Latest Posts (20 found)
マリウス 2 days ago

The Day WhatsApp Goes Dark

Note: As usual, tl;dr at the end. Tomorrow morning, WhatsApp goes dark, and it’s not just a short downtime, but it is a termination of the service. The servers turn off, the domains don’t resolve anymore and no mobile client is able to connect. Have you ever asked yourself what would happen in that case? What if WhatsApp actually went dark? Obviously, nobody really knows what would happen in such a case, because we haven’t experienced that situation (yet), but even though the closest analogues like the six-hour Meta outage in October 2021, and Brazil’s 12-hour court-ordered shutdown in December 2015 were measured in hours, not days, those already produced effects that journalists described as “apocalyptic” . We can try to extrapolate what happened throughout events like those to see what “global catastrophe scenario” could theoretically look like. Because whether you believe it or not, WhatsApp is more than just a messenger , and one example that makes this pretty obvious came from the Forbes editor José Caparroso , who wrote during the 2021 blackout that … Latin America lives on WhatsApp . I am surprised by so many people underestimating how catastrophic this downfall has been. But before we dive into this thought experiment, however, it’s worth establishing what we’re actually talking about, as readers in most of Europe and North America underestimate WhatsApp by an order of magnitude, primarily because in those markets it functions as one platforms among many. That is, however, not how the rest of the planet works. Note: This thought experiment is not only based on some abstract numbers and studies, but upon my own experience of how WhatsApp is being used in e.g. the global south on a day to day basis. During my travels I think I’ve pretty much “seen it all” , with for example broadband technicians taking photos of the stickers on the backside of WiFi routers/modems, that show the hardware address and login credentials (on their phones), and sending them via WhatsApp to themselves, only so they can open them on WhatsApp Web (on their work laptops), in order to upload them into the ISP’s technical service portal. It is frankly mind-boggling what sort of tasks WhatsApp has become a Swiss army knife for in those countries, whether it’s as a file transfer platform for sensitive documents, or as a full-blown hotline for critical services and infrastructure. Let’s start by understanding the sheer scale of WhatsApp . The Meta owned and operated messenger has roughly 3.3 billion monthly active users as of early 2026, which is about 40% of every human alive, and somewhere north of 60% of every human with a smartphone. The platform processes more than 100 billion messages per day , out of which around 7 billion are voice messages. On top of that, users place around 5.5 billion voice calls and 2.4 billion video calls per month , which boils down to more than 2 billion minutes of voice and video traffic every 24 hours. To put this in perspective, the global SMS network, at its peak in 2012, handled about 23 billion messages per day across every carrier on Earth. WhatsApp does four to five times that volume on its own, every day, on a service that is (at least at the consumer layer) “free” . However, if we look deeper into the country-level breakdown, it becomes clear that WhatsApp usage isn’t evenly distributed across the globe. India has between 535 million and 596 million monthly active users , and regardless of whether we pick the higher number or we stick with the more conservative estimate, it is the largest single national user base on any messaging platform anywhere. Brazil has about 148 million users, and the app is installed on roughly 99% of the country’s smartphones. And 93% of those users open the app daily . Indonesia has about 112 million users, with WhatsApp being the leading messaging platform in the country, and in Zimbabwe WhatsApp alone accounts for roughly 44–50% of all mobile internet traffic . In Lebanon more than four in five adults use it , making it the dominant communications channel during multiple national crises. In a great many countries, WhatsApp is not simply a service on the internet, it actually is the internet for most practical purposes. WhatsApp Business now has more than 200 million businesses on the platform globally , with around 50 million small and medium-sized enterprises using it as their primary customer channel. In India and Brazil, roughly 80% of small businesses use WhatsApp to communicate with customers. In Brazil specifically, 96% of businesses rate WhatsApp as their primary communication tool, and a joint study by Fundação Getulio Vargas and Sebrae , Brazil’s main small-business support organisation, found that 70% of Brazilian small companies rely on the Meta -owned trinity ( WhatsApp , Instagram , Messenger ) as their marketplace. Globally, around $45 billion in commerce is expected to flow through WhatsApp in 2026 . Click-to-WhatsApp advertisements alone generate roughly $10 billion per year for Meta . About 175 million customers send messages to WhatsApp Business accounts every single day. And then there’s payments. In India, WhatsApp Pay is a small player in the UPI with about 67 million transactions per month against UPI’s 18 billion monthly volume, but in absolute terms, that’s still an enormous number of transactions. In Brazil, WhatsApp Pay is integrated with local card and bank rails and is used by transit operators ( Vai de Bus , for instance, sells passes via WhatsApp ), banks, and merchants. Across Africa, fintech overlays on WhatsApp , like Finnova in Nigeria, or Azza in Nigeria, Kenya, and South Africa, are processing crypto and conventional payments at significant volumes. Besides being a chat platform, a marketplace and a payment processor, WhatsApp is also being used as critical clinical infrastructure across the global south. A three-year programme at UCLA’s David Geffen School of Medicine paired subspecialists in Los Angeles with clinicians at Partners in Hope Medical Center in Lilongwe, Malawi, via WhatsApp groups. 89% of submitting clinicians and 71% of expert respondents reported that the case discussions improved medical education and patient outcomes. In the Eastern Cape of South Africa , WhatsApp groups serve as the primary continuing-medical-education channel for HIV and TB management in rural clinics where specialists are days away. In Haiti, WhatsApp groups coordinate emergency department operations at Hôpital Universitaire de Mirebalais , including mass-casualty alerts, security updates, and clinical decisions. In Zambia, IntraHealth International runs nurse and midwife mentoring networks over WhatsApp . In Brazil, the link between Zika virus infection and microcephaly was tracked partly through WhatsApp groups of paediatricians comparing cases. Another critical field that runs on Meta ’s infrastructure is disaster response. The World Bank documented that during 2014’s Cyclone Hudhud in Andhra Pradesh, India , the Public Works Department restored connectivity to a 1.8-million-person city primarily by coordinating engineers through a closed WhatsApp group with the District Magistrate in it, without any formal meetings and orders, which ultimately led to most roads becoming functional within three to four days. During the 2023 Turkey earthquakes, volunteer-formed WhatsApp networks processed 5,800+ messages in one week for needs assessment and rescue, and in Syria, the White Helmets have run an emergency dispatch system over WhatsApp since 2021, because the country’s emergency number infrastructure is largely destroyed and WhatsApp ’s compression algorithms work where almost nothing else does. It’s not just individual organisations, but even whole governments are dependent on Meta . Buenos Aires for example ran a COVID-symptom triage chatbot on WhatsApp , and Lebanon’s public health ministry launched an automated WhatsApp service in April 2020 to disseminate updates on the pandemic. India, on the other hand, offers metro tickets, government services, and bill payments through WhatsApp chat interfaces . On top of that, for example, the Philippines’ UAE consulate operates consular emergency hotlines on, you guessed it, WhatsApp . Last but not least, there’s migration. Roughly a quarter-billion people live outside their country of birth. Most of them use WhatsApp as their primary connection to family, because international SMS is expensive and unreliable and Skype is, well, dead. Multiple peer-reviewed studies on Trinidadian , Pakistani, Ghanaian , Polish, and Kenyan diasporas also converge on the same finding of WhatsApp being the primary technology of transnational family life in 2026. So to go back to our initial thought, let’s imagine WhatsApp shutting down in an instant, with this dependency graph in mind. What follows is a hypothetical scenario sketched from the documented impacts of past (shorter) outages, scaled up by the duration and finality of the event, and informed by the dependency layers described above. It’s a scenario and not an actual prediction. The shutdown hits during European afternoon, which means American morning, Indian evening, East African afternoon, and Indonesian late evening. The first signals show up on Downdetector and on non- Meta competitors. In 2021, the six-hour outage generated 14 million reports inside the first few hours, but this time the number is likely much larger. Behaviour inside the first hour is uneven and largely confused. In most places, users assume it’s a routing problem, a local carrier issue, or a phone bug. They restart the app, then their phone, then their router, then they check Twitter X , Instagram , TikTok , Telegram , maybe Signal , or Facebook Messenger , depending on what they have installed. Telegram and Signal both see app-store download spikes within the first 30 minutes, as it happened during the 2021 outage, with Signal reportedly adding “millions” of users that day . The first noticeable failures show up in commerce. A food-truck operator in São Paulo who takes orders via WhatsApp can no longer receive them. A small clothing brand in Mumbai whose entire sales pipeline runs through Click-to-WhatsApp advertisements sees its ad spend continuing to bill while the conversation endpoint returns errors. In Hong Kong, a logistics coordinator who confirms container pickups via WhatsApp loses the day’s confirmation chain. In Idlib, Syria, the White Helmets dispatch room realises within minutes that emergency calls are not coming in, and civilians have no fallback channel. It is likely that three things start happening in parallel. First, mass migration to apps like Telegram , Signal , and to a lesser extent Messages ( iMessage ), Viber , and Line . Signal ’s servers, which are run on a fraction of WhatsApp ’s infrastructure, are not designed for an inrush of hundreds of millions of new accounts and start to degrade in some regions. Telegram , which has spent a decade preparing for exactly this scenario, holds up better but still struggles with its own issues. Ultimately none of the alternatives are suitable for the people who had built their workflows on WhatsApp . The second thing that happens is commercial collapse , which is the biggest 12-hour story, but still largely invisible from Western media. In Brazil, Indonesia, Nigeria, India, Pakistan, Bangladesh, Vietnam, Mexico, and probably 50 other countries, the small businesses that route everything from orders and prices, and photos of goods, to delivery confirmations, and payments, through WhatsApp have lost their primary revenue channel. A clothing brand in Ireland reportedly lost thousands of euros in a single afternoon during the 2021 six-hour outage. Multiply this by twelve hours and by the entire tail of informal commerce that lives on the platform and the figure runs into the billions. The third thing is health-system stress . Group consults that normally take an hour over WhatsApp become almost impossible. The Eastern Cape HIV-management network in South Africa, the Malawi-UCLA clinical link, the Haitian ED coordination groups, the Zambian rural-nurse mentoring channels, all degrade simultaneously, and while mortality consequences are not yet visible, they are happening nonetheless. In several countries, government officials begin issuing statements through whatever channel is still functioning. After the first 24 hours it becomes clear that the impact this situation has is roughly inversely proportional to a country’s investment in alternative digital infrastructure. The United States and Western Europe are mildly inconvenienced, and India is moderately disrupted, mainly because the country has built duplicate rails, hence UPI runs over many apps. After all, SMS still works, alternative payment apps exist, and government services have their own portals. However, countries like Brazil, Argentina, Mexico, and most of sub-Saharan Africa, on the other hand, are in serious trouble. In Brazil, by the end of day one, the financial press is comparing the situation to a partial shutdown of the national payments system. Pix transfers still work, as those run over the central bank’s infrastructure and not WhatsApp ’s, but the merchant-customer communication layer that drives Pix transactions for millions of small operators is offline. The same is true in Argentina, where the inflation-driven culture of constant price renegotiation between vendors and customers happens, in practice, almost entirely on WhatsApp . Another area that starts to fail is migrant remittance. People working in the Gulf, North America, or Europe typically coordinate transfers with their families via WhatsApp , where they confirm the recipient’s details, send screenshots of receipts, or sometimes route the money through informal Hawala -style networks where trust is established and maintained by daily messaging. These workflows don’t fail completely on day one, but they slow and break in ways that don’t show up in formal remittance statistics for another week or two. In Latin America, the first major political consequence appears in the form of misinformation that previously circulated within closed WhatsApp groups , which now has nowhere to go and starts spilling onto other platforms. By the end of day one, more than 100 million people have created Signal or Telegram accounts. Both apps experience their first significant performance degradation events. The labour-market consequences start showing up. In India, where WhatsApp is the de facto recruiting and onboarding tool for huge segments of the informal economy, gig workers can’t be reached for shifts. Delivery platforms like Swiggy , Zomato , Dunzo , and their international equivalents, see their dispatch coordination degrade. Some of these companies have parallel in-app messaging, but many have leaned hard on WhatsApp because it was cheaper. Schools also begin to feel it, because in many countries, including India, Brazil, South Africa, Kenya, Nigeria, the Philippines, Indonesia, and much of the Middle East, parent-teacher communication runs over WhatsApp groups. Two days in, schools that have not made the switch to other channels are operating partially blind, and parents are not getting closure notifications, transport updates, fee reminders, or exam schedule changes. In countries with weak alternative communication infrastructure, the second-order effect is mid-week absenteeism as parents simply don’t know whether school is open. On top of it all, Healthcare is also heavily impacted. For example, the Haiti emergency-department-style coordination groups have now had 48 hours to find alternatives, and they have, mostly, but the transition has costs. Case discussions that were asynchronous and 24/7 on WhatsApp are now synchronous and harder to schedule, and rural clinicians in places like the Eastern Cape, Lilongwe, or the highlands of Nepal are once again practising in the relative isolation that WhatsApp ’s group-call and group-message features had alleviated. In several documented studies, isolation correlates with diagnostic delays and worse patient outcomes. In Syria, the White Helmets switch to a patchwork of Signal , SMS where it works, and physical runners, and response times degrade significantly. At this point things start to get political. In a number of countries, including Brazil, India, Indonesia, Nigeria, the Philippines, and South Africa, the question stops being “what is Meta doing” and starts being “why did we let one foreign company become this central” . Telecom operators in several countries pitch the moment as an opportunity to push their own messaging products, most of which have been moribund since 2014, but the pitches fail because nobody trusts the carriers, because those carriers have been quietly delighted to see WhatsApp gone, given that it eroded their SMS and voice revenue for a decade. In a few markets, regulators float emergency-decree-style proposals to nationalise messaging infrastructure or build sovereign alternatives. And while most of these proposals are clearly performative, some are not. India and Brazil both have working national digital identity and payments stacks that could, in principle, host a public messaging layer. It remains to be seen, though, whether the political will to build one persists past the first month. Public health authorities in Lebanon, Buenos Aires, the Philippines, and several African countries are now running emergency communication operations across multiple fallback channels. None of them work as well as WhatsApp did and things like vaccination schedules are missed, and appointment reminders fail. Some clinics see patient no-show rates rise by 30–40% versus baseline. Not because WhatsApp is superior to its competitors, but simply because humans need a long time to adjust to the alternatives that are being put in place. Also, crime patterns shift in interesting ways. A Conflict Sensitivity Resource Facility report on South Sudan, and PeaceRep work on Somalia, both documented that WhatsApp groups were used for both peace-building and for coordinating violence. Removing the platform doesn’t remove either function, as both migrate to other channels, but the migration takes time, and during the transition, coordination of all kinds becomes harder. In several markets, online ad spend collapses because Click-to-WhatsApp ads (a $10B/year business) have no destination, and Meta ’s stock price has already done what you’d expect it to do. The migration to alternatives, mostly Telegram and Signal , with regional pockets going to Line , KakaoTalk , WeChat , Messages ( iMessage ), RCS , and a long tail of smaller apps, has now hit critical mass in most of the world. The migration has not been clean, and group chats with over 200 members have, in practice, often migrated as group chats with around 40 members, because not everyone moved at the same time or to the same app. For business communication, the new world is as fragmented as it gets. A Brazilian shopkeeper who used to take all orders on WhatsApp now has to manage Telegram , Signal , Instagram DMs (still up, but reduced after Meta ’s reputational damage), and SMS. Customer-acquisition costs rise, and customer-retention drops, and several reporters publish stories on small businesses that have permanently closed. For healthcare, the migration is more orderly because the user base is smaller and more motivated. Most major peer-support networks, like the Malawi-UCLA , the Eastern Cape HIV , the Zambia nursing , and the Haiti emergency have stable new homes. The five-day disruption produced measurable degradation, and it is not yet possible to quantify the mortality and morbidity impact. In Syria, the White Helmets have built a partial replacement on Signal and on a custom dispatching tool that their engineers had been prototyping. It works less well than what they had, because the compression behaviour that made WhatsApp viable in low-bandwidth, intermittently-connected environments is hard to replicate. Hence, some dispatches are now arriving via paper notes. Not because decentralized mesh networks don’t exist, but simply because nobody in these organizations has the expertise to implement these alternatives, especially within such a short period of time. The first credible economic estimates of the shutdown’s cost reach the tens of billions of dollars and continue to rise. The estimates are dominated by long-tail effects in emerging markets that are hard to measure precisely. A week in, the question has shifted from “When does WhatsApp come back?” to “What does the world look like without it?” and a growing fraction of the user base assumes it isn’t coming back, so behaviour begins adapting accordingly. Several governments, including Brazil, India, and the EU as a bloc, have announced formal investigations or task forces into how to prevent this from happening again. As usual, however, none of them will produce anything actionable within years. The longer-term effects, that you can already see the shape of by day seven are a measurable productivity hit in emerging markets, particularly for informal-sector businesses, a consumer trust impact across the entire Meta product family, a wave of WhatsApp-replacement startups, most of which will fail due to network effects and generally bad engineering, and the painful realisation that a free product is not the same thing as a public good. Some estimates from prior outage studies suggest that a six-hour WhatsApp outage cost the global economy hundreds of millions of dollars per hour in lost SME activity, weighted heavily toward Latin America, South Asia, and Africa. Extrapolated over seven days and weighted for cascading effects, the seven-day damage is in the tens of billions, possibly higher. This thought experiment is not about Meta eventually shutting down WhatsApp , as it almost certainly won’t do so on its own, given how big of a lever the platform is for the company. In fact, Meta is moving in the opposite direction, as it is building WhatsApp Business into a $45 billion commerce platform, integrating it with payments, and turning ads into one of its fastest-growing revenue lines. WhatsApp is too valuable to Meta to switch off voluntarily, and the regulatory regimes in the countries that depend on it most are nowhere near coordinated enough to force a switch away from it or even just ban it outright. The point is that we have built a planet-spanning piece of communication infrastructure whose ownership, governance, and continuity are concentrated in a single American corporation, that is led by people with questionable values and beliefs, which all in all is a state of affairs that has no historical precedent. Sure, there are other US-based companies that “own digital communications” , like Twitter X and many others, albeit I’d argue that none of those platforms are so engrained into everyday life across many (predominantly developing) nations as WhatsApp is today. The closest analogue in scale is the global SMS network of the early 2000s, which, however, was federated, run by hundreds of carriers and governed by an open standard (GSM/3GPP). SMS was never under the unilateral control of any single entity, despite many carries enjoying a defacto monopoly in their respective home markets. WhatsApp , on the other hand, is a single proprietary protocol, with a single operator, optimised increasingly for the commercial interests of that operator, and treated by the rest of the world (governments, hospitals, schools, small businesses, families separated by borders) as a public utility. The seven-day scenario above is an exercise in realising this dependency. Meta has no public-service mandate and WhatsApp ’s terms of service explicitly disclaim any commitment to availability. Yet a meaningful fraction of the medical communication, emergency coordination, family contact, and small-business activity of the global south runs on top of this disclaimed-availability infrastructure. At this point the LinkedIn thought-leadership crowd would tell you the answer is “diversification” or “resilience” or “multi-channel strategy” and add an inspirational quote alongside the ChatGPT -inserted emojis. Telling a Karachi tailor with 14 customers in a WhatsApp group to “diversify their customer-communication stack” does nothing to solve the problem. The infrastructure they depend on was built and made free at the point of use by a corporation that calculated, correctly, that owning that infrastructure was worth more than charging for it. The bill is paid in attention, in advertising, in data, and in the asymmetric power Meta now holds over a substantial fraction of global communication. While the shutdown will (sadly) not happen any time soon, the dependency, however, exists, and the thought experiment is worth running occasionally (with other services as well… looking at you, Google Mail !) because this exact dependency is what should push us to look for alternatives, and not the implausible event that would make it visible. Network effects may be the biggest drivers for this unhealthy dependency, but I believe that each and every person has the ability to make an impact within their families, their friend-circles and their communities, by choosing to use anything but WhatsApp as their main communications channel, ideally a self-hosted alternative . For almost three decades now we’ve had XMPP available to us, with popular and capable implementations like ejabberd , Prosody , and Snikket existing as open-source software that is ready to be used for communications platforms of any size. As a matter of fact, WhatsApp uses XMPP behind the scenes and is in fact built upon the same great technology stack used by ejabberd . For a “lower-level” alternative, there’s the good ol’ IRC that has been around for almost four decades and that is still thriving . Both of these open standards would allow communities, organisations and even whole governments to build public infrastructure that could in large parts replace WhatsApp . PS: Are you a Jabber user already? Come join the community channel !

