What We Use (2019)

Desktop

#

Hardware

#

As a ‘daily driver’, a relatively standard 8770K / 32GB DDR4 ATX desktop, with a Samsung 960 Pro NVMe for I/O intensive workloads and 2x 860 EVO SATA’s for everything else.

An ASUS PG278Q 144Hz IPS 1440P monitor is flanked by 2x Dell U2518D 24" IPS 1440P’s in portrait orientation, all connected to an ASUS STRIX NVIDIA GTX 1080Ti. Despite being NVDA shareholders, the subsequent generation (Turing, aka GTX20xx) is ahead of its time, in that the headline feature is not raw performance but Ray Tracing, a technology that requires the software you use [games, probably] to support it in order to see any aesthetic benefit. As such, deferring this upgrade for a year or two is optimal, unless you’re deeply in love with one of the select few 2019 games that already make use of it, or are a streamer/YouTuber that heavily relies on the NVENC encoder, which is noticeably improved in Turing.

Peripherals

#

In spite of the gamer aesthetic, Logitech’s G903 wireless mouse, powered via it’s sibling PowerPlay pad is the best tracking device we’ve used (quite a fea).

Mechanical keyboards are one of those ‘once you’ve experienced it, there’s no going back’ upgrades, like flying in J or moving from spindles to NVMe storage. Despite the Reddit-religion suggesting variances in this subcategory are incredibly diverse, we consider them somewhat of a commodity, so to keep things simple we have a never-say-die Logitech G910, which shares controller software with the mouse. Its proprietary ‘Romer-G’ switches are approximately equal to Cherry MX Browns, and feel as great as any Cherry or Razer switch we’ve experienced.

The software agent ( G-Hub) facilitates full RGB customization of both devices, including disabling it completely. Ours is backlight mutedly at night for usability purposes, but otherwise off.

Monitors

#

One of the portrait-oriented 24" monitors has replaced more than a decade of IP desk phone reliance; a Cisco 7965 for CUCM, then Polycom CX600 for Lync/SfB, finally a Yealink T56 for SfB/Teams. While historically we have exclusively served the enterprise market (wherein Lync/SfB is ubiquitous), today, many of our more nimble clients opt for GSuite over O365, and Slack over SfB. A monitor dedicated to chat-centric UC allows us to keep both Slack and Teams in the foreground, and interact with their UI’s far more efficiently than is possible on a mobile device (or a mobile OS running on desk phone hardware, a la the T56). This strategy is evolution-friendly, unlike the hundreds of thousands of LPE desk phones headed for the trash because they can’t handle O365’s now twice-delayed uplift to requiring TLS1.2 (✌). It’s also more performant (feels more responsive) than modern physical endpoints, which at time of writing still exhibit minor but noticeable delay during some operations.

The other 24" monitor is divided into three horizontal sections, each assigned an subset of applications using DeskSoft’s WindowManager. Most often, this foreground is composed of inbox/calendar | todo list | terminal. See below for specific software choices. The advantage of this setup - being flanked by UC on the left, and other all-day-interesting apps on the right - is liberation from the context-switching overhead that would otherwise occur during every ALT-TAB. Our center screen, and train of thought, can remain focused on the task at hand, maintaining ‘flow’ or ‘deep work’ or whatever you want to call the zen state of productivity. Most often, this means a browser window docked the left half of the screen, and an IDE to the right.

Audio

#

Working remotely can get somewhat isolating. Music keeps us (sane and) motivated. Our source is an ancient but still viable SoundBlaster X-Fi Titanium HD, outputting optical to an equally archaic Burson Soloist SL amp, which in turn feeds Sennheiser HD800’s. We’d unequivocally recommend the headphones, though soundcards and desktop amps have matured to a point at which having both is redundant. As such, we’d recommend Creative’s 2019 SB AE-9 if desktop PC listening is your primary use case, or Burson’s Play if your primary workstation is a notebook. We use Hesuvi to mux our source signal into virtual surround (to fully exploit the HD800’s phenomenal soundstage) and AutoEQ (now conveniently built into Hesuvi) to fix the infamous sibilance EQ issue on the HD800s.

