Not that anyone’s interested in this, but I thought about sharing more information about my setup and how it’s working for me, so here it is.
Note: This is a work in progress and things keeps changing all the time, so the information below is most likely outdated.
Hardware
Lenovo Thinkpad T480
I use a Thinkpad T480 running Fedora as my daily driver.
My current installation has a little more focus on security and privacy than previous iterations, so I spent a little more time setting up Secure Boot with my own keys, LVM on LUKS for full disk encryption, two-factor authentication during login with pamu2f + YubiKey (I also have a Ledger Nano S as a backup) and firewalld configuration that denies all traffic except for the ones I explicitly want. I also try to keep a VPN running at all times, but I’m still evolving this bit.
You can check out my current configuration here.
Monitors
| Model | Resolution | Position |
|---|---|---|
| Asus PA279CV | 3840x2160 | Landscape |
| Dell U2412M | 1920x1200 | Portrait |
It’s impossible for me to work with just the laptop built-in display.
I like to use the display in portrait position for reading articles and the other one for splitting between text editor, web browsers and terminal windows, all that arranged in different workspaces. I use a sway, a tiling window manager for simplifying the task of navigating between the different windows in different workspaces and displays with the keyboard.
Things to improve
One of my displays is full HD, and the other is 4k. I’ll replace my old Dell at some point.
ErgoDox EZ Keyboard
A few years back, I used a Macbook Pro as my work computer. I was one of the many users that were affected by the terrible build quality of the built-in “butterfly” keyboard, so I began considering using an external keyboard.
Regarding the ergonomics, one issue I had was occasional shoulder and wrist pain, which was most likely caused by the effort I had to make to keep my fingers lined up with the key rows while touch typing. Also, as an old Emacs user, other common cause of pain was the infamous Emacs pinky. I tried to do the usual change of mapping the Caps Lock key to Ctrl, to make the key easier to reach, but that only helped so much.
After some research, I decided to purchase myself a programmable split keyboard, and the one I chose was the ErgoDox EZ.
With ErgoDox EZ, I managed to move the Ctrl key to my thumbs, causing much less strain on my pinkies. I also heavily changed the default layout to fit my needs. To do that, I used WhatPulse for a while, in order to identify the most pressed keys and gradually changing the keyboard layout towards better ergonomics for my usage. Now I can type for hours straight without busting my arms and hands. You can check out my custom layout here.
The keyboard is built like a tank. It will probably outlive every other piece of hardware I have, so the high price tag is definitely worth it!
Things to improve
Nothing so far.
Kensington Orbit Trackball
By using an external keyboard, I had to start using an external pointing device. I used an old Microsoft mouse for a while before getting myself a Kensington Orbit trackball.
At first, I considered buying myself a Magic Trackpad 2 but one of these is way too expensive here in Brazil. In the end I decided to try a trackball, which is something I was curious about and wanted to try for quite some time.
This was a nice ergonomics improvement, as I don’t have to move my arm around in order to move the pointer. It took me a few weeks to regain the same precision I had when using a traditional mouse or trackpad device, but I feel much more comfortable now.
Things to improve
The Orbit build quality is also very good. The only downside for me was the scroll ring rubber cover, which sometimes gets in the way when spinning the scroll ring and builds up grease and dirt. I eventually removed the rubber, as you can see in the picture below.
If a nice trackpad wasn’t so damn expensive around here, I would give that a try.
iPhone
I used to run GrapheneOS in a Google Pixel 6a phone, but it died after less than 2 years of light/medium usage. It turns out that Pixel phones are still hit and miss in terms of hardware quality, so I decided to move to iPhone for the time being.
YubiKey 5 NFC and Ledger Nano S
I use YubiKey as my main hardware token, and keep the Ledger Nano S in a safe place as a backup. I might buy myself another YubiKey in the future and keep the Ledger only for handling cryptocurrencies.
The YubiKey build quality is great. The performance is decent (much faster than in Leger Nano S), and I feel much safer using these devices than I felt when I had to rely on other methods for multi-factor verification. I also no longer have to keep private SSH and PGP keys available in my computer’s file system, and the U2F / WebAuthn support is great.
The PGP support in the Series 5 key is nice and enables me to use these devices for a lot of different things, such as authenticating to remote machines, signing/encrypting messages, managing passwords, etc.
Aside from the obvious usage scenarios, I also use the hardware tokens in my local machine as a second factor and for authenticating sudo.
Things to improve
The only thing I wish is for more services to properly support hardware tokens and standards like WebAuthn. There are still a lot of sensitive services that still rely on TOTP as second factor (like ProtonMail) and this drives me crazy.
Other Hardware
- Logitech C920 PRO HD webcam
- Bose QuietComfort 25 headphone
- Herman Miller Sayl office chair
Software
Window Manager
I use Sway as the window manager, which helps me spread editors, terminals, browsers and other apps across the different displays and navigate between them quickly without leaving the keyboard.
Apart from Syncthing for syncing files across devices, I use restic to periodic backups and store them in encrypted form in a local SSD drive and in Amazon S3.
Things to improve
Nothing in particular, but I keep trying small changes to my workflow to see how that affects my productivity.
VPN Services
Proton VPN
I have a Proton Unlimited subscription, which grants me access to their VPN offering, which is pretty good.
Self-Hosted Services
Syncthing
I started self-hosting Syncthing from an old Raspberry Pi for syncing files across devices. It’s surprising how well this works!