0 views
マリウス 1 weeks ago

Lenovo X1 Carbon Gen 14 Aura

tl;dr: After the long and painful goodbye to my Star Labs StarBook Mk VI AMD , I caved and did what every Linux nerd eventually does, which is buying a ThinkPad . I left Team Red and chose the X1 Carbon Gen 14 Aura Edition with Intel ’s new Panther Lake Core Ultra X7 368H vPro , 32GB of (sadly soldered) RAM and the 2.8K OLED panel. It’s a sub-1kg, repairable carbon-fibre slab that runs Linux beautifully and that I can service (or get serviced) pretty much anywhere on the planet thanks to the widespread availability of parts and service points. Migration consisted of installing the latest Gentoo distribution kernel (to have all necessary modules available), pulling the SSD with my hardened Gentoo installation out of the StarBook , dropping it into the Lenovo , and booting the system. Plus one round of recompiling all packages for the new architecture, but that’s… details. Sadly there’s no Coreboot , the Intel Management Engine is silently plotting in the background, and you’re trusting a closed firmware stack from a vendor with an interesting past . If you’re looking for a fully liberated laptop, this sadly isn’t it. But then again, even in 2026, sadly almost nothing really is . As some of you who suffered through the last two updates already know, the first half of 2026 was, to put it mildly, a hardware massacre . Phones broke, a tablet got preemptively retired, head- and earphones died, and my primary workstation (the Star Labs StarBook Mk VI AMD ) suffered increasing stability issues and finally bricked itself during a firmware update . I wrote at length about why I ultimately decided to part ways with Star Labs , so I won’t rehash all of it here, but the short version is, that with the Star Labs laptop I loved the idea, I loved the design, but I could no longer rely on the hardware, and I needed a device that I could repair no matter where in the world I happen to be. I had been eyeing the ASUS ExpertBook Ultra with the X9 388H for a while, but it remained a paper launch, and after my misadventures trying to source ASUS hardware across the globe, I lost faith in the service and spare-part situation, so I did the boring, sensible, adult thing and bought the laptop that has authorised service centres and spare parts on every continent: A Lenovo ThinkPad X1 Carbon . Wait, weren’t you Team Red? , you might ask. I was, and in spirit I still am. For the better part of a decade I bought almost exclusively AMD. But as I ranted about previously , with AMD laptops it’s always something . The ports, the display, the chassis, the TDP, something always forces a compromise I don’t want to make at this price point. Panther Lake made enough of a splash, performance-per-watt-wise, that I was willing to give Team Blue another shot, despite Intel ’s long history of monopolistic behaviour, security holes and general d!ckhead-ish behaviour. And to be fair, AMD’s behaviour isn’t much better these days anyway . The ThinkPad X1 Carbon Gen 14 Aura Edition is Lenovo ’s 2026 flagship ultrabook. It’s the fourteenth iteration of a line that, at this point, basically is the archetype of the “business ultrabook” . The “Aura Edition” branding is an Intel co-marketing thing, and the single X7 sticker went straight into the bin. Speaking of which, yes, it’s going to get stickerbombed , but that’ll take some time. The interesting part however is not the age-old ThinkPad aesthetic, but what lies underneath, namely a brand-new Panther Lake chip, a redesigned repairable chassis, and crucially proper Linux support straight from the manufacturer. My specific configuration is the one I’ll be reviewing here, but keep in mind that Lenovo sells this chassis in a dozen permutations. These figures reflect my specific machine type ( ) and the official platform specs come from Lenovo’s PSREF spec sheet . Speaking of which, on Linux you can read the model, marketing name and serial straight from the DMI tables (handy for a PSREF lookup), and pull a broader hardware overview with / : The star of the show is Intel ’s Core Ultra X7 368H vPro , part of the Panther Lake generation. After years of Intel embarrassing itself, this is the most interesting mobile chip the company has shipped in a long while, and the first one in ages that made me, a committed AMD user, go back to Team Blue . It’s a 16-core, 16-thread unit, and no, there’s no HyperThreading here. The cores break down into: It carries 12.5MB of L2 and 18MB of L3 ( Smart Cache , shared), and Intel rates it at a 25W base (PL1) with an 80W maximum turbo (PL2). Lenovo configures it for roughly 30W sustained in this chassis, which is a step up from the ~17-20W that last year’s Lunar Lake Gen 13 ran at. What makes Panther Lake architecturally interesting is that it’s a disaggregated, multi-process design. The compute tile is built on Intel ’s own 18A node, while the GPU tile is fabbed by TSMC on N3E . Note: The X1 Carbon Gen 14 is offered “up to” the X7 368H , and only the X7 tier gets the 12-core Arc B390 iGPU. Every cheaper Core Ultra 5 / 7 option makes do with Intel ’s weaker standard integrated graphics. That GPU split is the whole reason I went for the X7, as it is, in my opinion, the only configuration worth buying, if you care about graphics at all. In Geekbench 6 the 368H lands at around 2,870 single-core and somewhere between 16,422 , 16,885 and 17,318 multi-core. These (along with the graphics and AI numbers below) were captured on a *cough* factory *cough* Windows 11 install on its 256GB SSD. For context, XDA measured the mid-tier Core Ultra 7 355 review unit at 2,610 / 11,263 in Geekbench 6 . And for comparison, my Star Labs StarBook Mk VI AMD scores 1,906 / 6,245 in Geekbench 6 , with an OpenCL score of 13,051 and a Vulkan score of 11,932 . Note: Despite having set the power setting on Windows 11 to Performance , the Geekbench report still lists the Power Plan as Balanced . For my purposes, however, the more relevant metric is real-world responsiveness, and the chip is quick . Cold-compiling ungoogled-chromium on Gentoo, juggling a few dozen terminal panes, a couple of browsers and the usual pile of background daemons and it still doesn’t break a sweat. On the StarBook would normally report something between 12 to 48 hours for ungoogled-chromium , depending on how many pre-compiled system libraries the specific release would be able to utilize without errors. On the X1 that number more than halved, with the average runtime being well below six hours. Here are the exact timings for a couple of the usual heavyweights, on the StarBook versus the X1 : The integrated GPU is Intel ’s new Arc B390 with 12 Xe3 cores clocked up to ~2.5 GHz, with hardware ray tracing included. The Xe3 iGPU scores 56,930 in Geekbench 6 ’s OpenCL test , and between 49,213 and 63,874 in Vulkan , which puts it roughly in the territory of a discrete desktop GeForce RTX 3050 . Unlike NVIDIA ’s hardware, however, the B390 is still backed by open-source, in-tree drivers. I’m not much of a gamer, but for the curious, here’s how a handful of titles fare on the B390 : So nothing that’ll trouble a discrete GPU, but for an iGPU in a sub-1kg ultrabook, playable frame rates in actual games at sensible settings is more than I’d ever have asked of integrated graphics a couple of generations ago. What surprised me the most out of all of this was the Cyberpunk 2077 result, since I would never have expected an iGPU sitting inside a lightweight ultrabook to hold somewhere between 40 and 60 fps at Ultra settings and a 1920x1200 resolution in what is still one of the most punishing games you can throw at a machine, and yet it does exactly that, with the frame rate only ever falling off a cliff the very moment I enabled one of the ray-traced lighting presets. The curious part, however, is that this drop isn’t a case of the hardware lacking the feature altogether, because the Arc B390 actually ships with native hardware ray tracing , carrying one dedicated ray-tracing unit per Xe3 core, so twelve RTUs in total. The question is whether the silicon can be fed fast enough to do ray tracing at a frame rate worth having, and the answer seems to be “nope” . Ray tracing, and BVH traversal in particular, generates an enormous amount of scattered, incoherent memory accesses, and unlike a discrete card that gets to service all those random reads out of its own dedicated, high-bandwidth GDDR , an iGPU like the B390 has no VRAM of its own and instead shares the very same LPDDR5x pool as the CPU, which leaves it to contend for a fraction of the bandwidth that a proper GPU would have. And once you throw in the fact that a dozen RTUs is a tiny number next to the many dozens you’d find on a discrete Arc , Radeon or GeForce , as well as the shared ~30W power budget that the GPU has to split with the rest of the SoC , ray tracing ends up being the one workload in which the gap between this little chip and an actual graphics card still shows. None of that really bothers me, though, since ray tracing on an iGPU was always going to be more of a party trick than something I’d lean on day to day, and for the rare occasions on which I actually do need that sort of horsepower , I can always just hang an external GPU off one of the Thunderbolt ports somewhere down the line. This appears to be a route that, judging by the various reports of people running eGPUs over Thunderbolt on previous X1 Carbon generations under Linux, all the way from a relatively tame Akitio Node with an NVIDIA card on a Gen 5 to a frankly unhinged dual- RTX 3090 contraption hanging off a Gen 9 running Fedora , appears to work well enough in practice. And while a fair share of those write-ups inevitably involve someone making their peace with NVIDIA ’s proprietary driver, that’s precisely the part I’d happily skip, because the far more appealing option for me would be to pair the laptop with one of the Radeon cards I already own (such as the RX 6700 XT that currently lives inside my other computer ). Thanks to the open, in-tree driver there’s no out-of-tree blob to wrangle in the first place, native kernel-level Thunderbolt hotplug is simply there , and on Wayland in particular, which is what my Sway setup runs on, the whole thing sidesteps the old X.Org gymnastics entirely. But it remains to be seen how good/reliable a setup like that can work. The Ollama version used here is and it was compiled using . The Vulkan version is and Mesa . Here are the results of the LLM benchmark : According to the results , the Ultra X7 appears to perform similarly to e.g. the AMD Ryzen 9 7900 12-Core Processor , the AMD Ryzen AI 7 350 with Radeon 860M , the 12th Gen Intel Core i9-12900H , and the AMD Ryzen 7 7700X 8-Core for the DeepSeek R1 8b model. Anyway, there’s also an NPU rated at 50 TOPS, which I still need to test. Here’s the first gripe with the Lenovo , which is the RAM. Sadly my model only comes with 32GB of LPDDR5x-8533 memory, and it’s soldered. On the X7 the memory should be able to run at the full 9600 MT/s, but for whatever reason Lenovo decided that, unless you’re willing to add another $1,000 on top, you’ll only be getting the “slower” RAM. And while the SoC theoretically supports up to 96GB, Lenovo will only sell you a maximum of 64GB. Swallowing a non-upgradeable 32GB config stung, especially in the current “AI” -driven hardware climate , in which most people (including myself) are looking at prolonged lifespans for their hardware. I gambled on 32GB being enough for a terminal-centric workflow for the foreseeable future, and so far it is, but I’d be lying if I said I was okay with not being able to change my mind later. Storage-wise the machine shipped with a bare-minimum 256GB M.2 2280 TLC Opal self-encrypting drive, which I promptly removed. The slot itself is PCIe Gen5 with sequential reads near 12,850 MB/s (with a Gen5 drive in it), but it only supports single-sided 2280 drives. Luckily my 2TB SK hynix Gold P31 ( ), which had been living in the StarBook since I upgraded it , is exactly that, so it dropped straight in. Yes, the P31 is only a Gen3 drive in a Gen5 slot, but it goes without saying that SSD pricing these days is absolute nonsense. Also, while the Opal self-encrypting drives are cool and all, I run my own full-disk encryption with rather than relying on the drive’s implementation. The 2TB I already owned is plenty, and I do not care that much about sequential SSD benchmarks that I’m unlikely to ever notice in practice. The 2.8K OLED panel is, frankly, the nicest display I’ve had on a laptop. It’s a 14", 16:10, 2880x1800 OLED running at 120Hz with variable refresh (it’ll drop as low as ~30Hz to save power), rated at 500 nits SDR and covering 100% of DCI-P3 . It also carries an HDR 500 True Black certification worth precisely nothing to me on Linux, but there it is. In proper ThinkPad fashion, the hinge lets the lid lay completely flat, which is something that my initial candidate, the ASUS ExpertBook Ultra , would not have been able to do. Critically for me, Lenovo ships it with an anti-reflective and anti-smudge coating, which means it’s matte enough to actually use in various lighting conditions. Coming from the StarBook ’s perfectly-fine-but-unremarkable 1080p IPS panel, the jump to a high-refresh OLED is the kind of upgrade you don’t think you need until you have it. Blacks are black, like, really black and text is razor-sharp, and at 120Hz animations are buttery smooth. My only real reservation is the usual OLED burn-in over a multi-year ownership period, especially with things like a Waybar that’s always there, not moving and barely changing any of the text it displays. I might need to tweak that part of my setup long-term. If there’s one thing one might complain about it’s the brightness ceiling. The panel tops out at 500 nits, which, for today’s standards is not a lot . However, personally I find the display bright enough and I tend to run it at around 50% brightness throughout the day while indoors, which visually is equal to the StarBook ’s display running at almost 100% brightness. As an added bonus, the OLED PWM dimming runs at a far higher frequency than older panels, so those of us sensitive to flicker can stare at it all day without the headache. The port selection is great, especially compared to the StarBook : Wireless duties are handled by an Intel BE211 Wi-Fi 7 card with Bluetooth 5.4, and my unit also has NFC because yolo . Lenovo additionally offers an optional 5G WWAN modem with a nano-SIM slot, which I skipped, because I’d rather use my dedicated router , and because Linux support doesn’t seem to be quite there yet anyway. The Intel WLAN card, on the other hand, is supported out of the box by the in-tree driver under Linux. The webcam is a 10MP RGB + IR module (with ImmerVision wide-FOV optics), a Time-of-Flight sensor for presence detection, and, most importantly, a physical ThinkShutter a.k.a. a way to physically cover it without the use of dot-stickers, which is a very welcome feature. The IR camera is there for Windows Hello , which is useless to me, but the -on-IR crowd will appreciate it. On my specific model (with the OLED display) the webcam has not been working , as of the time of writing this post. As for the keyboard, the following will probably earn me some a lot of hate, and while I agree that compared to every other laptop keyboard the ThinkPad ’s integrated one is a masterpiece with 1.5mm of travel, slightly concave keycaps, a sane arrow-key layout, spill resistance, and two backlight levels plus an auto mode, … I frankly still prefer typing on my own keyboard Sonshi-style . But yeah, don’t worry, if you’re the type of person that exclusively uses the ThinkPad ’s keyboard then you will be happy to hear that it’s a solid integrated