We also own and recommend a Pereto principle variant of the above setup - the Arctis Pro Wireless headset, which features excellent out-of-box virtual 7.1, bass, comfort, battery life, and a plethora of input options.

Sonos One speakers are ubiquitously placed around our work and living spaces, with cloud voice assistant input muted the vast majority of the time. Some larger areas are paired with a Sonos Sub. Sonos would like to sell you on the ‘it just works, if you have the cash’ Apple-esque narrative, but as with Apple, there are caveats. Spotify Connect doesn’t play nice with any variant of 2019 Spotify Windows clients (mobile is fine), and, whilst both the One’s and the Sub produce excellent sound, they lack USB or optical in, so are really only useful for streaming music, preferably controlled by your phone/tablet. For use cases beyond this, like as desktop speakers or home theatre, additional investment (Playbase/Playbar/Connect/Amp) is required. ¹

Laptop

#

2018 Thinkpad X1 Extreme (8750H/16GB/512GB/4K HDR). The keyboard is (much) better than current gen MBP’s. The touchpad is not. The signature trackpoint is … life changing or irrelevant, depending on your star sign. The build quality, otherwise is == to a MBP if not better. If you want to run Windows or Linux instead of macOS, get this. If you’re only running macOS because of MBP build quality, get this ².

Tangentially, if you are using a modern MBP, and loathe the TouchBar, Pock or it’s free analogue will likely change your mind.

Software

#

We use Windows 10 Enterprise LTSC on all our endpoints. Despite a familial all-in on the Apple ecosystem (MBP’s + iPhones + iPads + Watches + ATV’s), we are personally outside that walled garden. Being intentionally vendor agnostic grants the freedom to choose best in class point solutions to every problem, rather than constantly tolerating ‘good enough’³.

We use the Office suite, because it’s both industry standard and market leading. OneNote is better than Evernote. Outlook is better than any other mail client on Windows (it’s Android/iOS clients are also solid). Word/Powerpoint/Excel are still dominant in their subcategories. The O365 ‘Home’ subscription is way better value than Netflix; $100USD/year licenses your family for Office apps (desktop/mobile/web) and 1TB of OneDrive each, which has feature parity with Dropbox and, unlike iCloud, is truly platform agnostic. Google aficionado’s who feel compelled to advocate for GSuite’s competitively priced offering with unlimited cloud storage might want to take pause. That overly generous option is being ruthlessly exploited by a growing community of /r/datahoarders (mostly, to store and playback YouTube/TV/movie rips). It’s unlikely ‘unlimited storage’ for $5USD/u/m will remain a thing indefinitely, when a small subset of users are reading and writing dozens of terabytes a month for the same ‘cup of coffee’ you pay to store your family’s mostly dust-gathering photo archive.

Despite constant experimentation with terminals⁴, we’re still using Cmder, which is ConEmu plus tweaks. It has the fewest bugs, lowest memory footprint, and - crucially - a reliable quake mode ⁵. FiraCode is the best console/ligature font.

Similarly, we’ve flirted with a plethora of IDEs over the years, and none have held a candle to Visual Studio Code. ( Neo)Vim diehards will insist that mastering vi*’s unintuitive but rewarding learning curve has merit, but the VSCode ecosystem is incredibly active, and its cross platform nature means it’s the right choice in almost all cases. That said, this ecosystem proliferates must-have extensions⁶, which increase the IDE’s otherwise snappy load time, thus opening the door for a sibling text editor in the form of Notepad3, a very light but feature rich notepad.exe replacement. We use Notepad3 whenever the 2 second load time of a tricked out VSCode environment would represents a significant portion of the total change time.

