Not that anyone’s interested in this, but I thought about sharing more information about my setup and how it’s working for me, so here it is.
Note: This is a work in progress and things keeps changing all the time, so the information below is most likely outdated.
Hardware
Lenovo Thinkpad T480
I use a Thinkpad T480 running Fedora as my daily driver.
My current installation has a little more focus on security and privacy than previous iterations, so I spent a little more time setting up Secure Boot with my own keys, LVM on LUKS for full disk encryption, two-factor authentication during login with pamu2f + YubiKey (I also have a Ledger Nano S as a backup) and ufw firewall configuration that denies all traffic except for the ones I explicitly want. I also try to keep a VPN running at all times, but I’m still evolving this bit.
Things to improve
Translate my current setup to some configuration management tool, such as Ansible.
Monitors
| Model | Resolution | Position |
|---|---|---|
| Asus PA279CV | 3840x2160 | Landscape |
| Dell U2412M | 1920x1200 | Portrait |
It’s impossible for me to work with just the laptop built-in display.
I like to use the display in portrait position for reading articles and the other one for splitting between text editor, web browsers and terminal windows, all that arranged in different workspaces. I use a i3wm, a tiling window manager for simplifying the task of navigating between the different windows in different workspaces and displays with the keyboard.
Things to improve
One of my displays is full HD, and the other is 4k. I’ll replace my old Dell at some point.
ErgoDox EZ Keyboard
A few years back, I used a Macbook Pro as my work computer. I was one of the many users that were affected by the terrible build quality of the built-in “butterfly” keyboard, so I began considering using an external keyboard.
Regarding the ergonomics, one issue I had was occasional shoulder and wrist pain, which was most likely caused by the effort I had to make to keep my fingers lined up with the key rows while touch typing. Also, as an old Emacs user, other common cause of pain was the infamous Emacs pinky. I tried to do the usual change of mapping the Caps Lock key to Ctrl, to make the key easier to reach, but that only helped so much.
After some research, I decided to purchase myself a programmable split keyboard, and the one I chose was the ErgoDox EZ.
With ErgoDox EZ, I managed to move the Ctrl key to my thumbs, causing much less strain on my pinkies. I also heavily changed the default layout to fit my needs. To do that, I used WhatPulse for a while, in order to identify the most pressed keys and gradually changing the keyboard layout towards better ergonomics for my usage. Now I can type for hours straight without busting my arms and hands. You can check out my custom layout here.
The keyboard is built like a tank. It will probably outlive every other piece of hardware I have, so the high price tag is definitely worth it!
Things to improve
Nothing so far.
Kensington Orbit Trackball
By using an external keyboard, I had to start using an external pointing device. I used an old Microsoft mouse for a while before getting myself a Kensington Orbit trackball.
At first, I considered buying myself a Magic Trackpad 2 but one of these is way too expensive here in Brazil. In the end I decided to try a trackball, which is something I was curious about and wanted to try for quite some time.
This was a nice ergonomics improvement, as I don’t have to move my arm around in order to move the pointer. It took me a few weeks to regain the same precision I had when using a traditional mouse or trackpad device, but I feel much more comfortable now.
Things to improve
The Orbit build quality is also very good. The only downside for me was the scroll ring rubber cover, which sometimes gets in the way when spinning the scroll ring and builds up grease and dirt. I eventually removed the rubber, as you can see in the picture below.
If a nice trackpad wasn’t so damn expensive around here, I would give that a try.
Google Pixel 6a
My new phone is a Google Pixel 6a running GrapheneOS, that I wanted to try out after the introduction of the sandboxed Google services, which would supposedly make the OS more compatible with the apps I used, and so far everything is working nicely.
Things to improve
Nothing so far, I’ve been quite happy with my current setup.
YubiKey 5 NFC and Ledger Nano S
I use YubiKey as my main hardware token, and keep the Ledger Nano S in a safe place as a backup. I might buy myself another YubiKey in the future and keep the Ledger only for handling cryptocurrencies.
The YubiKey build quality is great. The performance is decent (much faster than in Leger Nano S), and I feel much safer using these devices than I felt when I had to rely on other methods for multi-factor verification. I also no longer have to keep private SSH and PGP keys available in my computer’s file system, and the U2F / WebAuthn support is great.
The PGP support in the Series 5 key is nice and enables me to use these devices for a lot of different things, such as authenticating to remote machines, signing/encrypting messages, managing passwords, etc.
Aside from the obvious usage scenarios, I also use the hardware tokens in my local machine as a second factor and for authenticating sudo.
Things to improve
The only thing I wish is for more services to properly support hardware tokens and standards like WebAuthn. There are still a lot of sensitive services that still rely on TOTP as second factor ~(like ProtonMail)~ and this drives me crazy.
Other Hardware
- Logitech C920 PRO HD webcam
- Bose QuietComfort 25 headphone
- Herman Miller Sayl office chair
Software
Window Manager
I use Sway as the window manager, which helps me spread editors, terminals, browsers and other apps across the different displays and navigate between them quickly without leaving the keyboard.
I’m still finishing to configure it. When I’m done, I’ll make the configuration repeatable with Ansible or some other tool.
Apart from Syncthing for syncing files across devices, I use restic to periodic backups and store them in encrypted form in a local SSD drive and in Amazon S3.
Things to improve
Nothing in particular, but I keep trying small changes to my workflow to see how that affects my productivity.
GrapheneOS
I use the same device both for work and my personal life. In order to separate the two, I use a separate Work profile for work-related apps.
For banking and other critical apps, I use separate user profiles.
To protect the traffic for the work and other critical user profiles, I configured an always-on VPN to ensure all traffic flows through an encrypted tunnel.
I don’t keep a Google account signed in this device.
Some of the apps I use and recommend: Aegis, AntennaPod, Bitwarden, Element, Etesync, Infinity, NewPipe, OsmAnd~, RHVoice, SaveTo…, Scrambled Exif, Shelter, Signal, Tasks.org, Tusky.
Things to improve
I’m currently trying new apps to see which ones stick.
VPN Services
Private Internet Access
PIA offers good trade-off between privacy, security and price, at least for my threat model. Before that I used Mullvad, which is awesome, but a bit too expensive for someone who doesn’t get paid in USD/EUR like me.
Self-Hosted Services
Syncthing
I started self-hosting Syncthing from an old Raspberry Pi for syncing files across devices. It’s surprising how well this works!