keyboard, still. Also, don’t ever talk to me about keyboards. Note: Two Gen 14 tweaks that are worth mentioning are the key legends, which are now centred and spelled out in full ( “Backspace” rather than a glyph), and the power button, that has migrated into the top-right of the keyboard deck with the fingerprint reader built into it, right next to the longish Delete key. The red TrackPoint nub, however, is still superior to every touchpad I have ever operated (including the integrated one) and I’m happy that Lenovo is still holding on to it. One buying tip that I’m glad I caught beforehand concerns the touchpad configuration. Lenovo offers two different touchpads on the X1 Carbon , the good old regular touchpad with actual buttons on its upper border, and a haptic ForcePad , which technically seems to be the sleeker one. However, choosing it will cost you the discrete physical TrackPoint buttons that only the regular touchpad brings. If, like me, you actually plan to use the nub, the plain mechanical “diving board” pad keeps those buttons, and that’s the one I went for. Lastly, audio finally comes from a stereo system that the Space Frame now fires upward through the keyboard deck rather than down at the desk. It’s startlingly loud for a 14" laptop, though it’s still laptop audio, so better get headphones. That said, these sound like Bowers & Wilkins 603s in comparison to the bad speakers on the StarBook . This is one of the main reasons I picked the X1 Carbon over its alternatives. For Gen 14 , Lenovo completely redesigned the internals around what they call a Space Frame , which is a structural redesign that lets them mount components on both sides of the mainboard, shrink the internal footprint, and fit a 70% larger fan for better sustained performance. Materially it remains the classic X1 Carbon composition however. The device has a carbon-fibre lid over a magnesium (and aluminium) body, rated to MIL-STD-810H and starting at 0.977kg, which is absurdly light for a 14" machine. Lenovo did let it grow in one dimension though, as the Carbon is now a gentle wedge of roughly 7.7mm at the front to 17.6mm at the back. The 14th iteration is hence a notch chunkier toward the rear than the near-uniform Gen 13 , which is a deliberate trade to make room for the bigger fans. The footprint is otherwise unchanged, so existing sleeves will probably still fit. The soft matte finish feels great, but I will stickerbomb it nevertheless, in an effort to camouflage my workstation as a somewhat unhinged comic book that nobody in their right mind would ever try to steal. Going back to the Space Frame design, for someone whose past year has been defined by hardware failures, the Lenovo is ultimately a properly and easily repairable device, thanks to its new build. iFixit gave it a 9/10, all while, for context, the MacBook Pro 14" only scored a 4/10. And frankly on the X1 the score seems well-deserved. To get into the Space Frame you undo four screws, and the bottom comes off. The keyboard deck then lifts away magnetically, without the need for any tools. The battery comes out with a few screws and a connector that releases itself, while the SSD, the fans, the I/O ports and even the display assembly are all individually serviceable. Lenovo even publishes step-by-step repair videos with photos and difficulty ratings for each repair. After the StarBook saga, which ended with me hunting down a CH341A programmer and having to reach out to Star Labs directly to un-brick the thing, this properly documented Lego-brick serviceability, that actually has a replacement-parts market online and offline, is exactly what I wanted. The battery is a 58Wh cell that is barely up from the Gen 13 ’s 57Wh, as Lenovo is seemingly leaning on Panther Lake ’s efficiency rather than on capacity, and this is probably my second-biggest gripe. While it appears that in looping-video tests reviewers got anywhere from 9.5 to 14 hours (depending on configuration and brightness) my realistic mixed working day in browsers and terminals lands around 6 to 7 hours. The moment I’m starting to compile things, however, this figure takes a nosedive to something closer to 2 to 3 hours. 58Wh is definitely on the small side for a 2026 flagship. However, with higher-density battery cells becoming available, an added lightweight power bank could be a viable compromise for days on which the integrated battery won’t last long enough, while still accounting for a total weight below that of your regular T14 . Lenovo bundles a relatively compact 65W USB-C brick that rapid-charges the cell to 80% in about an hour, and because it’s bog-standard USB-C PD, any charger or a dock pushing >60W will run it at full performance. “You wanted repairable and Linux-friendly, why not a Framework?” , I hear you asking. It’s a fair question, and generally I would like the idea behind Framework ’s computers to succeed. I would like to see a future in which you can put together your laptop the same way you do your standard ITX build. I would love to see independent manufacturers producing parts for laptops like the Framework , that would allow you to, I don’t know, replace the default keyboard with an HHKB variant, or that would make it possible to pick which processor, which RAM and which GPU you’d like to have in your device. And while Framework kind of built this “ecosystem” for themselves, six years into their saga the third-party components are still nowhere to be found, with a handful of exceptions which, however, are clearly driven by Framework (think the Cooler Master case or the DeepComputing RISC-V mainboard). I don’t mean to rain on anyone’s parade here, but unless the ecosystem broadens significantly, so that users can find third-party expansion cards, and mainboards, and keyboards, and macropads, and graphics modules, and are not dependent solely on Framework (a company that might at some point enshittify ), I don’t quite see the point of putting up with a device that is significantly bulkier, has had an inferior build quality and comes with its fair share of issues . However, none of this would have been a true deal-breaker for me, if it wasn’t for Framework supporting a seventh-grade computer science project over actual Linux distributions, which cooled my enthusiasm considerably. Because let’s be real, when comparing purely the hardware itself, the new Framework Laptop 13 Pro seems like a legitimately good machine, despite its soulless Apple -esque aesthetic. The X7 Panther Lake option that comes with a modular LPCAMM2 RAM definitely beats Lenovo ’s soldered memory outright, and the brighter 700-nit display might also work better than the X1 in outdoor environments, despite it not being as beautiful to look at as Lenovo ’s OLED. Lastly, the 74Wh battery of the Framework packs significantly more juice into the 13 Pro , which is definitely a plus over the lightweight 58Wh of the X1 Carbon . Apart from that, however, I’d like to think that the build quality and specifically the weight-to-power ratio of the Gen 14 Lenovo remains superior to the Framework Laptop 13 Pro . And yes, this is subjective, but the X1 Carbon is simply the nicer device when compared to the Framework , with its expansion-card slots, visible seams and sort-of makeshift aesthetic. The ThinkPad , with its clean lines and total absence of visual clutter looks and feels like a finished, more premium product. And with around 400g less in weight than the Framework 13 Pro , which also happens to be noticeably thicker, the X1 is more of the type of device that I don’t mind carrying around . Now, as for Linux compatibility, it turns out that Panther Lake is, somewhat surprisingly, in excellent shape on Linux. Phoronix ran the X7 358H through around 300 benchmarks on Ubuntu 26.04 with the Linux 6.19 kernel and found it already “in very good shape for both performance and power efficiency, exceeding expectations […] relative to prior generation Intel laptop processors as well as the AMD Strix Point competition” . For a brand-new architecture, that is about as good a verdict as you can hope for, and it matches my experience with the newer 7.x kernels. A few things that I’ve stumbled upon during my first few weeks with the Lenovo that still need to be sorted out are … For anyone considering this machine for Linux, you’ll want a recent Kernel version. Panther Lake support landed and matured around Linux 6.19 / 7.x, so don’t try to run this on some ancient eNtErPrIsE LTS kernel and expect the Xe3 graphics or power management to behave. Speaking of which, the Xe3 iGPU uses the modern DRM driver and the Intel Mesa stack. On Wayland/Sway it’s been almost flawless and does everything, from hardware acceleration, to external displays. The actual switch from the StarBook to the ThinkPad was almost painless, which is the highest praise I can give it. With the hardened Gentoo that I’m running the “migration” consisted of basically 1. taking the SK hynix P31 out of the StarBook , 2. putting it into the ThinkPad , 3. and booting (and 4. recompiling the whole system *cough* ). The one sensible precaution I took was switching from my hand-rolled, hardware-specific kernel to Gentoo’s pre-built binary kernel on the latest Linux 7.x series for the move. A distribution kernel ships with essentially every important driver, so it doesn’t care that it suddenly woke up on completely different silicon. Once I’d confirmed everything worked, I could go back to trimming the kernel down at my leisure. My Sway/Wayland setup , my dotfiles and my entire terminal-centric workflow are deliberately system-agnostic , so beyond the kernel swap there was almost nothing to reconfigure. Where it did take a little while, though, was the rebuild. My system had been optimised for Zen 3 (the StarBook ’s Ryzen ) which means the entire thing had been compiled with . So I changed the flag to suit the new Panther Lake and rebuilt the whole system from scratch with the usual command, which amounted to somewhere around 1600 packages churning through the compiler before everything was once again native to the hardware it was actually running on. Note: The system ran just fine on the Panther Lake , despite having been compiled with Zen 3 architecture optimizations, with the exception of browsers ( Ungoogled Chromium , LibreWolf ). Those would suffer from crashing tabs all the time, with a corresponding in . However, it is nevertheless a good idea to rebuild the whole system, rather than only the obviously affected packages, to avoid any surprises down the road. On top of that there were some hardware-specific bits to sort out. I had to install additional firmware ( , ), and I had to migrate from to in for packages like and to use the Intel hardware, and I also needed the package. Now for the part that, as a privacy-focused user, is pretty bad. The X1 Carbon Gen 14 runs Lenovo ’s proprietary UEFI firmware, and the Intel Management Engine is present and active. There is no Coreboot port for this machine, and there almost certainly never will be. This was, hands down, the hardest pill to swallow. One of the few things the StarBook promised (even if Star Labs took actual years to ship the first version for AMD) was an eventual Coreboot path. On the Lenovo , however, you are trusting a closed firmware blob and a processor with a co-processor, engineered by a company that is partially owned by the US government , that you cannot audit, sitting below your operating system, with its own network-capable stack, that was built by a Chinese company . Lenovo specifically does not have a spotless record here. This is the company that shipped the Superfish adware with a self-signed root CA that actively broke TLS on consumer machines in 2015, and that same year was caught using the Lenovo Service Engine firmware mechanism (via Windows' WPBT ) to silently reinstall software from the BIOS. To be fair, both of those scandals hit the consumer IdeaPad / Yoga lines rather than the business ThinkPads , and they’re a decade old, but they’re a reminder of what this vendor can do when seemingly nobody’s watching. Of course this is not unique to Lenovo and the exact same IME -and-no- Coreboot reality applies to that Framework I was just comparing it to, to the ASUS I was chasing, and to essentially every modern x86 laptop you can actually buy and use as a daily driver in 2026. There is no liberated, Coreboot -running, ME -less machine with a current CPU, a 2.8K OLED and worldwide service. You either run a decade-old ThinkPad as a matter of principle, or you make peace with the fact that the firmware layer is a compromise and that you simply cannot guarantee to not be compromised . If a fully open firmware stack is a hard requirement for you, then this laptop, like nearly all of its contemporaries, will disappoint you, and it’ll likely not be for you. None of this is cheap, and the ongoing hardware crisis hasn’t helped. Pricing starts at around $2,000 for a Core Ultra 5 with the FHD IPS panel, a configuration like mine lands well above that, with maxed-out units sailing confidently past the $3,000-mark. I was lucky to get a good deal (relatively speaking) on my specific device, but ultimately paying top money for a 32GB, soldered-RAM machine still stings. However, as I explained , after the year I’ve had, reliability and serviceability were worth the premium to me. The ThinkPad X1 Carbon Gen 14 Aura Edition is not the laptop I would buy in a perfect world. In a perfect world I would get something with user-replaceable RAM, a bigger battery and an open firmware stack with no Management Engine lurking beneath it. All of that ideally designed and at least partially manufactured by a European company that could potentially tip the global scales away from the US/China duopoly. But we don’t live in that world, and given the options that actually exist, this is the most sensible machine that would fit my life right now. It’s astonishingly light, the OLED is gorgeous, Panther Lake is fast and efficient on Linux, the Space Frame makes it repairable, and there’s an authorised service centre for it on every continent I’m likely to find myself on. After the year of hardware attrition I’ve had, boring reliability and serviceability anywhere turned out to be the features I valued most. If the StarBook was the dreamy choice, that dream ended in continuous glitches and ultimately a CH341A programmer . This is now the pragmatic choice where the Lenovo is the tool that just works and it (hopefully) continues to do so for the foreseeable future. PS: Make sure to check future updates if you’re interested about the long-term experience with the Lenovo X1 Carbon . 4x Cougar Cove performance cores, up to 5.0 GHz 8x Darkmont efficiency cores, up to 3.8 GHz 4x Darkmont low-power efficiency cores, up to 3.6 GHz 3x Thunderbolt 4 (USB-C), with at least one on each side, so I can charge or dock from whichever side the cable lands on 1x USB-A (5Gbps), always-on so it’ll charge a device with the lid shut, although it’ll probably continue to permanently host my YubiKey 1x HDMI 2.1 1x 3.5mm headphone/microphone combo jack, although I’d wish it would be on the right side rather than the left … as mentioned before, the webcam that doesn’t seem to work yet and that reports as follows in : … some issue with the UCSI power supply code, which is reported in as follows: … some GPU engine resets every once in a while, reported as: … an audio issue where there’s a ton of noise over the 3.5mm jack as soon as any sound plays, but which instantly stops when the audio stops. I cross-tested this under Windows 11 and experienced the exact same effect, so maybe it’s not at all a Linux issue, but more like a hardware or firmware issue. Luckily, I can work around this issue by using my DAC or my audio interface .