Firefox is our browser of choice, with DuckDuckGo for search, predominately because !bangs are great. For example, a !s prefix gets you anonymized Google results whenever DDG’s Bing-backed results fall short; less than you’d expect, so long as you’re not lazy with query terms, which you probably are, because Google’s profiling and always-arrogant (though admittedly often-right) guesses allow you to be. Common bangs aren’t arcane; you can guess them: !yt searches YouTube, !w for Wikipedia, !a for Amazon, !eau for eBay Australia (because !e is eBay US). Arguably masochistic (see below), we further harden Firefox’s default settings using GHacks user.js as a security baseline, with a few QoL overrides.

Extensions abound, mostly for privacy/ad-blocking/anti-tracking: uBlock Origin, 1Password, Auto Tab Discard, Automatic Reader View, Feed Preview, CanvasBlocker, ClearURLs, Cookie AutoDelete, Decentraleyes, NeatURL, Multi Account Containers, Temporary Containers, Privacy Possum, HTTPZ, Smart Referer, Tree Style Tab.

In a perfect world, CAPTCHA would be so faux pas that no right minded web property would use it. In a slightly more realistic world, CAPTCHA would be made far less painful by PrivacyPass, or, failing a server-side solution, by Buster. We do not live in either such world(🥀). For those running Chrome, probably also signed in to Chrome, who once in a blue moon click a ‘are you human’ checkbox that instantly transmogrifies into a green tick, you’re likely blissfully unaware of the extent to which persistent profiling (about you, the individual) is done to reach that conclusion so quickly. Using our aforementioned browser+config+extensions to combat the inherently creepy nature of the modern internet results in Google being so suspicious of your web session that passing ‘are you a robot?’ tests (CAPTCHA) will take - literally - more than a minute of unpaid ML training, and more often than not will fail to grant access after that minute of mindless clicking has been ‘invested’. Adding insult to injury, because said browser configuration intentionally and automatically discards all artefacts when closing tabs, this process must be repeated every time you visit that CAPTCHA ‘protected’ site. This is the price one must pay for being adtech pseudonymous in the current era. We expect further open-web devolution in the coming years.

Other notable must haves: scoop is a better package manager than Chocolatey. 1Password is our de facto recommendation for credential management, though Bitwarden_RS is nipping at it’s heels. ImageGlass (a contemporary replacement for IrfanView) opens images. MPV plus youtube-dl plays media. Directory Opus, heavily customized+themed, triumphantly replaces Explorer, with Listary 6 Beta and Everything as filesystem indexers. Viscosity for OpenVPN, though we’re gravitating towards WireGuard tunnels moving forward. Remote Desktop Manager for a single pane of (tunnelled) glass into both personal and client infrastructures. BeyondCompare and Araxis Merge vy for diff tool of choice. Teams, Slack, Discord and Wire all do essentially the same thing - API driven social platforms for various peer groups. Bvckup2 is the best Windows backup client, though we’re only really calling out its categorical elegance, because in practice we use restic which is cross-platform, CLI-centric and can target a plethora of storage destinations. Syncthing keeps files local and in sync between desktop and laptop without relying on a ‘cloud’ to do so. ShareX takes quick screenshots and facilitates ephemeral uploads. QuickLook adds the macOS ‘space to preview’ function to Windows. F.lux makes working at night barable. Typora is Word, but for Markdown. Postman is the best REST GUI client, Wiztree is the fastest disk utilization analyzer for NTFS volumes, GitKraken is the best GUI git client ⁷.

Next comes graybeard sysadmin tooling. Rather than verbosely elaborate on each of the following, most of which have esoteric appeal, we’ll just assert if you’re => a power user, and you aren’t familiar with any of the below binaries, we suggest following the links, to see if your unique workflow could derive benefit from them.

For general (Windows friendly) CLI-fu: jq, yq, rg, rq, bat, jira, wuzz, pandoc, powerping, xsv, fzf, tldr, ethr, httpie, apprise, jsondiff, litecli + mycli + pgcli + usql

For WSL/POSIX specific tooling: Brew + Homebrew Bundle + tmux&friends( resurrect/ sensible/ 1password) + oh-my-zsh + micro, ncdu, htop, ctop

For Kubernetes: kubectl + krew + kubectl-debug, kubectx, kubectl-extras, ketall, kubectl-search, kubectl-enter, kubectl-config-merge, kubectl-dashboard

For Kube’s ecosystem: helm, kustomize, draft, minikube, vault, terraform, terragrunt, terratest, packer, Azure CLI/Powershell, AWS CLI/Powershell, GCP CLI/Powershell.

