Not a huge fan of this. I distinctly do not want:

• To be tied to Proton if they really fuck up. I use my own domains that are portable. I use Proton Pass aliases for throw away accounts I could go without.
• To not be able to secure my accounts with separate emails/usernames and long distinct passwords (or better yet passkeys) for each service. I don’t use Proton Pass for password management.
• To provide data points linking my online activities by not using separate emails/usernames.

I haven’t made a keyboard in awhile but anything that supports QMK (or whatever is new and shiny today) should be able to support this.

QMK and the like are custom firmware so you can pretty much code up whatever feature you need.

If you are looking for a pre-built, I know my Tofu65 supports QMK from https://kbdfans.com/.

QMK is written in C but they do have a no code tool I used for my Tofu65: https://config.qmk.fm/#/.

If the tool doesn’t cover your use case and you are able to do a little C, these sections are good starting points for layers (what you call modes) and cursor keys.

https://docs.qmk.fm/feature_layers

https://docs.qmk.fm/features/mouse_keys

My work laptop is a Dell Precision. It was a “data science” model that came with Ubuntu. Wiped Dell’s modified Ubuntu and put vanilla Ubuntu on it and now running Nixos. Works great. There was a weird period when using triple monitors with their dock had an intermittent issue on boot where resolutions and monitors were not being detected. Cause was Nvidia drivers. It eventually got resolved and it was easy enough to rollback the drivers to one that worked.

1. Install nix.
2. nix profile install nixpkgs#vscodium
3. nix profile upgrade ‘.*’

Won’t auto update but you could add the upgrade command to a login script or something.

Won’t lie, nix has a high learning curve to get the most out of it, but installing a single app is pretty simple.

It was really good. Seeing Logan and Loki (series) would help follow the plot some if you haven’t seen either but I didn’t feel it was hard requirement. There are throwbacks to past Fox superhero movies, but they didn’t add critical plot points.

Lots of 4th wall breaking including ripping into Disney, Fox, and the post Endgame downward spiral of MCU.

I open the conversation with “Jmp.chat bot” in Cheogram. That particular conversation has two tabs, conversation or commands. On the commands tab I have “Buy account credit by…”.

Most startups I’ve applied to are Linux friendly.

I currently work for a fortune 100 and managed to get a Linux machine purchased as a “lab” machine.

I’m fully in control. IT doesn’t even know it exists. I’m not allowed on the corporate network, but I managed to get some internal corporate access through another department’s lab network (IT sanctioned) that has a VPN with a few routes to things like ticketing, time cards, and our internal wiki. Most of the stuff I need to do my job is in AWS and we are allowed to add home IPs to the security groups.

IT still gives me a MacBook. I use it like once every 6 months.

nixos-unstable is the only thing I will use currently.

I’m running bleeding edge stuff like the latest kernel, Hyprland nightly, my own “shell” built from Gnome components and lots of custom stuff using GJS (Gnome JavaScript).

If you get one, and you are free to do whatever on it, encrypt your drives like your job depends on it. I have a memorized passphrase, pin protected hardware key, and a key in TPM. No biometrics.

As far as other nice things to have:

• VPN: https://www.infradead.org/openconnect/ supports some common enterprise VPNs.
• Communication tools (Teams, WebEx, Zoom, Slack, etc.). I tend to have access to 90% of what I need. My team is thankfully accommodating for the couple features I have issues with. Make sure you test things like Screen Sharing especially in Wayland if you use it.
• VM: If you can get a corporate licensed image to run a corporate licensed version of Office, I recommend it. Office365 for web is missing a few features and often renders differently from native.
• Password Manager and encrypt everything. System is encrypted as previously stated. My home volume (BTRFS) is encrypted with a different key/passphrase. My work’s sensitive files are encrypted yet again using rclone with different keys. I try to minimize attack surfaces by unlocking only what I need when I need it.
• Backups. I use rclone to backup to our corporate OneDrive. Nixos is immutable and I have it setup with impermanence where every reboot is like a fresh install if I didn’t codify it my nixos-config which is tracked in git. I persist a few cache and setting directories in my home directory, but not much. I can restore my setup in like 20 minutes if I ever lost my machine.
• Virtual mic and camera for noise suppression and blurring for communication tools that don’t have it built in.
• Evolution EWS works okay as an Exchange email client. I had to hunt some weird settings like tenant ID to get it to work. I’ve been using Webmail or Outlook in a VM more often though as of late.