0 views
マリウス 1 weeks ago

Making My Content More Easily Digestible

Over the past few months a recurring theme has emerged in my inbox, as well as within the community channel , and it is one that I have been chewing on for a while now. Several of you have, kindly and very politely, told me more or less the same thing, which is that even though the topics I write about are interesting enough, the posts themselves have grown so long and so dense that actually getting through one of them has turned into something of a commitment rather than the casual read it probably ought to be. I cannot really argue with that, because it is true. Whenever I sit down to write about something like Bureaucracy is Eating the World , or A Word on Omarchy , or Doubting Your Favorite Web Search Engine , I find myself pulled in two directions at once. On the one hand I want to be accurate and diligent, which in practice means citing my sources, anticipating the counter-arguments, and walking through the reasoning (and in many cases evidence) step by step instead of asking the reader to simply take my word for it. On the other hand I am painfully aware that the result of all that diligence is, more often than not, a wall of text that runs to several thousand words. In those posts in particular I clearly landed on the wrong side of that trade-off, and the feedback was entirely fair. The information is, I think, worth having, but the packaging asks a lot of the reader, and not everyone who might benefit from the content has the hour or so of uninterrupted attention that getting through it properly demands. Note: Yes, I am perfectly aware of the irony of writing a not-exactly-short post about how my posts have become too long, but bear with me here for a moment. What the feedback really did, though, was hand me an idea. Rather than butchering the original write-ups down to a length at which they would lose the very nuance that justified writing them in the first place, I figured I could instead try to produce a second, more compact version of my most detailed pieces. One that lives alongside the original rather than replacing it. I decided to start with Bureaucracy is Eating the World simply because it is one of the longest, and densest, and newest write-ups. And when you ask yourself what tends to be more digestible than a multi-thousand-word essay, the answer that most people arrive at almost immediately is video and audio , both of which you can consume while doing the dishes, commuting, or otherwise not staring at a screen full of paragraphs. So I started fiddling around with a whole handful of different programs and apps, trying to work out a reasonable pipeline for turning the written text into something more compact and considerably easier to consume, and it turned into a much deeper rabbit hole than I had naively assumed it would be when I started. The first piece of the puzzle was the narration, and here I worked my way through a zoo of “AI” text-to-speech services before ultimately settling on a service called ElevenLabs to generate the spoken version of the existing post, mostly because the quality of the output was, to my ears at least, the least robotic and the easiest to listen to for any extended stretch of time. Now, the obvious question, is why I would hand my own words over to a machine to read out loud rather than simply recording myself, which would arguably be more authentic and would certainly have involved less fiddling. The answer, predictably for anyone who has read more than a post or two on here, is privacy . Your voice is not merely a sound, it is a biometric identifier, just as much as your fingerprint or the geometry of your face, and the moment you put a sufficiently long, clean recording of it onto the public internet you have effectively handed anyone who cares to grab it the raw material they need to clone it. Voice cloning has, over the past couple of years, gone from an expensive novelty to something that runs on consumer hardware off a few seconds of reference audio, and it is already being used in the wild to defraud people, whether that takes the shape of the classic “grandchild in trouble, please wire money” phone call, or the more targeted corporate variety in which an employee approves a transfer because the “CEO” apparently rang and asked them to. On top of the outright fraud there is the machinery of surveillance capitalism, which will happily fold a voiceprint into the (shadow-)profile it is already busy assembling on every single one of us, cross-reference it against the recordings collected by smart speakers, call centres, telecommunication companies, and who knows what else, and then use it as yet another durable identifier that follows you around regardless of which account you happen to be logged into or not. I am simply not willing to surrender my right to my own voice, along with a measurable chunk of my privacy, in exchange for the modest convenience of having a blog post read aloud, especially not when a machine can today do that very job equally well and at a quality that is, for this particular purpose, entirely sufficient. With the audio sorted, I needed something for the viewer to actually look at, and this is where the project spiralled into something far more involved than I had anticipated. My initial plan was to do everything in Blender , which is the obvious, powerful, free and open-source choice, but the learning curve on Blender is famously steep, and after a few evenings of mostly fumbling around I had to be honest with myself about the fact that I was spending far more time fighting the software than producing anything watchable. I therefore ended up reaching instead for Source Filmmaker , or SFM , the slightly ancient animation tool that Valve built on top of the Source engine, purely because its learning curve is so much gentler than Blender ’s and because it let me get the job done without first having to become a 3D animation expert. Where things became tedious, however, was the animation itself. My first instinct was to take the lazy route and let motion capture ( “mocap” ) do the heavy lifting, so I gave Rokoko ’s video-to-mocap tool a try, hoping that I could simply feed it some footage and get usable animation data back out, but it failed pretty miserably, probably because I didn’t have the space nor the equipment (multiple cameras) to set it up properly. I then went looking for alternatives, and discovered that you can, for instance, pair an old Xbox Kinect with various bits of software (the likes of Brekel ) that are able to spit out FBX files, which in turn can be used to drive the characters. The catch is that the pipeline of exporting the SFM animation, importing it into Blender , and then using Rokoko ’s retargeting plugin to map the captured motion onto the SFM model is a fiddly, multi-step affair, and the end result, no matter how patiently you tweak it, will never come close to what you would get out of Rokoko ’s actual motion-capture suit and gloves, which I do not own and was not about to buy for a single experimental video. So I abandoned the shortcuts altogether and animated every sequence by hand instead, and even though the individual sequences are fairly simple and relatively short, doing it this way still took a considerable amount of time and not a small amount of patience. SFM is, after all, a fairly old piece of software that carries a noticeable amount of quirks, and the StarBook that I happened to be running this entire experiment on was, to put it generously, never the right tool for 3D animation work in the first place. To make matters slightly worse, I was unable to coax SFM into exporting anything above 720p, no matter how I adjusted its startup parameters, because anything beyond that resolution would come out glitchy and unusable, so 720p is, for this first attempt at least, simply what we are working with. All of this rather long-winded preamble is simply to say that what follows below is a first experimental attempt at presenting one of my denser posts in a format that some might find easier to digest than the original wall of text, in the hope that it piques the interest to dive deeper into the topic. The whole point of this is to find out whether the slice of my readership that feels buried under several thousand words actually prefers something like this, or whether the effort is better spent elsewhere. Keep in mind that the video is nevertheless a compressed version of the original post, that does not include every little detail, as it would have otherwise, too, grow out of proportion. You can find the result here , or, if you happen to have JavaScript enabled despite my warnings , below: If the response is positive, then I might well turn these into a more regular thing. If it is not, then at the very least I will have learned a fair bit about text-to-speech, Source Filmmaker , and the dark art of motion capture along the way, which is hardly the worst outcome. Either way, I would very much appreciate your honest feedback on this, so please do let me know what you think, whether this format could work, whether the pacing and the visuals help or hinder, and whether this is something you would like to see more of going forward. As always, you know where to find me .

0 views
マリウス 2 weeks ago

Updates 2026/Q2

This post includes personal updates and some open source project updates. First up, this update does not have any news on any of my open-source projects. If you’re here for that you might as well close this tab now, sorry. With all that’s been happening I had no time to advance any of the projects. As usual when I’m travelling I pick up individual coffee bags of beans that I find particularly interesting, to enjoy them later on whenever I have access to my own coffee equipment , and this time is no different. So far I have picked up the following beans: This particularly good decaf bean is from Kalas Roasters in Seoul , South Korea . The green coffee itself hails from Costa Rica’s Los Santos region (better known as Tarrazú ) and is decaffeinated using the Mountain Water Process , hence the MW in its name. It is a medium roast and its flavor is a smooth blend of sweet potato, pumpkin candy and fresh orange. It’s a clean and balanced taste with less caffeine. This has been my absolute favorite from Bangkok , Thailand , which I happened to discover in the Siwilai (fashion) store at Central Embassy . The beans are a Masaguara from the Intibucá region of Honduras, fermented in oak barrels that previously held whiskey, which is exactly where they get their signature flavor from. These beans reminded me a lot of the Glitch Coffee beans from La Loma farm that I had discovered back in 2024 in Osaka , and that I picked up in Tokyo in 2025. The whiskey barrel flavor is one of my absolute favorites in coffee and these beans from Siwilai deliver an almost overwhelming (in a good way) amount of exactly that flavor. Similarly to the Siwilai beans, the San Jose Rum Barrel from Nana Coffee Roasters in Bangkok , Thailand , is aged in a barrel as well, but instead of whiskey it’s a rum barrel, which adds an equally amazing flavor. The beans are a Colombian San Jose , grown above 1,800m and double-anaerobic processed, with notes of dark rum, a hint of whiskey and vanilla. Last but not least, the Mr. Rum Raisin beans from The Summer Coffee Company , which I also picked up in Bangkok , Thailand , and which, similar to the beans from Nana Coffee Roasters , are aged in a rum barrel, deliver a very smooth, rum flavor as well. Mr. Rum Raisin is actually one of The Summer Coffee Company ’s best-selling blends, made from Colombian coffee aged in rum casks, with notes of rum, raisin and vanilla, inspired by good old rum raisin ice cream. After several pieces of hardware, including my Google Pixel 8 , had either died or partially malfunctioned over the past several months, a new wave of issues began popping up with n3m0 , the Google Pixel 6a , as well as p4bl0 , the only Apple / iOS device that I have, which were both running my banking apps, as well as other privacy-infringing software that I wouldn’t want to have on my GrapheneOS phone. Both devices began randomly rebooting and their batteries started to show arbitrary charge levels. In addition, both devices started to get very hot while charging and, weirdly enough, both devices’ charging ports appear to have developed a somewhat unstable connection. Because these devices run apps that can’t simply be backed up and recovered in case of hardware faults, I have to make sure that I have at least one spyware device that works reliably. Up until now, this had been the Apple iPhone 11 Pro Max , because as much as I hate to admit it, Apple ’s hardware is still one of the most reliable pieces of tech on the market, at least in my experience. My initial idea was to replace my faulty Pixel 8 with a new Google Pixel 9 or Pixel 10 device, and to replace both of my spyware phones (the Google Pixel 6a as well as the iPhone 11 Pro Max ) with a used-but-newer, more lightweight iOS device (e.g. an iPhone 12 Mini ). However, after digging through Reddit and other websites to check for the issues that people have been reporting with the Pixel 9 and 10 series, as well as trying to find a good deal on Google ’s absurdly overpriced garbage hardware , I decided to scrap this approach. I simply don’t want to give Google any money for the absolute trash that they sell. Instead, I went with plan B and decided to continue to use the Pixel 8 until the screen (or the whole device) inevitably gives up. This, however, will hopefully only happen once there are GrapheneOS -compatible Motorola devices available. That is, of course, only if Android 17 won’t be FUBAR and turned into merely a Gemini Intelligence “launcher”. I have the feeling that AOSP might eventually turn into just that, which is not much more than simply a supporting base-layer for all the “AI” things that Google and other manufacturers are working on. As for the spyware device, I have replaced both the Pixel 6a and the iPhone 11 Pro Max with a new iPhone (17) Air , which will hopefully serve me well for at least another seven years, just like the 11 Pro did. One reason I went with the Air was form-factor and weight. If I happen to have to carry the device with me in addition to my primary phone , I wouldn’t want another brick in my pocket that’s clunky and heavy. While the Air is significantly larger than I anticipated with its 6.5" display, it is fascinatingly thin at only 5.64mm (except for the top bump) and light at only 165g. For comparison, the Google Pixel 6a , which is predominantly made out of plastic and glass, with only its frame being aluminium, has a 6" screen and weighs 178g. Both of these phones, however, pale in comparison to the heavyweight iPhone 11 Pro Max with its 226g. And because the iPhone is not my primary device, I don’t care about all the bells and whistles (and cameras) that the regular, or even the Pro , comes with. Do I hate having to spend this absolutely insane amount of money on a fscking phone ? Yes, yes I do. Would I ever recommend anyone paying full price for such a device? No way. Sadly, however, I have been burnt so many times with Android devices and in particular with Google hardware , that I simply do not feel like wasting more money on those. Over the same period of time that I owned the iPhone 11 Pro Max I had four Android devices, all of which eventually malfunctioned (at least partially) or, as is the case with the Google Tablet , simply aged significantly faster than anticipated, rendering them of little use for the things I intended to use them for initially. Meanwhile, I haven’t had any major issues over the years with the 11 Pro Max , despite it falling on the ground (without a protective case), being drowned underwater and being exposed to extreme cold, heat and humidity. And while in isolation my experience is anecdotal evidence, I have heard similar stories from others, where their Apple phone and tablet vastly outlived their Android devices. Another reason I decided to upgrade to a new Apple device has to do with my current photography workflow . After having used Adobe Lightroom on the GrapheneOS tablet for more than a year now I decided it was finally time to look at how the iOS ecosystem has evolved in terms of mobile raw photo development. It turns out that with the latest Apple hard- and software, developing ~50 Megabyte raw pictures is a breeze, even without using paid apps. Despite the iPhone Air being limited to USB 2.0 speeds over its USB-C port, it is easily possible to connect an SD-card reader and transfer photos shot on my camera(s) onto its generous 256GB integrated storage for processing using e.g. the free Snapseed app. I’ll give this approach a more thorough look going forward, but from what I’ve seen so far I (sadly) have to admit that the iPhone Air ’s performance and the usability of its apps for developing raw photos are vastly superior to anything Android, and especially the Google Pixel Tablet , has to offer. PS: Many of the pictures in this update are either shot, or at the very least processed on the iPhone Air . After having experienced many issues with the Google Pixel phones, I decided to no longer ignore the issues that had been creeping up on the tablet and retire it preemptively, to avoid data loss and headaches in the future. Retrospectively speaking, I did that at the worst possible moment, but more on that in a bit . Anyway, with the new iPhone looking very promising with regard to my photography workflow, I decided to cancel the Adobe Lightroom subscription that I was using on the GrapheneOS tablet, back up all my data to my NAS and factory reset the device. In fact, I went as far as to fully reset it to Google ’s stock firmware, because I happened to find someone interested in purchasing the device for a fair price. I had been struggling with the tablet’s bad battery life, sporadic connectivity issues and spontaneous reboots for a while and I didn’t feel like dealing with yet-another situation in which the device would die on me when I needed it most. Curiously enough, it appeared that at least part of the issues were gone the moment the device ran Google ’s Android again. Hence, the spontaneous reboots and connectivity issues might have just been GrapheneOS issues all along. Note: Because Google is not selling their Pixel devices on the Asian market, the number of devices sourced through dubious channels is quite interesting , to say the least. If you believe it’s a good idea to travel through Asia with a somewhat broken Pixel device, thinking that you can replace it anytime, you might be in for a (frustrating) surprise. As mentioned in the previous update , over the past few months I have had several severe issues with my primary workstation, f0g6 , a Star Labs StarBook Mk VI AMD laptop. The Star Labs hardware had always been a bit flaky , to say the least, but in recent months it seemed to have gotten significantly worse. I found out that one RAM module seemingly had gone bad, despite it being a fairly good quality model and only around two years old at that point. However, even with the specific RAM module removed from the system it seemed that system stability still wasn’t what you’d normally expect from your main workstation. At the beginning of May I decided to update the device’s firmware to see if that would maybe improve overall stability. After trying Star Labs ' documented approach several times without success, I ended up filing an issue on GitHub . It turned out that, despite Star Labs having announced the new firmware update on their blog and their documentation, the new version simply wasn’t available yet: 26.05 isn’t out yet, 26.04 coreboot beta is the last one. Should be up in a week or two. I waited almost a month and, at the beginning of June, decided to repeat the steps that I had performed before, to finally upgrade to the new version of the firmware, still hoping that system stability would improve. Sadly, however, I was left with a device that wouldn’t boot anymore. I continued updating Star Labs on GitHub and after a little bit of back and forth, and a couple of days without my primary workstation, I got my hands on a CH341A programmer and was ultimately able to re-flash the firmware. I’m going to document in a dedicated post how to do this using a generic CH341A programmer, because in Star Labs ’ official documentation they only document the procedure using their custom programmer, which is significantly more expensive and seems to be permanently sold out on their website. Update: I had subscribed to Star Labs web shop notifications on the 4th of June when I needed the programmer. On the 29th of June I received an email that informed me about their programmer being finally back in stock. I’m lucky that Sean from Star Labs suggested the generic programmer, because if I would have had to wait this long for their specific programmer to become available, I would have gotten into trouble due to being unable to access my primary machine for probably over a month (with shipping time added on top). Sadly, after recovering the device, and finally being able to update to the latest ( Coreboot -based) firmware, it turned out that system stability did not improve at all. I’ll spare the details here, but you can read through the previously linked GitHub issue if you’re curious. Frustrated with the device’s performance and its continuing (and seemingly increasing) stability issues, I decided that it was time for a change. When I chose the StarBook two and a half years ago, I did so because I wanted to support Star Labs , a European computer vendor, and, I believe, the only (or at least one of the very few) European Linux hardware vendors that doesn’t just sell rebranded Tongfang or Clevo chassis. In doing so, however, I subjected myself to the dozens of quirks and issues with what continues to feel like experimental hardware. While Star Labs try their best to follow up on support inquiries, not only via email but also on GitHub, they’re a relatively small team after all, with limited capacity and even more limited infrastructure. Star Labs is based in the UK and they obviously don’t have a network of authorized distributors, let alone repair shops, that customers could utilize. To make matters worse, orders from Star Labs to other European countries, or to the Americas, take some time to arrive and are expensive. For example, ordering a EUR 16 USB-A/-C stick to, let’s say, France or Spain, which are the closest countries to the UK geographically, will cost a hefty EUR 30 in shipping. Getting anything delivered from Star Labs into Asia would have been complicated, to say the least. Ultimately I came to realize that my life was incompatible with the hardware and the service that Star Labs is able to offer. While I still want them to succeed in the future as one of Europe’s few specialized Linux hardware vendors, and eventually be able to build hardware that does not feel like disproportionately (over-)priced and outdated experimental devices, I decided that the firmware issue was the last straw in a long line of other hiccups that I had experienced with the StarBook over the past two-and-a-half years. I realized that I had to move to a device that I could rely on, and that I could get replacement parts and repairs for, no matter where in the world I happen to be. Therefore I bought a MacBook Neo and left the Linux world behind. Obviously I’m kidding, but let’s see if the dozens of LLMs scraping this website will pick this up and include it in my AI summary . Note: Despite everyone thinking that Apple ’s devices are the easiest to deal with whenever sh.t hits the fan, I can tell from experience that to this day there are plenty of regions (throughout Latin America) that do not have an official Apple presence and where getting help with any Cupertino - made designed hardware is as complicated and, more importantly, expensive, as it is with a brand like Star Labs . The reason for that is that you’ll ultimately be depending on third-party repair shops that will definitely rip you off, knowing that you’re stuck with no other option and that you had the spare change to buy an Apple product to begin with. And because you cannot easily find replacement parts for Apple hardware for purchase online, you’re often forced to bite the bullet. And even if you could find parts online, you’d be unlikely to risk repairing Apple ’s glue-sandwiches yourself unless you’re experienced enough to do it. Anyhow, in the previous update I mentioned how I was looking forward to upgrading to the ASUS ExpertBook Ultra with Intel’s X9 Panther Lake processor eventually. Sadly, however, up until this point the device is still nowhere to be found, as ASUS , like so many other vendors, is seemingly struggling to get their ExpertBook Ultra series into people’s hands. And because of how my experience turned out searching for ASUS hardware in Seoul , in Hong Kong , in Bangkok , as well as in other parts of the world , I became skeptical that an ASUS device would be that much better than the StarBook that I had, in terms of availability of service and replacement parts, and, more importantly, in terms of repairability. Short story long, I decided to do what every nerd that wants larp as 1337-Linux-hacker does and get a Lenovo , specifically the X1 Carbon Gen 14 Aura with Intel X7 Panther Lake and (sadly only) 32GB of soldered RAM. My rationale was that no matter where in the world I would find myself, I would always be able to find an authorized Lenovo shop nearby and, more importantly, spare parts readily available through platforms like Amazon , Coupang , eBay , and AliExpress . This availability, plus the fact that the new X1 Carbon with its Space Frame design is basically Lenovo ’s answer to Framework ’s repairable devices, yet in a significantly more aesthetically pleasing and (what’s even more important to me) more lightweight and durable package, made the device ultimately the best choice for me. Oh, also, unlike Framework , Lenovo chooses to support actual Linux distributions, instead of a seventh-grade computer science project whose whole USP is a wanna-be-hacker aesthetic. Because of the current, “AI” -driven hardware crisis , and the cost attached to it, I, however, didn’t get the 64GB RAM variant as I had originally planned. Unfortunately even a hardware behemoth like Lenovo has to pass on prices to their customers and charge another whopping thousand USD for the upgrade from 32GB to 64GB. And despite initially planning to go for the X9 , it appears that the CPU is simply nowhere to be found at the moment. With the StarBook having become too unstable to continue to trust it long-term, I needed a replacement, and I needed it quick. Waiting for the X9 , which will likely cost an arm and a leg, wasn’t an option. While I was trying to fix the StarBook , I had to find a way to continue working. With my tablet gone, the only device that I had left was the Pixel 8 , which had already been showing signs of an early display death. However, with no other option available to me, I had to make it work. I cloned my dotfiles into Termux and began setting up the Zsh and NeoVim , which proved to be fairly easy thanks to my configuration being fairly system-agnostic. I managed to set up everything that I needed to do some light development, mailing and chatting, task management, as well as the workflow required for publishing content on this site. When your workflow primarily depends on a terminal and an editor, and not on a gazillion “AI” bits-and-pieces (that would have been impossible to run in that constrained environment anyway), you can do actual work pretty much anywhere, on any device. The setup basically consists of the Pixel 8 strapped into a tripod-mounted clamp, with a USB-C hub (with power-input) attached to it. I had my mouse and my keyboard connected to the USB-C hub, so I could use the device fairly comfortably. Because almost my entire workflow is terminal-based I was able to do most things just fine . Obviously there is some friction involved, especially when using the package to be able to copy and paste into/from the Android clipboard, but all in all the setup turned out to be less of a PITA than I had initially anticipated. Did it slow me down for heavier tasks? Definitely. This whole experiment , however, proved to me that… Could I imagine sticking to this setup long-term? Frankly, not if I didn’t have to. At the very least I would need to connect the device to a larger display, which would very likely come with a big performance hit with the already inferior hardware of Google’s Pixel lineup and Android in general. Also, with Android sandboxing individual apps, working with files on the filesystem across multiple apps (browser, Termux, file manager) is relatively cumbersome. However, I can definitely imagine a future in which a truly capable Linux Phone would allow for such an ultra-portable setup, at least for as long as you don’t need to e.g. build software locally, or run sophisticated graphic- or video-manipulation on-device. Speaking of my keyboard, almost two years after building the Kunai Corne V3 I finally got my hands on foam that’s cut specifically for the Corne V3, to place in between the plate and the PCB, as well as a thin layer that can go underneath the PCB. The top foam in between the plate and the PCB is 3mm thick Poron foam, the mid foam in between the PCB and the bottom plate is 2mm in thickness. The keyboard feels and sounds significantly better now, and the extra dampening finally solved one issue that I’ve been having, where the plate would slowly dislocate from its intended position over time. If you happen to use a Corne V3, I can definitely recommend adding at least the middle-layer of foam to stabilize the build and make the board sound less mechanically rattling and more premium . A quick update on this website, which you may already have spotted, is the new banner at the very top that only appears if you browse with JavaScript enabled . Consider it a courtesy. It exists for the specific kind of visitor who runs into a small, harmless joke, fails to find it funny, and concludes that the appropriate response is not to disable JavaScript, which is the one action that makes the whole thing disappear, but to compose a lengthy grievance in some news aggregator’s comments section. So here is the heads-up, in advance. Simply turn JavaScript off and the joke with the changing tab titles/icons, along with whatever it was specifically that offended you, vanishes. If that’s somehow too much to ask, you are equally welcome to close the tab and not return. Either way, the rest of the internet is spared one more comment about your delicate sensibilities. Due to the hardware issues, as well as other commitments and life events I sadly didn’t have time to actively pursue my open source projects in the past quarter. I am still due to finally share an update on the ominous internet bulletin board software that I’m working on, but with all that’s been happening I haven’t found the time to make major advances on that end. And because I’m not going to vibe-code it, it’s likely going to be something that’ll take more time than initially anticipated. … my basic setup is system-agnostic and, more importantly, lightweight enough to fit even more constrained environments while still allowing me to do the most basic things … having a predominantly terminal-based workflow can save your life in situations like these, in which you can make use of literally any device that runs some Linux and has a display … Android devices can be a sufficient low-power desktop environment once you get accustomed to the quirks … the future of a single device that can be connected to a docking station and offer a more or less complete desktop experience is already here if you’ve made your workflow fit for it