Mobile

#

Don’t really use one - almost all our communication is async by design (SCM PR’s, Slack/Teams/Discord, Jira, email). When railroaded into using SMS 2FA (👎), and as a LTE hotspot, a never-say-die 32GB iPhone 6S+.

Installed: OpsGenie for on-call. Unread for RSS. Octal for HN. The Microsoft suite ( Outlook, Teams, OneNote, OneDrive, To-Do, Lens), Jira/ Confluence and Slack for work, 1Password and Duo for MFA. HomeAssistant Companion delivers bespoke actionable push notifications, and Siri+ Home is our (least privacy corrosive) voice interface. DNSCloak for DoH based ad-blocking. Wire for family. Discord for friends. Signal for security-centric customers. Groundwire is the most battery efficient SIP client.

Self Hosted / Lab Infra

#

3x Dell R720’s form the bedrock of our lab, totalling ~300GB RAM, ~30 Xeon cores ~2TB of aging nearline enterprise SAS spindles, and about 12TB of DAS attached Intel SATA SSD’s (in NetApp DS2246’s, connected via LSI HBA’s). These run ESXi 6.7 + vSphere 6.7. The SAS disks are pooled via vSAN. We think vSAN in production is a great SDS solution, however some of the disks aren’t on the HCL, and three hosts means erasure encoding policies are out of reach, so in this duct-taped deployment, we consider the storage presented to be ephemeral. The majority of our critical data lives in the NetApp enclosures, which function as shared storage across the three R720’s.

Kubernetes

#

Almost all our internal workloads are binpacked on a pretty typical Kubernetes cluster, with both a master and and worker VM having affinity to each physical host. Instead of multiple clusters (which we’d recommend in a larger commerical environment), we use K8s namespaces to segregate staging and production. The cluster was provisioned using Rancher’s RKE, targeting RancherOS VM’s. The Rancher overlay is installed, though rarely used and only as a read-only pane of glass; we strongly advocate GitOps as a manifest management mechanism and thus use Weave’s Flux to assert the cluster’s IaC-defined desired state. Rancher 2.x is really dangerous in this regard; we’ve had more than one engagement this year in which a client who’d had great success with Rancher 1.x blindly followed that vendor (who, again, are great!) into theoretical kube nirvana, but didn’t evolve their deployment processes in parallel. Their GUI-deployed pet workloads ultimately castrated by a next-next-finish-oh-god-the-cluster-is-down-and-with-it-our-management-modality production piñata.

When deploying new enterprise-y clusters, we gravitate towards kops over rke when targeting raw (ie not cloud-managed) infra. While not strictly superior, it’s an order of magnitude more familiar to the market we serve. For edge and resource constrained scenarios, k3s is quickly becoming our favored distro.

We could wax lyrical about K8s, suffice to say our platform baseline probably looks the same as yours does (or will); Prometheus+Alertmanager+ Grafana for metrics, Loki usurping EFK for log aggregation, Istio slowly replacing ingress-nginx, cert-manager for ACME TLS, external-dns for automatic DNS updates, and HashiCorp’s Vault + Banzai’s mutating webhook for secret injection.

We’re moving to Argo in production at time of writing, which seems inspired by the best of Flux and Spinnaker, but specifically designed for K8s (config is via CRD’s, no support for VM/IaaS/PaaS targets), and an order of magnitude easier to manage than (even a halyard deployed) Spinnaker. Similarly, Terraform Enterprise is priced for clientele larger than ours, so we use and recommend Atlantis for collaborative, version controlled, peer reviewed IaC.

