OS: NixOS (high learning curve but its been worth it). Nix (the config language) is a functional programming language, so it can be difficult to grok. Documentation is shit as its evolved while maintaining backwards compatibility. If you use the new stuff (Nix Flakes) you have to figure what’s old and likely not applicable (channels or w/e).

BYOD: Just using LVM. All volumes are mirrored across several drives of different sizes. Some HDD volumes have an SSD cache layer on top (e.g., monero node). Some are just on an SSD (e.g., main system). No drive failures yet so can’t speak to how complex restoring is. All managed through NixOS with https://github.com/nix-community/disko.

I run stuff on a mix of OCI containers (podman or docker, default is podman which is what I use) and native NixOS containers which use systemd-nspawn.

The OS itself I don’t back up outside of mirroring. I run an immutable OS (every reboot is like a fresh install). I can redeploy from git so no need to backup. I have some persistent BTRFS volumes mounted where logs, caches, and state go. Don’t backup, but I swap the volume every boot and keep the last 30 days of volumes or a min of at least 10 for debugging.

I just use rclone for backups with some bash scripts. Devices back up to home lab which backs up to cloud (encrypted with my keys) all using rclone (RoundSync for phone).

Runs Arrs, Jellyfin, Monero node, Tor entry node, wireguard VPN (to get into network from remote), I2C, Mullvad VPN (default), Proton VPN (torrents with port forwarding use this), DNS (forced over VPN using DoT), PiHole in front of that, three of my WiFi vlans route through either Mulvad, I2C, or Tor. I’ll use TailsOS for anything sensitive. WiFi is just to get to I2C or Onion sites where I’m not worried about my device possibly leaking identity.

Its pretty low level. Everything is configured in NixOS. No GUIs. If its not configured in nix its wiped next reboot since the OS is immutable. All tracked in git including secrets using SOPS. Every device has its own master key setup on first install. I have a personal master key should I need to reinstall which is tracked outside of git in a password manager.

Took a solid month to get the initial setup done while learning NixOS. I had a very specific setup of LVM > LUKS encryption /w Secure Boot and Hardware Key > BTRFS. Overkill on security but I geek out on that stuff. Been stable but still tinkering with it a year later.

I’ve been screaming its just wage theft. My city provides tax breaks for occupancy (employees prop up the local economy buying lunch). They are making me pay for gas, time, and car maintenance (and lunch but fuck them, I’ll just not eat) for this tax break which goes to C-level bonuses/shareholders. Its just another way of skimming off the top of employee wages.

We worked fully remote for nearly 2 years and the hybrid policy just keeps getting worse and worse. Coupled with quarterly riffs, I also suspect this is to avoid severance pay/unemployment while accelerating the down sizing. Yet our CEO bonus keeps going up and up despite our stock plummeting since the end of COVID lock downs.

Same. Have it baked into my neovim setup.

I haven’t made a keyboard in awhile but anything that supports QMK (or whatever is new and shiny today) should be able to support this.

QMK and the like are custom firmware so you can pretty much code up whatever feature you need.

If you are looking for a pre-built, I know my Tofu65 supports QMK from https://kbdfans.com/.

QMK is written in C but they do have a no code tool I used for my Tofu65: https://config.qmk.fm/#/.

If the tool doesn’t cover your use case and you are able to do a little C, these sections are good starting points for layers (what you call modes) and cursor keys.

https://docs.qmk.fm/feature_layers

https://docs.qmk.fm/features/mouse_keys

1. Install nix.
2. nix profile install nixpkgs#vscodium
3. nix profile upgrade ‘.*’

Won’t auto update but you could add the upgrade command to a login script or something.

Won’t lie, nix has a high learning curve to get the most out of it, but installing a single app is pretty simple.

Most startups I’ve applied to are Linux friendly.

I currently work for a fortune 100 and managed to get a Linux machine purchased as a “lab” machine.

I’m fully in control. IT doesn’t even know it exists. I’m not allowed on the corporate network, but I managed to get some internal corporate access through another department’s lab network (IT sanctioned) that has a VPN with a few routes to things like ticketing, time cards, and our internal wiki. Most of the stuff I need to do my job is in AWS and we are allowed to add home IPs to the security groups.

IT still gives me a MacBook. I use it like once every 6 months.

nixos-unstable is the only thing I will use currently.

I’m running bleeding edge stuff like the latest kernel, Hyprland nightly, my own “shell” built from Gnome components and lots of custom stuff using GJS (Gnome JavaScript).

If you get one, and you are free to do whatever on it, encrypt your drives like your job depends on it. I have a memorized passphrase, pin protected hardware key, and a key in TPM. No biometrics.

As far as other nice things to have:

• VPN: https://www.infradead.org/openconnect/ supports some common enterprise VPNs.
• Communication tools (Teams, WebEx, Zoom, Slack, etc.). I tend to have access to 90% of what I need. My team is thankfully accommodating for the couple features I have issues with. Make sure you test things like Screen Sharing especially in Wayland if you use it.
• VM: If you can get a corporate licensed image to run a corporate licensed version of Office, I recommend it. Office365 for web is missing a few features and often renders differently from native.
• Password Manager and encrypt everything. System is encrypted as previously stated. My home volume (BTRFS) is encrypted with a different key/passphrase. My work’s sensitive files are encrypted yet again using rclone with different keys. I try to minimize attack surfaces by unlocking only what I need when I need it.
• Backups. I use rclone to backup to our corporate OneDrive. Nixos is immutable and I have it setup with impermanence where every reboot is like a fresh install if I didn’t codify it my nixos-config which is tracked in git. I persist a few cache and setting directories in my home directory, but not much. I can restore my setup in like 20 minutes if I ever lost my machine.
• Virtual mic and camera for noise suppression and blurring for communication tools that don’t have it built in.
• Evolution EWS works okay as an Exchange email client. I had to hunt some weird settings like tenant ID to get it to work. I’ve been using Webmail or Outlook in a VM more often though as of late.