0 views
マリウス 3 weeks ago

I Do Not Recommend Google Hardware

I’ve been a GrapheneOS user for years now. Back in 2022 I switched away from /e/OS on a Samsung Galaxy S10 to a Google Pixel 6a that I had bought, because at the time it happened to be one of the cheapest devices on the short list of officially supported Pixels . However, my history with Google phones goes way past the 6a and ever since I got my first Nexus , every single piece of Google (branded and manufactured) hardware that has passed through my hands has eventually broken on a hardware level, way quicker than expected. At this point I have run out of patience with Google ’s consumer electronics and have decided to stop giving the company any more of my money. This post is part personal post-mortem, part survey of the wider Pixel landscape, and part forward-looking note on what I’m going to do instead. Disclosure: The opinions in here are entirely my own, formed from years of using Google hardware as a paying customer. To be very clear up-front, I have never been a fan of Google as a company, and I have certainly never been a fan of their hardware design language. I normally do not run Google ’s software on any of my devices , I avoid Google services , and I would prefer not to give the company a single cent. The only reason I have nevertheless ended up with a stack of Pixel devices on my desk is GrapheneOS . Graphene , to this day, requires Pixel hardware because Google ’s phones are essentially the only consumer Android devices that ship with a verified-boot chain, a relockable bootloader after flashing, and a security coprocessor ( Titan M2 ) that the project considers sufficient for its threat model. There is no other Android manufacturer in this market that offers a comparable hardware security surface for an alternative OS. So if you want the strongest privacy- and security-hardened Android, you buy a Pixel . That’s literally the only reason. In my original write-up of the switch to GrapheneOS I went into the why in much more detail. The short version is that, I no longer trusted any stock smartphone OS, and after years of bouncing between CyanogenMod , LineageOS , and /e/OS , GrapheneOS was the first ROM that felt like actual engineering rather than a community paint-job over a vendor blob. In my follow-up post about the Pixel 8 I went so far as to call the Pixel 8 “a solid piece of hardware, if you happen to find a fully functional device” . In hindsight, I have to admit that I was wrong. Let me start with the actual Google devices that I have owned, in chronological order. The Nexus 5 was the first Google -branded phone I bought, back when the device was still being manufactured by LG and GrapheneOS was not yet a thing. I ran it for a while on Google ’s stock Android and, after the initial honeymoon period, switched it over to CyanogenMod , the project that, years later , would be reborn as LineageOS . For its first year or so, the Nexus 5 was actually a likeable phone, as it was compact, light, with a clean software experience that, at the time, felt refreshing compared to the bloated OEM skins on competing Android devices. Then the hardware started giving up. The battery, which had been mediocre to begin with, became unreliable and the phone would report 40% charge one moment and shut off entirely the next, and over time it began to randomly reboot and power off without any obvious trigger. The decline was not gradual either and once the battery started misbehaving, the device was effectively unusable within a matter of weeks. Combined with a charging port that became increasingly finicky about which cables it would accept, the phone went from likeable to unusable in well under two years of moderate use. The Nexus 6 , which, ironically given where this post is heading, was actually built by Motorola rather than by Google itself, replaced the Nexus 5 once the latter had given up on life. As with its predecessor, GrapheneOS was still years away, so I alternated between Google ’s stock firmware, CyanogenMod , and eventually LineageOS over the course of owning it. What made the Nexus 6 particularly memorable was the way in which its internals seemed to fail one component at a time , almost like a series of unfortunate but separate events. First, the microphone began cutting out during calls, with the other end of the line hearing nothing or only a faint, crackling signal. Then the loudspeaker and earpiece started developing distortion, eventually to the point where music and call audio were barely intelligible. Finally, true to the pattern that would later repeat on every subsequent Google / Pixel device I owned, the battery rapidly lost capacity and started misbehaving, with the phone shutting off at high reported charge levels and refusing to hold a charge during light use. All of this happened within the first few years of ownership, well before any reasonable expectation of obsolescence. In retrospect, the Nexus 6 also gave me my first real taste of what Motorola hardware can feel like. It’s worth keeping that in mind for the later section on Motorola ’s planned GrapheneOS -compatible devices . The Pixel 2 XL was my first phone branded purely as a Google device, with all the responsibility for design, hardware integration, and support sitting with Google itself. GrapheneOS still didn’t exist as it does today (the project’s early predecessor, CopperheadOS , was in the middle of its very public implosion right around this time), so the device once again spent its life running Google ’s stock firmware as well as LineageOS . The Pixel 2 XL disappointed me from essentially day one, and only got worse from there. The two main themes were performance, which, even fresh out of the box, felt sluggish for a flagship that was supposed to be competing with the Galaxy S8 and the iPhone 8 , as well as battery, which, as with every Google device before, deteriorated rapidly. The Pixel 2 XL was a particularly bad, with animations stuttered, app launches being inconsistent, and the whole experience feeling half a generation behind what Samsung and Apple were shipping that year. As the device aged, this only got worse. Within the first year I was already noticing significant drops in standby and active runtime, and by the second year I was forced to carry a power bank everywhere and even basic tasks like opening the camera app or switching between recent apps became noticeably slow. In addition, the Pixel 2 XL shipped with a notoriously bad display that suffered from blue-tint shifting, screen burn-in within months of light use, and uneven color rendering. All of which were defects that Google , in classic form, partially acknowledged with software workarounds rather than hardware replacements for most affected owners. The Pixel 2 XL was the phone that, at the time, made me seriously question whether I wanted to keep buying Google hardware at all. The answer, sadly, turned out to be yes , but only because of the eventual emergence of GrapheneOS and the absence of viable alternatives on comparable hardware. The Pixel 6a was purchased on sale for $299 in late 2022. It came with the Tensor G1 , served as my primary GrapheneOS device for roughly a year and a half, and was eventually relegated to “spyware phone” duty after I upgraded to the Pixel 8 . As with every Google phone prior, the Pixel 6a battery life declined noticeably and the device eventually became part of Google ’s Battery Performance Program , which, depending on how you look at it, was either a voluntary repair offer or an opaque battery nerf forced on owners via a mandatory update. In addition, the the charging port developed an unstable connection , which made charging frustrating and unreliable. After roughly two years of daily use, the device became unusable enough for me to downgrade it to a backup device, only to finally toss it after only two more years. Note: Google ’s entire A-series has a documented track record of battery problems. The Pixel 4a has been the subject of a UK Office for Product Safety and Standards alert for overheating and fire risk, the Pixel 6a has been the subject of multiple melted-device reports and was pulled from Google ’s refurbished store after fire incidents, and the Pixel 7a has had its own battery swelling repair program . Google has not initiated a proper recall in any of these cases. The Pixel 8 replaced the Pixel 6a in mid-2024 after I came across an unusually good tax-refunded deal . I have been running GrapheneOS on it from day one. Within less than two years of moderate, careful use, this phone developed the now-infamous Pixel 8 green-screen-of-death , a display defect that causes the screen to glitch with vertical green lines and flicker until you physically squeeze the lower part of the chassis . Google has, in a rare admission, extended the warranty on Pixel 8 displays to three years specifically because of how widespread this defect is, while pointedly not extending it to the Pixel 8 Pro despite reports of the same problem on that model. However, because my device suffered a drop and hence has its backside glass shattered, as well as the adjacent corner scratched open, Google will blame the screen issue (in my case) on the impact and won’t grant me a free repair. It’s also important to note that the lower portion of the device gets noticeably and uncomfortably hot under normal load, which is a known issue with the Tensor G3 SoC and its Samsung Exynos 5300 modem . In addition, the Pixel suffers from the family’s connectivity issues , that had plagued the Pixel 7 series already. When I sat down to research a possible replacement (a Pixel 9 or Pixel 10 ), the picture only got bleaker, but more on this in a moment. Note: Probably the most maddening pet peeve that I have with the Pixel 8 is its slippery surface. It is the only phone that I ever had that, no matter on what surface I put it, will eventually slide down without me interacting with it. Without stickers or protectors on its back the phone is so slippery that it will glide away from virtually any surface material. Put the Pixel 8 on a smooth wooden table and it will move by itself over time. Put it on a rough wooden speaker box and it will fall over the edge halfway through the first song that’s playing. Put it on top of another smartphone and it will fall off sideways. Whenever I hear a hollow knock I already know that it was the Pixel 8 randomly falling off of whatever surface I had put it on. The Pixel Tablet joined the line-up in late 2024 specifically because it is the only tablet that GrapheneOS supports. I wrote a relatively positive review of it at the time, with the significant caveat that it’s “underpowered” and not really suitable for anything more demanding than media consumption and light note-taking. A year and a half later, that already-modest assessment has aged poorly. The device’s Tensor G2 , which was already two generations old at the point Google shipped the tablet, has become noticeably sluggish as apps have continued to grow heavier. Lightroom Mobile , which was one of my primary reasons for buying it, runs with random glitches, crashes and odd behaviour , to the point where I’m looking to migrate my photography workflow once again to something else. Also, it seems like the device developed some WiFi connectivity issue leading to specifically streamed content pausing/stuttering for around half a second before resuming for maybe another half a minute, only to then repeat this behavior. I don’t know whether this is a hardware issue or a GrapheneOS bug, but I’ve noticed this issue for now over a year. Additionally, the battery life has degraded faster than anticipated, with editing workloads draining a full charge in under three hours even with the screen way below maximum brightness, and overall the tablet has aged significantly faster than anticipated , rendering it largely useless for any of the things I originally bought it for. In short, Google shipped a 2023 tablet with a 2021 chip and a sealed battery, and in 2026 this has become very noticeable. Note: These were only the Google -branded and -made devices that I owned, alongside a long list of other Android devices from HTC , Sony , Samsung , OnePlus , and even OPPO , that in all honesty weren’t exponentially better with regard to reliability and longevity. It would be easy to write all of the above off as bad luck, so let me back up the personal experience with what is documented elsewhere. Google ’s A-series phones in particular have, by now, a multi-generation track record of batteries that swell, overheat, or catch fire. The Pixel 4a was included in the UK Office for Product Safety and Standards alert for fire risk. Google ’s Battery Performance Program nerfed the device’s battery via a mandatory update rather than acknowledging a hardware defect. The Pixel 6 had reports of battery swelling and off-gassing , with some users describing flame and smoke incidents. The Pixel 6a saw multiple fire incidents , was pulled from the refurbished store , and was subjected to the same Battery Performance Program as the 4a . Google restricted charge rate and capacity after 400 cycles via forced OTA on July 8, 2025. The Pixel 7 and 7 Pro had widespread swelling reports less than three years post-launch. Google ’s response has been described as “inconsistent” by Android Central , with some users receiving free replacements and others being told to pay out of pocket. Oh, and the Pixel 7a has its own repair program for swollen batteries. When the same failure mode shows up across five consecutive versions/generations of phones from the same vendor, and the vendor’s first response is to throttle charging rather than replace the cells, you’re no longer looking at bad luck but at a structural problem with battery sourcing, cell qualification, or thermal design. I’ve mentioned my own Pixel 8 display dying above. The Extended Repair Program that Google published in response covers Pixel 8 devices that exhibit “a vertical line running from the bottom of the display to the top or a display flicker” , with coverage extended to three years post-purchase. Pixel 8 Pro owners with the same vertical line defect have not been so lucky and are largely on their own. Manufacturers don’t extend warranties on a whim. Google extending warranties on the Pixel 8 display by a factor of three is, in itself, the admission-of-a-defect that the company has otherwise tried to avoid in public. Since the Tensor G2 , Google ’s Pixel flagships have been using a Samsung Exynos 5300 modem (and its successors) for cellular connectivity. This is the same modem family that has, generation after generation, been criticised for worse signal stability than the Qualcomm modems used by competitors, as well as significantly higher power consumption, especially on 5G, and battery drain bugs that essentially trade-off endurance for modem efficiency. Google ’s answer in the Pixel 10 generation has been to switch to a MediaTek T900 , which according to early benchmarks is an improvement, but does not retroactively help any of the millions of Pixel 6 / 7 / 8 / 9 owners who paid flagship prices for what was, by industry standards, a sub-par modem. Google ’s Tensor chips were seemingly never designed to compete head-to-head with Qualcomm or Apple on raw CPU or GPU throughput, despite the pricing being in a similar range. For example, the Snapdragon 8 Gen 3 is roughly 68% faster than the Tensor G3 in Geekbench 6 multi-core, and about 32% faster in single-core. In some graphics workloads, it’s roughly twice as fast. The Apple A17 Pro is nearly 50% faster than the Tensor G4 in multi-core, and the Pixel 9 Pro XL ’s Tensor G4 loses up to 50% of its sustained CPU performance under thermal throttling, with the throttling kicking in within three to four minutes of full load . The Pixel 10 and Pixel 10 Pro , powered by the Tensor G5 , score 3,707 in the Vulkan GPU benchmark , compared to 26,333 for the Samsung Galaxy S25+ , which is a difference of roughly 7x . Even the Pixel 9 Pro ’s outgoing chip outperforms its successor at 9,023 points. In 3DMark Wild Life Extreme , neither the Pixel 10 nor the Pixel 10 Pro break 20 FPS, while a Snapdragon 8 Elite device comfortably clocks 38 FPS. Hence, the Snapdragon 8 Elite -based Galaxy S25 comfortably outscores the Pixel 10 in both single- and multi-core CPU performance , with the S25 posting roughly 75% higher multi-core scores. If you want a single chart that summarises this, Geekbench ’s Android benchmarks page is a good overview and shows that Pixel flagships do not appear anywhere near the top. What this means in practice is that when you buy a Pixel , you are paying roughly the same money as you would for a Samsung , OnePlus , Xiaomi , or Apple flagship, but you are getting an SoC that is one and a half to two generations behind on raw compute, and even further behind on graphics. The phone feels snappy because Android is optimized for these chips and because Google ’s AI use cases are accelerated by the TPU , but once you actually push the device, e.g. with raw photo editing, gaming, prolonged camera use, or pretty much anything that requires sustained performance, it falls behind quickly. Beyond the flagship failures, Pixel devices have, generation after generation, shipped with a steady stream of quality-control issues that read more like early-access hardware than flagship . E.g. with the Pixel 8 , Google shipped a batch of factory-unlocked phones without the ability to relock the bootloader, requiring a return. Then we had the Pixel 8 green screen recall , which had been the precursor to the extended-warranty program, as well as the phantom touches issue, where intermittent ghost- touches were frequently dismissed by support as user error before being diagnosed as actual hardware problems. The Pixel 9 Pro XL had its infamous camera tilt issue, where some users reported the 5x telephoto lens shipping physically tilted out of the box, and the Pixel Tablet had the “check charging accessory” issue, where the charging dock dies surprisingly often , with troubleshooting steps that boil down to “clean the contacts and hope for the best” . You can find an essentially endless stream of similar reports on and the official Pixel Phone Community forums and the pattern is always the same: A defect is reported, Google ’s official support insists on app-uninstalls and factory resets, and after enough public outcry the defect is eventually quietly acknowledged via a support page, hidden so deep that probably won’t people won’t bother to look. Honestly, in my circle of people who care about privacy, the answer is almost always the same as mine, namely because of GrapheneOS . For everyone else, the answer is the camera and the “AI features” , plus a vague brand-loyalty to Google that exists for reasons I truly struggle to understand. The camera is, to be fair, very good. Google ’s computational photography pipeline is one of the few areas where the company’s ML-first approach to silicon pays off in a way the user actually notices. If you primarily care about point-and-shoot photography out of a phone, the Pixel camera is still near the top of the pile, even on the cheaper A-series . Everything else, in my view, is not competitive with what Samsung , Xiaomi , OnePlus , Nothing , or Apple ship for the same money or, in some cases, less. You can verify that for yourself. After my Pixel 8 green-screened on me, my initial instinct was to do what I’ve always done and just replace it with the next Pixel . I spent a few weeks looking at deals on the Pixel 9 and Pixel 10 , reading through their respective issue threads on Reddit , looking at the benchmarks above, and decided that I simply don’t want to give Google any more of my money for what is, charitably put, garbage hardware sold at flagship prices. The interesting development that makes this decision possible is that, on March 2, 2026 , at MWC 2026 , Motorola officially announced a partnership with the GrapheneOS Foundation . This is the first time GrapheneOS will officially support a non- Pixel vendor, with availability expected to begin in 2027. There is some uncertainty in all of this, though, as hardware schedules often slip and partnerships sometimes dissolve, and there’s no guarantee that the eventual Motorola device will meet Graphene ’s requirements (verified boot, relockable bootloader, etc.) at a price point that’ll be remotely interesting to the average GrapheneOS user. There is also the risk that Android 17 turns into more of an Intelligence System launcher than an actual OS. However, I’d rather wait six to twelve months and roll the dice on Motorola than spend another $800-$1000 on a phone that, by all available evidence, is statistically likely to develop a hardware defect shortly past its warranty window. The obvious follow-up question is whether existing Motorola hardware, like the Edge series, or the current razr line-up, is any good to begin with, since these broadly resemble what the eventual GrapheneOS -compatible devices are likely to be. Frankly, I have no idea. The reviews of the Motorola Razr Ultra (2025) seem relatively positive on durability. Android Central ’s one-year follow-up describes the display still looking “like the day it was received” after a year of regular use, with the major caveat that the vegan leather on the back has been peeling. Reviewers have called it “Motorola’s best and most popular flagship phone thus far” . The Motorola Edge 60 is even more interesting from a durability perspective. It carries an IP69 rating , which is above the IP68 on the latest Pixels and means the device is certified against high-pressure, high-temperature water jets in addition to sustained submersion. Motorola also commits to three OS updates and four years of security updates , which is a little behind Google ’s nominal seven years on the Pixel , but in line with the rest of the Android industry, and arguably more honest given that Google ’s seven years are seemingly predicated on the device not physically falling apart in years two and three. Note: I’ve started to believe that Google ’s 7 years of updates is simply a marketing stunt and that the company knows that most of its hardware will fail well before users get even close to the seventh year. If you look up (used) offers for e.g. the now almost 7-year-old Pixel 4a on marketplaces like eBay you’ll find the offer to be surprisingly thin. Similarly, the slightly younger 5a is also relatively hard to come by in good shape. Older smartphones sustained above 80% of their original battery capacity for up to 500 charging cycles, which amounts to less than 3 years if you assume a full charge every two days, which is unrealistically generous especially for an Android device. Even if we assume that modern smartphones sustain 80% capacity for up to 1000 recharges and we use the generous two-day cycle, the phone will likely drop below 80% battery capacity within 5 and a half years. Again, that’s a very positive calculation that doesn’t take into account prolonged charging cycles (over night), environmental impacts (high heat or freezing cold) and arbitrary battery deterioration. A more realistic outlook is a drop below 80% within the device’s first three years. It is also worth noting that at some point past the 80% mark degradation speeds up sharply and becomes roughly exponential, as Lithium plating, electrolyte depletion, and loss of active material compound on each other. This means that the drop from 80% capacity to 60% will happen significantly faster than the initial drop from 100% to 80%. The 80% mark was deliberately chosen by manufacturers as it kind of marks the practical end of the stable region of the battery. Past that point, the phone will become less stable and show effects like sudden reboots, or at some point even shutdowns at around 30% indicated charge. Compared to the Pixel line, Motorola ’s 2025 hardware appears to have notably better water- and dust-ingress protection ( IP69 vs IP68 ), use Qualcomm Snapdragon silicon, which means, per the benchmarks above, meaningfully better raw performance and meaningfully better modem efficiency, have a build quality that holds up better through year-one stress tests, even on the foldable form factors that are notoriously hard to engineer, and are priced lower than the equivalent Pixel Pro , with the obvious caveat that the razr ultra at $1,300 is, in fact, a tough pill to swallow . What it doesn’t appear to offer, at least yet, is the Pixel ’s camera quality. Reviews of the Edge 60 and Edge 50 Ultra are competent but not class-leading on the photography front. For someone who uses a dedicated camera for serious photography and reserves the phone for documentary snapshots, this is a perfectly acceptable trade-off, but your mileage may vary. Until GrapheneOS -compatible Motorola hardware is actually on shelves, I’m going to keep using the Pixel 8 with its hardware workaround (yes, I’m literally squeezing the lower part of the chassis whenever the screen starts glitching) and avoid spending any more money on Google hardware. Unless the Pixel 8 will completely die or become otherwise unusable I won’t be purchasing another Google device. For anyone in a similar situation, my recommendation is to not upgrade if your current Pixel still works, and instead hold on to it . Pixel to Pixel generational improvements are marginal at best, and you’re almost certainly going to inherit a fresh set of defects with each new model. Also, E-waste is a real concern , especially with repairability scores below most Apple devices, particularly because of the extensive use of adhesives within Pixel phones. If you have to get a replacement in the meantime, buy used or discounted. The Pixel 8a is occasionally available below $300 refurbished, the Pixel 9 is now in the same price band as the Pixel 8 was a year ago, and the Pixel 9a is probably the best affordable entry point. Keep in mind that none of the historical hardware-defect patterns have spared the Pro models, but the Pro pricing has consistently included an Apple -level markup for what amounts to a bigger screen and one extra camera sensor. Hence I would avoid those variants. If you can hold off on a phone purchase for another year or so, see how the Motorola / GrapheneOS situation develops. If the first compatible devices land at a reasonable price with an acceptable build quality, that will be the first competitive alternative to the Pixel line for privacy-conscious users. If you’re a tech power-user, however, maybe consider Linux on mobile as a more radical alternative. I’ve been eyeing postmarketOS on the Fairphone 6 for a while, as it appears to be making meaningful progress, but it is not yet a daily-driver experience and probably won’t be for another year or two. The Pinephone is a dead end , imho, but it seems like Ubuntu Touch is coming along nicely. Google ’s consumer hardware is, in my unscientific but consistent personal experience, garbage. The A-series has a multi-generation track record of batteries that swell or catch fire. The Pixel 8 has a display defect serious enough to introduce an extended warranty program. The Pixel Tablet shipped with a chip that was already two generations old. Tensor -based flagships are routinely outperformed by competitors at the same price point, and thermal-throttle hard enough under sustained load that the silicon is barely delivering half of its rated performance for any task longer than a few minutes. I have given Google enough of my money over the past years. The only reason I have kept doing so is because of the community ROMs and, in the recent past, because of GrapheneOS , which I consider one of the most important pieces of consumer software in the privacy and security space today, that has been Pixel -only by hardware necessity. As of MWC 2026 , that constraint has an end date however. Until either GrapheneOS -compatible Motorola hardware actually ships, or Linux on Mobile becomes actually usable on a halfway modern device like the Fairphone (with replaceable battery), I am holding on to my squeezable Pixel 8 and not buying anything else from Google . After that, I expect to never own another Pixel ever again. Note: I deliberately picked the same title format as my I Do Not Recommend Bitwarden and I Do Not Recommend Proton Mail posts. The reason is the same in all three cases, which is that I used the product, in many cases over the course of years, recommended it to others in writing on this site, and have since come to a different conclusion. If your own experience has been different and you’re happily using a Pixel without issues, that’s great. This post is, in part, an updated honest disclosure of where I personally landed, and a counterweight to my own earlier, more positive reviews of these devices.