We think Kustomize (now baked into kubectl 1.14) is a better solution for manifest templating than Helm. Helm 3 improves things slightly (no more Tiller!), but in our view the driving force behind Helm’s current popularity is also it’s Achilles’s heel; it allows non-experts to deploy complex application stacks without deep knowledge or understanding of how they’re put together, or why the chart defaults are what they are. This inevitably leads to ’everything was working until it wasnt, help!’ scenarios that keep us gainfully employed, but should probably instead have been avoided, by working with relevent SME’s during design/deploy (or becoming one yourself, delving deeper than README.md). In fairness, this double edged sword is not Helm exclusive; Docker Hub heralded a new era of ’testing in production’ for orgs that have yet to be bitten badly by a security event. The market knows this; ‘DevSecOps’ is an 💲exciting problem space💲 this year.

Moving right along.. if the ‘serverless’ paradigm appeals to you, oh customer-aligned coal-face developer, we recommend Knative over the multitude of lock-in-laden proprietary FaaS cloud platforms. ‘Azure Functions is open source’ you exclaim. Great! Find one noteworthy use case of that being leveraged in production. We’ll wait. Back in the real world, we and a handful of our clients already run Knative on metal (well, on K8s, on metal), and if that design decision ever becomes unattractive, GCP’s ‘Cloud Run’ is Knative as a Service. It’s likely the other two behemoth’s will follow suit, which means Knative-targeted workloads will be as infrastructure agnostic as your Docker containers were, or Kubernetes manifests are.

Storage

#

After being hamstrung by severe edge case bugs with Rook/Ceph and GlusterFS, our PV’s are currently backed by ZFS/FreeNAS 11.x (FreeBSD) and presented via NFSv4, because it’s RWX and ‘just works’, except for SQLite DBs, due to lock issues, so we serve those over SMB vol using MSFT’s FlexVol driver ⁸. ZFS works best with direct access to the underlying disk’s SMART data, so we IOMMU passthrough the HBA’s in ESXi, then pool them with a zraid2 array of multiple vdevs, each housing a number of Intel S3700 SSD’s. We recommend a 32GB Intel Optane ZIL/SLOG device for both write redundancy and performance.

Container state backups are performed using both Heptio Velero (nee Ark) to local S3 ( Minio), and to offsite S3 ( Wasabi) using restic.

Network

#

For routing, despite having experience with almost every ’enterprise grade’ product line, for SME’s we still recommend pfSense =>2.4.x running on comnmodity hardware. For example, the PC Engines APU2 is a fanless, compact workhorse draws <10W yet can easily saturate a 500Mbps uplink, even flooded with encrypted VPN traffic (thanks AES-NI!), all the while acting as L7 load balancer (HAProxy) for your MetalLB (BGP) routed, K8s hosted services. It’s also the ideal place to host a MFA OpenVPN server (we’ll move to WireGuard once Windows client support leaves alpha state), serve NetBoot via PXE, and handle dynamic public DNS updates via both CloudFlare’s API and RFC2136. Since v2.4.4 - when properly configured - it even elegantly overcomes bufferbloat using FQ_CoDel!

For a few reasons (no official API/CLI, dated web UI, ‘NGFW’ features are third-party, unsupported packages) we don’t think pfSense/OPNSENSE scales well into any form of corporate environment, and enthusiastically recommend Palo Alto’s products. When you recover from the quote-induced cardiac, buy Fortigate kit, which has near feature parity at a now-comparatively-palettable pricepoint.

3x3 802.11ac permeates our office via roof mounted UniFi AP-AC-Pro’s, which hold their own in reasonable-sized spaces, often outperforming much pricier Cisco/Meraki/Aruba/Aerohive peers. Layer 2 PoE+ GigE is distributed via fanless, slimline, unmanaged Linksys LGS116 switches. Managed switches are on the to-do list, but we’re waiting for grey market 10GbE SFP+ switches (like Cisco’s Nexus 3064) to further decline in price before revamping our wired network.

