kabasawa, a neuroscientist.