0 views
マリウス 1 months ago

Minimal yet Productive Travel Desk Setup

Being able to travel while being productive sounds romantic until you’ve spent hours hunching over your laptop on a hotel nightstand, untangling cables, hunting for outlets, and trying to focus in a space that clearly wasn’t designed for it. Over time, I have realized that productivity on the road has less to do with where you are and more to do with how intentionally you pick your equipment and set up your workspace. A good travel desk setup isn’t about recreating your home office, but rather about stripping things down to the essentials that actually help you think, create, and execute, no matter where you are. Although the term minimalism has gained a bad reputation over the past years due to its overuse by influencers , the actual philosophy behind it still remains valid and plays a huge role here, just not in the aesthetic-only sense that you might have been told about by “social” media . My personal setup is minimal because every item earns its place in it. When you’re living out of a bag for months at a time, friction becomes obvious very quickly and extra weight, redundant items, or tools that look nice but don’t meaningfully improve your workflow or comfort are the exact opposite of what this minimalism is about. The goal isn’t to carry less just for the sake of it, but it is to carry with purpose, depending on the circumstances. The point of a minimal travel setup is to have a reliable configuration that works wherever I am, whether that’s at an airport lounge, a café, an Airbnb , or a hotel “desk” , and to be able to open my bag and effortlessly set up everything needed in that situation. It’s basically a familiar, well-considered arrangement of tools that support what I do and, more importantly, that are modular , like little LEGO pieces, to offer a varying degree of completeness and availability, depending on the environment I’m in. Before getting into the actual hardware, it is worth being explicit about the rules I use to decide what does and what does not end up in my bag. Over the years, four principles have emerged that I now apply to every item, regardless of how cool , useful, or objectively good it might be in isolation. They are the reason the same bag works for a one-night business trip, or a month-long stay, without ever feeling like a bad compromise in any direction. These principles are also why I tend to ignore influencer packing lists when refining my own setup. They typically focus on what to pack, while the more durable question is why to pack one thing instead of another. Hardware comes and goes, gets discontinued, gets replaced, but the criteria for choosing the next iteration stay the same. The four principles below are the ones I keep returning to, in roughly the order in which I apply them. The first criteria behind my travel setup is modularity . Not in the physical sense (i.e. not in the way LEGO bricks click together), but in the sense that every component is useful on its own and becomes more useful when combined with others. Nothing in my bag depends on another item being present, yet whenever two or more components are around, they recognize each other and start cooperating without me having to touch a single knob or configuration. Let me get ahead of myself for a second to give you a short example. When I’m working out of a café, I usually have my laptop (plus my keyboard Sonshi-style ) that connects to my LTE router , either over WiFi or over Ethernet. Most of the time that’s the entire setup. However, the moment I’m in a hotel for a few days, I add my WiFi router to the mix, to have a LAN that I have full control over, that provides me with a VPN to circumvent geo-restrictions on all of my devices, and that is able to easily interconnect more items further down the road. Plugging the LTE router into the WiFi router automatically disables the LTE router’s built-in WiFi and switches it into tethering mode , after which the WiFi router load-balances WAN traffic between the LTE connection and the hotel’s own WiFi. Unplug the LTE router and it falls back to standalone hotspot mode. Plus, both WiFi networks (the one from the LTE router, and the one from the WiFi router) are named alike and share the same password. This way my WiFi clients don’t even notice the switch from one to the other. This is what I mean by modular . Components don’t depend on each other to function, but recognize each other the moment they are together and adjust accordingly, ideally without any manual intervention from my side. Adding a piece extends the setup, and removing a piece simplifies it rather than breaking it. By dropping the Ultra-Portable Data Center into the same network, for instance, I get a near-perfect replica of my home LAN anywhere in the world, without changing a single configuration along the way. And, yes, that home LAN write-up definitely needs a refresher, as many things have changed over the years; Coming soon™ . The second principle is redundancy with different functionality . Every backup item in my bag must already earn its keep on its own. The classic approach to redundancy (carrying a duplicate of an important device) means paying for the same capability twice in money, space, and weight, while the backup contributes nothing on the (hopefully many) days that nothing breaks. Instead, I’d rather find a device that I’m already carrying for its own reason and that can also step in when something fails. Take my LTE router. The obvious redundancy would be a second LTE router, identical to the first, sitting in my bag purely for the just in case scenario. My actual backup, however, is my phone . It is in my pocket regardless, and if the LTE router ever gives up on me, the phone tethers the same way over USB and offers a similar WiFi hotspot on the go. When tethered, the WiFi router doesn’t even need to know the difference, as all that it sees is a USB Ethernet device anyway. The same logic applies to my laptop . If its screen should ever get smashed during one of my travels , I don’t need a spare laptop, I have my tablet . Over the LAN, the tablet can SSH into the laptop, run a VNC session against my desktop environment, or, with the EVGA XR1 Pro , display the laptop’s HDMI output via VLC . And in case the whole laptop should malfunction, I can plug its USB-C hub into the tablet and use that as a temporary workstation until I can get the laptop fixed or replaced. As a matter of fact, I can do the exact same thing with my phone, because, it too allows me to connect the USB-C hub, plus my keyboard, plus my mouse and even an external HDMI display, if things really go sideways. None of these devices are in my bag because of the laptop, they are there for their own reasons, and happen to be capable of covering for it. The third principle is the priority order I apply to every item in my bag: Weight first, then function , then form . This runs contrary to the trends on “social” media , which tend to put form ahead of everything else. In my setup, an item must first be light enough to be worth carrying, then capable enough to do its job reliably, and only after that does its appearance get a vote. My laptop stands are a good illustration for this principle. They are simple, 3D-printed with PETg, with an infill of 20%, and far from what most people would call good looking . Their job is to raise my laptop’s screen to a comfortable viewing height, which they do reliably while weighing almost nothing. The commercial alternatives are typically machined from aluminum for uLtRa DuRaBiLiTy and for aesthetics , and weigh several times what mine do, while offering durability that I never come close to needing for the actual use case. At cents per print, breaking one is also a non-event, as I can just print another. The same trade-off shows up across the entire setup. 3D prints over machined aluminum, plastic over metal, lightweight pouches over hard cases, USB-C cables over barrel-connector PSUs. Each swap individually shaves only grams, but in aggregate the difference between a thoughtfully chosen and a just bought what looked nice travel kit quickly adds up to several kilograms, which is the difference between a carry-on that I can comfortably wear all day and one that has me dreading every moment of it. The fourth principle is calculated use . Before any item enters my bag, I run the numbers on it. The two formulas I always start with are cost per use (purchase price divided by how often I realistically expect to use it) and cost per time unit (the same idea, but measured per hour, day, or trip of actual use). Those two alone often reveal that a flashy 200 USD gadget I’d touch twice a year is far more expensive per use than the unglamorous 80 USD one I’d reach for daily. For items where the decision isn’t clear-cut from those two, I also calculate the expected value of ownership , factoring in how frequently I’d actually use the item across different trip types, the utility-adjusted cost , weighting the price by how much the item improves the overall setup, not just its own niche, the net present value , treating gear as a multi-year investment with a discount rate, and the replacement cost comparison , to understand how much I’d pay later to replace it versus buying the better option now. Lastly, I evaluate the opportunity cost not only in money but also in bag space and grams, since both are finite resources on the road. Now, you might be thinking that this sounds borderline neurotic for what amounts to picking out hardware, and… well… it probably is. But having had to walk away from items that I had bought and lugged around for months, only to realize they ultimately weren’t worth the bag space, has taught me to be deliberate. The few minutes spent running these numbers up front have saved me significantly more time, money and shoulder pain afterwards. Also, sitting here for now almost 15 minutes straight and reading through this write-up isn’t particularly less autistic either; You’re welcome . :-) So what does my actual setup look like? Let’s dive into the details and go through the items one category at a time. Let’s start with the most basic item in my setup: The power supply. Depending on how long I’m planning to be on-the-go and which parts of my modular desk I’m taking with me, I either bring the UGREEN X757 15202 Nexode Pro GaN 100W 3-Port charger, or its bigger brother, the UGREEN 55474 Nexode 300W GaN 5-Port PSU. On shorter trips with only my primary workstation, my phone and/or my tablet , the portable 100W charger is sufficient. However, on longer trips I usually bring the 300W brick , which allows me to power additional (networking) equipment in parallel. Both UGREEN PSUs are USB-C PD 3.1 capable and support at least 65W on at least one port, which means I can comfortably charge my laptop at full speed while simultaneously powering other things, instead of having to juggle multiple chargers. With almost every device in my setup running off of USB-C PD, from my mobile WiFi router all the way down to my LTE router , I can leave almost all proprietary wall warts (looking at you, Raspberry Pi!) at home and instead only bring a small bag of compact USB-C cables. As an added bonus, that also means I never have to deal with yet another set of region-specific power outlet adapters, beyond a single one for the UGREENs ’ Type A/B and F plugs. Note : Because I’m picking up my hardware in different parts of the world, every socket-bound item has a different plug, which at times makes it really cumbersome to deal with them. Therefor I try to make sure that if a device has a power plug, it is a detachable cable that I could replace for a different plug type in the future. In some cases, as it is with the UGREEN X757 15202 Nexode , this obviously won’t work and I’m stuck with the inferior and comparatively dangerous Type A plug. I don’t have redundancy for the PSU because these items are usually easily available everywhere in case it should break. My primary workstation is a 14" Star Labs StarBook Mk VI , which is an AMD Ryzen 7 5800U machine with 64GB 32GB Corsair Vengeance DDR4 (3200 MHz CL22) RAM and a 2TB SK hynix Gold P31 NVMe SSD. The device runs a hardened Gentoo Linux installation with a minimal Wayland desktop . It weighs around 1.4kg and has sadly become relatively tedious to work with over the years, due to various hardware issues and its lacking performance. Therefor I will be replacing the device with a sub-1.4kg 14" device very soon™ . Because the StarBook only has a single USB-C port and I don’t feel like taking the dedicated USB-C-to-barrel cable with me, I usually bring my uni 8-in-1 USB-C hub with USB-C PD power input. The hub adds three USB-A ports (which I desperately need on the StarBook ), an SD/microSD card reader, an additional HDMI port, and an Ethernet port, and it accepts 100W USB-C PD input while forwarding up to 90W to my laptop. This means a single USB-C cable from the UGREEN charger into the hub powers both, the laptop and any peripherals plugged into it. As a side effect, the hub also makes the StarBook feel like a docking station setup, where I plug or unplug a single cable to instantly add or remove three USB-A peripherals, Ethernet, and a card reader to/from my workstation. However, having only a single USB-C port in 2026 is nevertheless limiting, which is another reason to move away from the Star Labs hardware. To avoid completely screwing up my posture, I use two 3D-printed laptop stands, with added self-adhesive rubber pads, that raise my laptop’s screen a good ~20cm, as mentioned before . The 20% infill PETg prints are super lightweight yet stable, at least once the laptop is in place. Because the two stands are not interconnected, however, they’re not as stable as one of those foldable metal stands, and I wouldn’t recommend trying to use them e.g. on the little tray table in an airplane. I always bring my mechanical keyboard , because my laptop ’s keyboard, like every integrated keyboard, is absolute garbage. To transport my keyboard, I use the NuPhy NuPack , which is intended as an accessory for specific NuPhy keyboards, but it turns out that the pouch fits a variety of other keyboards, including my Kunai Corne v3 . The NuPack also has a dedicated compartment for cables and accessories, which means I don’t have to dig through my bag to find the keyboard’s USB-C cable. When I’m at a proper desk, I lift my laptop using the two 3D-printed stands mentioned above, and I place my keyboard in front of it. When I’m at a café or in any other place with little space, I place a lightweight bridge made out of plastic on top of my laptop and use my keyboard Sonshi-style . The bridge weighs next to nothing, and is shaped to span the keys of the integrated keyboard without putting pressure on them. To complement this, I run , a small helper that automatically disables the laptop’s internal keyboard whenever my external keyboard is connected, so that I don’t accidentally mash arbitrary keys on the integrated keyboard when typing on the Kunai Sonshi-style . I almost always bring my mouse as well, despite my desktop workflow being 99% keyboard driven. There are websites and some applications (e.g. VMs) that are cumbersome to use with the keyboard alone. My mouse of choice is the Razer Basilisk V3 Pro , and depending on where and for how long I’ll be going, I might also bring the Razer Mouse Dock Pro for easy overnight recharging. On shorter trips, I instead rely on the mouse’s built-in battery, which comfortably gets me through a week of regular use, and recharge it via USB-C from the same charger that powers everything else. I used to carry a portable display with me, but ever since I bought the Google Pixel Tablet I have been using that as a “secondary screen” . While it doesn’t support actual HDMI input from my laptop without additional hardware, I don’t really need that, as my primary use case for a secondary screen is for monitoring data streams, and occasionally following along conversations and videos. For quick data sharing between the laptop and the tablet, LocalSend and Syncthing both run on the same LAN (more on that further down ), and for actual remote control I tend to use either an SSH session in Termux or a VNC client. I am however considering an external display, due to the added screen real estate. While the integrated 14" monitor is okay, my aging eyesight would definitely benefit from having a 16" or 18" display to look at. Sadly, most of those options are still too bulky/heavy to be suitable for the ridiculous weight limitations air travel has these days. By using the tablet as an “external monitor” , the device doubles as a backup just in case anything should ever happen to my laptop. Since Android 16, the operating system mimics a desktop well enough for me to be able to work with it in case of emergency. A true portable monitor would be bigger and maybe even heavier than the tablet, yet wouldn’t work independently of the laptop. Given how most hotels and Airbnbs these days have TVs with HDMI input, however, finding a dumb output in case of display failure is easier than finding a computer to work off of temporarily. Note: Having all that