Mail

#

We self-hosted mail for nearly a decade using Exchange 2010/2013/2016. As the industry (and our lab) evolved, found ourselves running an AD DC pair just for this one application, and thus migrated to mailcow, which cohesively bundles the usual suspects of a Linux based mailserver (Postfix, Dovecot, RSpamD etc) inside containers. Thanks to SoGo, it presents an ActiveSync interface, so our users perceive no client side difference to a full blown Exchange deploy, all the while requiring 1/4 the resources EX2016 does, handling multi-tenancy better, and fronting self-service access to features that Exchange considers ‘admin functions’, like mailbox aliases and spam-detection tuning.

Facilities

#

HVAC is best controlled via Ecobee3 thermostats (like Nest, but without Google). The subsequent iterations add cloud voice assistants, which is not functionality we recommend having wired into your wall. Ecobee’s are HomeKit compatible, which means we’re able to circumvent their cloud reliance by masqerading as an ‘Apple Home’ then controlling them programmatically (see our HA project for more info).

We suggest avoiding the (understandable) mistake that is assuming a positive experience with UniFi WiFi kit would translate into the same with their security cameras. Instead, we recommend the phenomenal (solo developer!) Blue Iris NVR and Dahua IPC-HDW5231R-ZE cameras. The Blue Iris + Dahua BOM will be in the order of 25-50% cheaper than a UniFi equivilent, while picture quality (especially in low light) and NVR functionality (eg motion detection efficacy) dwarfs that of G3 bullets / their companion NVR. The 2019 Dahua refresh (IPC-T5442TM-AS) primarily adds resolution - a 4MP fixed sensor, whereas the 5321R-ZE sports a 2MP varifocal sensor. This 4K capability does result in small but observable benefit in daytime footage, however low light shots are at best equal. Furthermore, 4K video means significantly more storage overhead (and NVR CPU utilization, if reliant on motion detection) for nowhere near the reciprocal real world benefit. As such, for now, the Z5321R-ZE reigns supreme.

Energy

#

If you’re putting everything in a colo, or (more likely) a cloud, you’re paying a hefty premium for power, so when running locally, it makes sense to optimize this variable even further in your favor. We offset draw using approx 6kW of PV connected to a Fronius inverter, which in turn feeds a single 13kW Tesla Powerwall 2. This setup, plus a little magic in our building automation configuration (like scheduling high consumption activity to overlap with peak solar output), has cut our energy bill by approximately 90%, and functions as a whole circuit UPS, with a typical off-grid run time - like during a blackout - of more than 24 hours.

Entertainment

#

As in most fledgling labs, we initially relied on a heterogeneous array of spindles in an ATX chassis. The machine ran OpenMediaVault, a Debian based distro that provides an easy onramp to MergerFS and SnapRAID, a pairing that converts an otherwise disparate array of disks into an aggregated, parity-backed, bit-rot protected volume presented using whatever protocol so required (SMB, NFS, S3 etc). However, because this machine was inevitably a single point of failure, and because we couldn’t justify the 200W it ate, we have since converged media services alongside all others; on Kubernetes.

Data resiliency is taken care of via aforementioned ZFS scrubs, ECC RAM and rotating offsites. The Plex container is pinned (nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution) in K8s to worker nodes on a specific physical host with a NVIDIA P2000 installed, capable of approximately a dozen simultaneous H.264 or HEVC transcodes. Also scheduled - without affinity - are the supporting ecosystem of open source apps for acquiring and managing this content (eg Tautulli).

Kodi v18 on a NVIDIA SHIELD, connected to a LG C8 65" OLED, connected to a nothing-special 5.1 receiver and speaker setup, plays content from PMS (via K8s) using the excellent PlexKodiConnect; faster and more featureful than the native Plex Android TV app. The SHIELD is rooted for AdAway + Flux, with further filtering at the edge via custom PiHole blocklists. As such, SmartYouTube and Twitch (via S0undTV⁹ are stripped of ads¹⁰.