I work in software dev as FYI. For the few issues I have, my team has more issues getting stuff working consistently on macOS for our project. I used that as a justification when requesting the laptop: my dev environment should closely match our runtime environment. Most of that is moot now since we use Nix flakes in our repos for local dev envs.

Don’t Look Up!

I use rclone and the Round Sync Android client.

Supports a ton of back ends, self hosted, and commercial options. You can transparently encrypt with private keys you control.

I personally use B2 Backblaze for storage.

My phone backs up every night and Round Sync pushes them to B2. On my desktop I can mount as a volume. I can also access my storage from my phone going the other direction.

I’ve done the same using SFTP if I don’t want the overhead of persistent file storage.

It does not support indexing or previews for searching or finding say a photo. You can put whatever you want for data. So I have caches, indexes, and thumbnails that work in Linux. I can’t really make use of those on my phone though.

Rclones bisync feature is also a bit dangerous when I tried to use it a year ago. I more than once “deleted” everything. B2 doesn’t delete by default, just hides, so I was able to recover. I now do unidirectional syncs from my machines to different buckets until I’m motivated to investigate a proper 3-way merge solution.

This is news to me. That said, I’m usually one generation behind but upgrade every 2 years as my phone is usually EOL for software updates by the end of the period. I try to time it so I can get a replacement paid outright at mid-range prices.

With the Pixel 8 introducing extended software support, I’ll have to dig more into this.

I’m on Graphene. Mullvad is only 1% for me with 16h30min since last on a charge. I’m at 56% with 1h30m screen time.

I used GPS as I did some driving with maps and my music app accounting for 29% of my battery usage.

I throw my phone on the charger at night figuring battery tech and software management is good enough.

Are you WiFi or mobile? I get shitty mobile service so if I’m off WiFi my battery tends to go to shit. The VPN usually accounts for more as I assume it keeps reconnecting.

I don’t know about Nvidia specifically, but I mostly only see RSUs offered to Staff/Principal level engineers or Director and above on the management track. Many times with a multi year vestment period to act as a retention tool. You can make out good at the exiting end of the deal.

IMHO its a shitty practice. There is risk if the C-level pulls some stupid shit tanking the stock. The reward could just as easily be distributed to employees with a profit sharing bonus that eliminates the risk of my options tanking while vesting. Let the employees convert to options if they want to stake on future company performance.

At least in the US, I could have used the value of my options earlier in life to help with student loans, buying a house, medical issues, having kids, etc. I grew up poor. I “pulled myself up from bootstraps” and am doing well now. I still think the whole system is a dumb gimmick.

Might work like the book one where there is a known word and unknown word. You only have to guess the known one. The rest of the choices are used as training data for the unknowns.

I use Nix, even on my Ubuntu machines, to install tooling in my user profile.

Nixpkgs unstable stays pretty up to date. The few I want something on release day or bleeding edge nightlies, I override the derivation source. I use nvfetcher to pull the latest release or head of the default branch as part of my update routine.

I’m pretty new to Nix, so its been slow integrating into my workflow, but I plan to start integrating flake’s into my repos. My team seems to have constant issues with keeping their tooling up to date which breaks things locally from time to time.

I’m coming from a Haskell/Scala background. This job just pays more. TS has been “good enough” for types. I don’t think I could be as effective without them at this point.

I don’t see it dying from my perspective. Its only been getting better and better. The only thing I could see displacing it in my org is maybe Rust due to WASM proving a transition path.

We use TS on the back end to leverage our teams existing skill set and libraries we’ve built up.

I know it’s a meme to use “the next best thing” in the ecosystem, but we’ve been really happy with the newish Effect library + Bun runtime. Effect is like a merger of the older fp-ts/io-ts libraries (same author works on both) with Zio from the Scala ecosystem. It vastly simplifies the former and the new stuff with dependency injection and defect management is refreshing. With the Bun runtime, we see a 15x faster startup time (great for dev). Its halved the RAM requirements in prod. We don’t even need to transpile… We still do for prod to tree-shake dev-only code to ensure its not available in prod, but deploying to dev is FAST.

I thought it shared the same chip as the switch. Maybe with the switch 2 a replacement will emerge.

https://www.openwall.com/lists/oss-security/2024/03/29/4

Anecdotal, but I only see OpenWRT out of the two in commercial products which hints to me its better supported (e.g., security patches and feature support).

Just use rclone. Its bidirectional sync is kinda meh last I tested it, so I do manual syncs in each direction. Otherwise its awesome. Can even encrypt your stuff with your own key.

Supports a bunch of backends. There is an androind client called Round Sync with cron-like scheduling to keep my phone backed up.

If you are interested in pushing more, there are other JVM languages.

Scala was my first functional programming language after doing Java -> Groovy -> Scala. All 3 can access the entire Java ecosystem and are compatible with each other. Scala is like having Generics for your Generics (Higher Kinded Types).