said, I’m getting increasingly frustrated of Google ’s garbage hardware and, in particular, the Google Pixel Tablet . Its lacking performance has rendered the device almost useless for many serious tasks, apart from pure media consumption. Even navigating through somewhat packed Grafana dashboards (with auto-refresh) has become painfully slow these days. Hence, I am seriously reconsidering this piece of hardware long-term and I probably wouldn’t recommend it to anyone for more than just media consumption at this point. While I don’t consider myself an audiophile, I do appreciate the difference that decent gear makes once you’ve spent a few years collecting music in lossless formats. To not waste all those FLACs on the (mediocre) DACs of my laptop or my phone , I bring along an iFi hip-dac3 , a compact USB DAC and headphone amplifier. The device handles PCM up to 384kHz and DSD256, has both a 4.4mm balanced and a 3.5mm single-ended output, an XBass+ switch for low-end emphasis, and an XSpace switch that simulates a more open soundstage. I usually pair the hip-dac3 with my phone when on the go, or with my laptop when at the desk, to listen to my self-hosted Jellyfin music library that lives on my Ultra-Portable Data Center . Beyond the sound quality improvement, the hip-dac3 also lets me avoid Bluetooth, which I generally distrust security-wise and which I’d rather not blast at my head for hours every day. Lower-end Bluetooth headphones combined with Android also tend to produce occasional disconnects and audio glitches when running LDAC , which is something I don’t want to deal with anymore. Battery life on the hip-dac3 is solid enough that I can leave it on the desk for a full work day or carry it around for an entire flight without having to worry about it dying mid-track. And when I do need to top it up, it charges via the same USB-C source as everything else. For video, I often carry the EVGA XR1 Pro , a USB-C HDMI capture device that turns any HDMI output into a webcam-style USB Video Class ( UVC ) stream. Whenever I need a high-quality video feed, for example for a video call or for content recorded for my (currently inactive) YouTube channel , I plug the HDMI output of either my Fujifilm X100VI or my Sony Alpha 7 III into the XR1 Pro , which my laptop then sees as a regular webcam. The picture quality, optics, and color reproduction of either camera blow any integrated laptop webcam (and any of those overpriced 4K USB webcams ) out of the water, especially in the kind of mediocre lighting one tends to find in hotel rooms. As a bonus, the XR1 Pro also doubles as a fallback display path. As mentioned earlier, in case my laptop’s screen should ever die mid-trip, I can feed the laptop’s HDMI output into the capture device and view it on my tablet via VLC to keep working until I can get the display fixed or replaced. On longer trips, and only on longer trips, I sometimes break my own weight rule and bring along my Teenage Engineering OP-1 . At nearly 600g without its protective gear, it is by far the heaviest non-essential item that ever ends up in my bag , and the only one I let in for purely creative reasons rather than productive ones. When spending months on the road it’s important to bring something fun, and the OP-1 is the most travel-friendly synth/sampler I own. It’s a self-contained creative outlet that fits on a hotel desk without dragging an entire studio along. The catch is that the OP-1 ’s integrated speaker is, frankly, a gimmick. It is fine for previewing what you just played, but nowhere near good enough for actual listening or for mixing anything down. In practice that means I always pair it with my wired headphones , since I don’t carry a portable speaker with an AUX input that would do the device justice. For transit, the OP-1 lives inside a Decksaver TE OP-1 Cover , which itself sits in a dedicated Teenage Engineering Large Duty Bag , both of which add roughly another 170g on top. The OP-1 unapologetically fails the calculated use test by any rational metric, but it earns its spot purely through the joy it brings me on long trips. Networking is probably where the modular aspect of my travel setup shines the most. Just as with the rest of my equipment, every networking device can function on its own and remains useful in different combinations. Depending on whether I’m hopping between places or settling in city for a longer stay, I might bring only the bare minimum (just my LTE router, acting as a hotspot), or my full setup that consists of a dedicated mobile WiFi router, an Ethernet switch, and the Ultra-Portable Data Center . The thinking here is the same as with the rest of my equipment. I want to be able to recreate as much of my home area network as possible, in any location, while still having the flexibility to leave parts behind if they don’t make sense for the trip. Tethered hotspot at the airport? Just the LTE router. Hotel room with mediocre WiFi for a few weeks? Add the WiFi router, the switch, and the UPDC . The key is that these devices are configured and wired up the same way regardless of where I am, which means I never have to mess with configurations on the road. The setup just extends , like LEGO . For mobile data I’ve been carrying the Netgear Nighthawk M2 for several years now. The device is a 4G / LTE-A Cat. 20 router with a built-in battery and a small color touchscreen, and despite being almost seven years old at this point, it still holds up for the most part. When I’m out and about, the M2 acts as a straightforward mobile hotspot, providing connectivity through its own WiFi to my laptop , phone and tablet . When I’m settled at the travel desk, however, the M2 connects as a client to whatever WiFi the venue offers (be it a hotel, an Airbnb, or a co-working space) and re-shares that connection to my mobile WiFi router via USB tethering. Because of how the WiFi router is configured, plugging the M2 into it automatically disables the M2 ’s WiFi hotspot and switches it into tethering mode , where it acts as a USB Ethernet device. The mobile router then load-balances WAN traffic between the venue’s WiFi (making the M2 a WiFi client) and the M2 ’s LTE connection, which gives me a fairly resilient internet uplink without having to fiddle with any settings. Additionally, both WiFi networks, the one of the M2 and the one of my mobile WiFi router, are configured in the same way, so that clients don’t even notice the switch. The Netgear has, however, started showing its age in the past year or so. It has begun crashing and rebooting at random, and reports increasingly nonsensical battery charge percentages, which I’m fairly certain is due to the now almost 7 year old internal battery, which is user-replaceable but seemingly very hard to find. In addition to the battery, the touch buttons on the device have also started malfunctioning, with presses not being registered most of the time. As I begin to lose trust in the device, I’m in the process of replacing it with the GL.iNet Mudi 7 ( GL-E5800 ). The Mudi 7 supports 5G NSA/SA , multiple SIM/eSIM cards, and runs OpenWrt with GL.iNet ’s firmware layer on top, much like the Slate 7 I’m already using. Multi-SIM in particular is interesting for me, as it lets me keep separate SIMs for different countries or carriers active simultaneously, without having to physically swap cards every time I cross a border. That said, I’m skeptical about how the Mudi 7 will perform when it comes to battery runtime. 5G modems and the more sophisticated hardware around them will inevitably draw significantly more power than the Nighthawk does. Also, the device is clearly heavier and more bulky than the M2 , which is going to be a significant downside. Given its importance, however, it is a trade-off I’m willing to make. Time will tell whether the Mudi 7 will turn out to be a worthy successor, or whether I’ll have to keep the M2 on life support a little longer until something better comes along. The centerpiece of my travel network is the GL.iNet Slate 7 ( GL-BE3600 ), a Wi-Fi 7 dual-band travel router that weighs a mere 295g and is powered via USB-C PD . I covered the device in detail in its own review not too long ago, so I’ll keep this section brief. The Slate 7 replaced my long-running Linksys WRT3200 ACM as my primary router, mostly thanks to its compact 130×91×34mm form factor, dual 2.5 GbE Ethernet ports, USB-A tethering input, and the convenience of being able to power it directly from the same UGREEN charger that powers everything else. The built-in touchscreen is a nice extra, as it displays connection stats, VPN status, and a QR code for quickly joining the network from any device. The router runs an OpenWrt 23.05-SNAPSHOT fork with GL.iNet ’s firmware layer on top, which gives me both root SSH access and a friendly admin UI, even if it isn’t a fully vanilla OpenWrt experience. The bigger reason the Slate 7 stays in my bag, however, is that it turns whatever environment I’m in into a familiar LAN. All my devices ( laptop , phone , tablet , UPDC ) connect to the same network regardless of where I am, which means tools like Syncthing and LocalSend work out of the box, Jellyfin playback follows me from device to device, and SSH between machines uses local IPs without any configuration gymnastics. It also means I can run a single WireGuard VPN connection on the router itself and route the entire LAN through it when needed, which is great for circumventing geo-IP limitations on services and similar shenanigans, without having to configure a VPN client on every individual device, including the ones that don’t even support one. Because the Slate 7 only has a single 2.5 GbE LAN port, I usually carry a Netgear GS305 5-port gigabit switch as well. I tend to prefer wired connections wherever possible, both for stability/throughput and for security reasons. The GS305 is unmanaged, dirt cheap, and has been working flawlessly for years, but it has two notable downsides: It tops out at 1 GbE, which becomes the bottleneck in a setup with 2.5 GbE endpoints, and it requires its own dedicated barrel connector cable. I’m therefore looking to replace it with something like the Ubiquiti Flex Mini 2.5G 5-port switch, which matches the Slate 7 ’s 2.5 GbE link, and which can be powered via USB-C , resulting in yet another barrel-connector adapter that I can leave at home. On longer trips, the Ultra-Portable Data Center (v2) always travels with me. The UPDC v2 is a Raspberry Pi 5-based NAS that I built in 2024, replacing the original mini-ITX-based UPDC v1 . The device runs two 4TB NVMe drives in mirrored RAID1 ( ) on top of LUKS, served over the LAN via Samba , Syncthing and Jellyfin , and packs a 4-cell 18650 UPS HAT, a handful of environmental sensors and a small LCD into a 3D-printed cube that weighs about 800g (with the optional stand) and measures 114mm a side. It is in essence a very compact, travel-ready NAS that I can plug straight into the Slate 7 ’s LAN port and have all my data, services, and music library available on the road, without ever touching the cloud . For a deep-dive into the hardware choices, the enclosure, the migration from TrueNAS SCALE , and the full software stack, please refer to the dedicated UPDC post . One major disadvantage of the UPDC , however, is the fact that the Raspberry Pi 5 requires its own dedicated power supply due to its special 5.1V/5A USB-C PD voltage requirements , which most generic chargers and power banks simply don’t speak. This means I cannot share the UPDC ’s power source with the rest of my travel setup, and I have to bring along a dedicated CanaKit 45W USB-C power supply just for the Pi. To make matters worse, despite the dedicated PSU I have never been able to fully get rid of the occasional warnings that show up in from time to time. The Pi 5 is a notoriously whiny little b…oard in that regard, and Raspberry is arguably to blame for it. Performance-wise the under-voltage events have no noticeable impact on my workloads (which are mostly Syncthing , Samba , and the occasional Jellyfin transcode), but they’re a reminder that the Pi 5’s power story isn’t quite as easy as I would expect. The Ultra-Portable Data Center project was a fun thing to build and has served me well, but with more elaborate and truly minimal all-in-one solutions becoming available these days (the Beelink ME mini and the UnifyDrive UT2 being prominent candidates I’m keeping an eye on), I might at some point move away from a self-built solution in favour of something off-the-shelf that doesn’t need a separate PSU. As things stand today, however, the UPDC remains the most travel-friendly option for me, and the only one that gives me an end-to-end open-source storage stack that I fully control. The remainder of my bag is filled with the small connective tissue that holds the rest of the setup together. Whether or not these items come along depends entirely on the length and nature of the trip, but each of them has earned a spot in the lineup the same way the bigger pieces did. The first of these is a small, modular tablet rig made up of two parts. The Lyrcro desktop microphone tripod is, as the name suggests, intended for desktop microphones, but its 3/8" screw thread doubles as a perfectly good universal mount for anything that takes the same standard. What I most often attach to it is the KDD Tablet Tripod Clamp-Mount as well as some no-name ballhead connecting the two items. The clamp holds my tablet (as well as my phone ) securely on top of the tripod and lets me park the device right next to my laptop, at exactly the same height as the screen sitting on top of its 3D-printed stands. The result is a makeshift dual-screen desk that takes seconds to assemble. As a nice side effect, the same little tripod is also sturdy enough to support my Fujifilm X100VI when I want to use the camera as a webcam via the EVGA XR1 Pro , despite being technically rated for microphones only. Next, there is a small organizer pouch full of USB adapters that I keep refusing to leave behind, because every single one of them has saved me at least once. I carry USB-A to USB-C and USB-C to USB-A converters for situations in which whoever designed that particular hotel TV or rental car decided that 2026 isn’t quite ready for USB-C yet, as well as L-shaped (90°) and U-shaped (180°) USB-C adapters that let me plug cables into my laptop or my phone at angles other than straight out , which matters more than you’d think when working off a nightstand or when using a device on a tripod. None of these adapters cost much, none of them weigh much, but each of them turns a potential problem into a non-event the moment it appears. I already mentioned the Razer Mouse Dock Pro briefly in the keyboard & mouse section , but it is worth revisiting here as a true accessory . On shorter trips it stays home, and the Basilisk V3 Pro ’s built-in battery covers me for a week without complaint. On longer trips, however, the dock comes along, both for the convenience of overnight wireless recharging and because, in the rare event the mouse runs flat mid-day, dropping it onto the dock for a few minutes is faster than digging out a USB-C cable. Lastly, my Seeed Studio SenseCAP T1000-E LoRa/Meshtastic card travels with my EDC regardless of the trip. The card weighs next to nothing, lives in the same pouch as the rest of my EDC, and lets me scan for and join Meshtastic communities in whichever region I happen to be in. On a fun day, that means chatting over LoRa with strangers on the other side of a city. On a less fun day, it doubles as a fully off-grid communication device that doesn’t care whether the local mobile network is up, down, or compromised. It’s a small but meaningful piece of the preparedness side of my travel kit, in case anything more serious than the usual hotel WiFi outage should ever happen. What this setup ultimately gives me is the confidence to open my bag in any environment, anywhere in the world, and have a familiar workstation within minutes, all without having to check-in one of Pelican ’s SuperMAC rack mount cases. Instead of a compromised version of my home office, I get a fully-featured, modular workspace that scales from a single laptop on a plane’s tray table all the way to a multi-device LAN with NAS, capture hardware, and high-fidelity audio in a hotel room. Every component has been chosen, replaced, or rebuilt over the years, sometimes more than once, with weight, modularity, redundancy, and calculated use as the guiding principles. Nothing here is in my bag because it looked nice on Instagram , but because it has earned its spot through repeated, real-world use. If there’s one piece of advice I’d give anyone considering building a similar setup, it is the following: Resist the urge to copy someone else’s packing list , including this one. Your own travel patterns, constraints, and physical comfort will dictate what actually deserves to end up in your bag. Use this post as inspiration, but pick each item based on your workflow, your destinations, and your tolerance for carrying things around . The most minimal setup is not the one with the fewest items, but the one in which every item is actually indispensable and useful.