All other rooms use Apple TV 4K’s connected to generic 50-60" LCD’s. HD Homerun Duo ingests coaxial free to air TV and presents it over IP to these STB’s via Plex DVR ¹¹, which grants our family access to a TiVo-like experience whether at home or otherwise. Whilst we loathe the closed source, increasingly commercial nature of Plex, the consistent UI between mobile, web and TV apps means our non-technical loved ones can derive value from this conglomeration of ad-free entertainment options. Jellyfin (an open source fork of Emby) is very much on our radar, and once both iOS and Apple TV apps exit TestFlight, will replace Plex.

Our memories are catalogued and curated using Lightroom 6 (the last standalone release; no thanks to big tech’s attempt to convert everything into cloud-reliant MRR). The RAW’s themselves are the product of Canon full frame DSLR’s, and in particular the phenomenal 70-200 f/2.8L IS II glass.

Our rather expansive book library is organized via Calibre, and propegated to physical Kindle Oasis devices via Calibre-Web.

Couch/casual gaming occurs on a Nintendo Switch with Pro Controller’s. We recommend Diablo 3, Overcooked 2 and Zelda:BOTW.

For gaming not constrained by a ‘wife approval factor’, we’re big fans of heavily modded, systems-centric single player titles like Factorio, RimWorld, Dwarf Fortress, and competitive multiplayer sandboxes like EVE Online. Path of Exile gets special mention for being everything an ARPG should be, putting both Diablo 2 and 3 to shame.

Wishlist

#

There’s not much that today exists which could conceivably improve our workflow and/or lifestyle.

Ideally, the X1 Extreme’s thermals would be better, but physics are what they are. Undervolting by both CPU and cache by ~100 to 150mV using ThrottleStop puts this device into near-perfect tier. We previously uses TPFanControl to set custom thresholds, but now just use ThrottleStop to mediate chip performance aggression in various contexts; presets are auto-triggered based on state eg AC/battery[level]/temps etc. In a perfect world, the manufacturer would ship the device with this logic encoded in firmware. Glass half full - taming ours didn’t require re-pasting of the CPU or removal of the fan vent filters, so perhaps we should be counting blessings. One area that the X1 does fall short, at least in comparison to it’s smaller, slightly less powerful sibling (X1C6) is endurance. Whereas the Carbon can get 6-8 hours of real world use, the X1 Extreme, despite having a bigger (80Wh) battery, is hamstrung by its larger 4K HDR display, faster + higher power draw CPU, and NVIDIA GPU, thus managing four hours at best in our experience, though admittedly we are far from average users. Given the unremovable nature of the battery (hot swap is available only in the downstream T480), we’re torn between the 48Wh Lenovo and 100Wh AlsterPlus external USB-C packs, the latter with double the capacity but lacking a USB-C to ThinkPad Slim-Tip adapter, which can only be sourced via the OEM SKU.

As above, we’re very light mobile users, but if we instead relied a lot on that form factor, there are a few elements of the Android ecosystem that we wish existed in the iOS one: Firefox+ uBlock Origin / Bromite (FF / Chromium skinned Safari is not at all the same), on-device whole-device ad-blocking, like AdAway (iOS had this with AdGuard Pro, then Apple removed the API that made it possible, because profit), Termux (paying for SSH via Termius/Prompt/Blink just seems.. rough), Vanced/NewPipe/SkyTube (heavily modded YouTube clients), Syncthing.

Having a full day of grid-independent electricity is great, however a large scale blackout could theoretically take out all fixed and wireless broadband connectivity in our area. At present, when the local exchange goes down, our router fails over to LTE and most internet access proceeds unhindered. In theory, the blackout could be so widespread that all accessible cellular towers also go down, at which point we’d have power ✅ but no internet ❌. The lion’s share of our core personal and professional infrastructure is self-hosted on-prem, so we are far better equipped for this eventuality than most, but the five nine’s aspirant in us can’t wait for low orbit (low latency, high bandwidth) satellites eg Starlink to go live.

If really pedantic, we wish Logitech’s Romer-G switches had the exact same feel but were slightly quieter, somewhat akin to our brief experience with Cherry MX Blacks/Hybrids.