I work in software dev as FYI. For the few issues I have, my team has more issues getting stuff working consistently on macOS for our project. I used that as a justification when requesting the laptop: my dev environment should closely match our runtime environment. Most of that is moot now since we use Nix flakes in our repos for local dev envs.

https://github.com/newhinton/Round-Sync. Not in any app store and have to download and install from GitHub.

It is an Android wrapper around rsync.

Setup a remote, setup tasks, and setup triggers. Mine syncs every night. It supports encrypting with your own keys. Large number of remotes supported from self-hosted to cloud.

Looks good to me. Interface to Dest Ports are your match conditions. NAT IP/Port are the translations performed on each packet matched inbound and the Dest.

Traffic going the other way reverses this operation on the Src instead of destination.

That’s an over simplification of NAT, but for basic port forwarding the general principal holds.

They can modify the DNS packets still. They aren’t encrypted or signed so the authenticity of a response packet cannot be verified. Parental controls from ISP relay on being able to snoop and modify your DNS (and SNI from TLS ClientHello packets).

https://www.goodreads.com/book/show/1098624.When_I_Say_No_I_Feel_Guilty

Its dated and probably misogynistic given the period, but when I did read it many many years ago, the broken record technique is probably the one thing I do remember. It also had some role play dialog for how others may try and break the loop. I found it helpful at the time.

I think I read/heard something similar in one of the Love and Logic parenting books/ebooks. “Maybe so, but <repeat assertion>” comes to mind. Acknowledge the statement that attempts to break the loop, don’t add any new information, and repeat the assertion.

Immutable Nixos. My entire server deployment from partitioning to config is stored in git on all my machines.

Every time I boot all runtime changes are “wiped”, which is really just BTRFS subvolume swapping.

Persistence is possible, but I’m forced to deal with it otherwise it will get wiped on boot.

I use LVM for mirrored volumes for local redundancy.

My persisted volumes are backed up automatically to B2 Backblaze using rclone. I don’t backup everything. Stuff I can download again are skipped for example. I don’t have anything currently that requires putting a process in “maint mode” like a database getting corrupt if I backup while its being written to. When I did, I’d either script gracefully shutting down the process or use any export functionality if the process supported it.

Don’t Look Up!

I use rclone and the Round Sync Android client.

Supports a ton of back ends, self hosted, and commercial options. You can transparently encrypt with private keys you control.

I personally use B2 Backblaze for storage.

My phone backs up every night and Round Sync pushes them to B2. On my desktop I can mount as a volume. I can also access my storage from my phone going the other direction.

I’ve done the same using SFTP if I don’t want the overhead of persistent file storage.

It does not support indexing or previews for searching or finding say a photo. You can put whatever you want for data. So I have caches, indexes, and thumbnails that work in Linux. I can’t really make use of those on my phone though.

Rclones bisync feature is also a bit dangerous when I tried to use it a year ago. I more than once “deleted” everything. B2 doesn’t delete by default, just hides, so I was able to recover. I now do unidirectional syncs from my machines to different buckets until I’m motivated to investigate a proper 3-way merge solution.

Pre-COVID I used to find software dev meetups. I found this patent law firm that did Haskell meetups once a month with beer and pizza. I guess they wrote custom software to analyze patents as I was surprised this was coming out of a law firm. Learned a lot and job openings were discussed by various members from other companies.

This is news to me. That said, I’m usually one generation behind but upgrade every 2 years as my phone is usually EOL for software updates by the end of the period. I try to time it so I can get a replacement paid outright at mid-range prices.

With the Pixel 8 introducing extended software support, I’ll have to dig more into this.

I’m on Graphene. Mullvad is only 1% for me with 16h30min since last on a charge. I’m at 56% with 1h30m screen time.

I used GPS as I did some driving with maps and my music app accounting for 29% of my battery usage.

I throw my phone on the charger at night figuring battery tech and software management is good enough.

Are you WiFi or mobile? I get shitty mobile service so if I’m off WiFi my battery tends to go to shit. The VPN usually accounts for more as I assume it keeps reconnecting.

Has not worked for me in ages on Graphene. Same issue. It quits right away. Even tried messing with the hardened malloc and it was no go. Been a pain trying to use Zelle or deposit checks. Other than a handful of core apps I just use the web mostly at this point.