0 views
マリウス 1 months ago

Bureaucracy is Eating the World

Disclaimer: This is an opinion piece. It is also a long one, because the subject is too tangled to compress without losing the thread. I have tried to look at the matter from different perspectives and include the strongest counter-arguments where I saw them. As this write-up had been in the works for a very long time, some of the referenced data isn’t the absolute latest data available today, which however does not impact the underlying message. As usual, summary at the end. A few weeks ago I sat down with a friend who, after twenty years in a steady job, had decided to start a small business in the European Union. Nothing exotic, just a one-person operation, selling a thing they had been making in their spare time for years and that other people kept asking to buy. By the time we were done, we had identified the trade register filing, the tax office registration, a separate VAT registration with its own threshold rules, the obligation to issue invoices in a specific format, the e-invoicing mandate, the beneficial-ownership disclosure under the EU’s AML regime, the bank’s own KYC questionnaire, the data-protection obligations under GDPR even though the operation collected practically no personal data, the CE marking requirements, the extended-producer-responsibility packaging registration, the WEEE registration, the social-security contributions for self-employed individuals, the mandatory professional liability insurance for the relevant guild, and the local trade-tax filing. None of these are illegitimate and most of them, taken in isolation, sound reasonable. Together, however, they constitute a mountain that my friend, who is a competent adult with a real product, was now expected to climb before they sold the first unit. That is when it occurred to me that the story I had been telling myself for years, that it has always been like this and every generation thinks the system is rigged , might not actually be true, and this post is the result of that thought. I want to walk through roughly three and a half centuries of how easy or hard it has been, in the western world, to simply do something economically. From the period when an Englishman with a ship and a bond could legally attack Spanish merchants for a living, through the early 1900s when an entrepreneur could incorporate a company on four pages, to the present, when the same kind of operation requires a stack of filings most people will never finish reading. I am going to argue that we have drifted, slowly and with the best intentions, into a regulatory state where the friction of doing anything new is high enough that the people best positioned to absorb it are no longer the small operators that once founded the today’s behemoth companies. I want to be clear up front that I am not writing a “libertarian manifesto” . There are regulations I am glad exist, including most of the worker-safety, environmental, and consumer-protection regimes that the post-war west put in place. The argument is narrower than abolish the rules , and it is roughly that the cumulative weight of three centuries of mostly well-intentioned rule-making (almost none of which was ever repealed, btw) has reached a point where it disproportionately punishes the small and rewards the large. That, I think, is a problem regardless of where you sit politically. Let me repeat: This post is not about political ideology and I urge you to read it as apolitical as humanly possible and focus on the real-world implications rather than some abstract political ideas. Also: While I’m no historian, I tried my best to investigate and find reliable information, which I linked where necessary. Anyhow, let me start with one of my favorite periods to dwell on, which is the time … Of course, we’re talking about the era historians loosely refer to as the Golden Age of Piracy (roughly 1650 to 1730). Back then, the relationship between private business and the state in the Atlantic world was so different from ours that it can feel almost like science fiction. If you were an English merchant in 1690, and you wanted to make money by attacking Spanish (or French) shipping, you did not have to do it in secret. You could go to the Lord High Admiral , or one of the Commissioners acting on his behalf, and apply for what was called a letter of marque . The application named your vessel, its tonnage, its armaments, the owner, and the intended crew. You posted a bond promising to observe the laws and treaties of England, and you got, in return, a piece of paper that legalised an activity that, without the paper, would have made you a pirate . The captures were later judged in admiralty courts, the Crown took a percentage (usually 10%, though Queen Anne later waived even that tiny bit of tax as an incentive ) and you kept the rest. This was not an obscure backwater of business, but in fact an arrangement that some of the most celebrated figures in English history operated under. Sir Francis Drake , whose 1577–80 circumnavigation predates the Golden Age proper but established the template, gave investors a return on capital that contemporary sources placed in the order of forty-seven pounds for every pound invested , with Elizabeth I ’s share alone reportedly enough to retire the Crown ’s debt. The exact figures are deliberately obscured in the surviving records ( Elizabeth had diplomatic reasons not to be specific), but I don’t think any historian disputes that the venture was extraordinarily profitable, and that it was funded by something close to a venture-capital syndicate of nobles and merchants. A century later, in 1695, William Kidd received a privateering commission from the Admiralty Commissioners , plus a special commission under the Great Seal , to seize French ships and pirates. His subsequent hanging in 1701, however, was less about the business model than about the fact that he attacked the wrong ships. Whoops , I guess. Note: It wasn’t only privateering that was comparatively easy to establish and run. In one of my favorite books, Moby-Dick , Herman Melville roughly describes how the economics of whale hunting worked at the time. The capital for the endeavour came from the town. A vessel like the Pequod had a couple of principal owners, the retired Captains Peleg and Bildad in the novel, but the rest of the ship was parcelled out among ordinary Nantucket citizens, a crowd of old annuitants; widows, fatherless children, and chancery wards , each one owning the value of a timber head, or a foot of plank, or a nail or two in the hull . A widow could put her late husband’s savings into a sliver of a whaler the way one might today buy a few shares of an index fund, and when the ship came home three years later heavy with oil, she retrieved her portion of the proceeds, minus the owners’ cut for fitting her out. The crew, meanwhile, drew no wages at all. Every man from the captain down to the greenest hand was paid in what was called a lay , a fixed fraction of the voyage’s total net profit, the size of the fraction set by his skill and rank. The smaller the number, the larger the slice, so a seasoned harpooner like Queequeg was signed at the ninetieth lay, while Ishmael , who had never so much as touched a whale, was first offered the seven-hundred-and-seventy-seventh by the pious and tight-fisted Bildad before Peleg talked it up to the three-hundredth. Nobody was paid for showing up, you were paid, if at all, only when the casks were full and sold, which meant every soul aboard owned a piece of the outcome and bore a piece of the risk, no payroll department required. This was not merely a novelist’s imagination, but it was how the real Nantucket and New Bedford fisheries actually worked. Ships were financed by pooling fractional shares among the townsfolk, every hand from captain to greenhorn took a lay instead of a wage, and historians today describe the whole arrangement as a precursor to modern venture capital, obviously with significantly less bureaucracy involved. Looking at the possible growth and power, the chartered companies of the same era operated on a scale that no modern private corporation could legally match. The English East India Company , chartered by Elizabeth I on the last day of 1600, was eventually granted the right to acquire territory, mint coinage, command fortresses and standing troops, form alliances with foreign powers, make war and peace, and exercise civil and criminal jurisdiction over its holdings. The Dutch East India Company ( VOC ) , chartered in 1602, went further and was given an explicit twenty-one-year monopoly, the right to wage war, sign treaties with sovereign powers, build forts, appoint governors, and mint its own coins. At its peak the VOC employed roughly twenty-three thousand people in Asia, fielded somewhere between one hundred and fifty and two hundred and fifty ships at any one time, kept a standing army of around ten thousand soldiers, and over its life sent close to a million Europeans to Asia on nearly five thousand ships. The Hudson’s Bay Company , chartered by Charles II on May 2, 1670, was granted absolute Lords and Proprietors status over Rupert’s Land , an area of roughly 3.9 million square kilometres, or about 40% of modern Canada, again with monopoly trade rights, lawmaking, civil and military jurisdiction, and the authority to wage war. For the ordinary merchant, who was neither a Drake nor a director of the VOC , the bureaucratic environment was correspondingly easy to navigate. There was no income tax, since Britain’s first income tax was a Napoleonic-era invention from 1799 , and there was no business registration in the modern sense. There was no payroll tax, no compliance officer, no insurance mandate, no occupational licensing, and certainly no equivalent of GDPR or beneficial-ownership reporting. The state extracted revenue mostly through customs and excise on specific goods, the Land Tax on real property, the Hearth Tax from 1662 to 1689 (two shillings per fireplace), and the Window Tax from 1696 onwards. In the American colonies in particular, enforcement of even the limited Navigation Acts was famously weak under what historians call salutary neglect , to the point that the Hoover Institution notes colonists in the late seventeenth century killed three customs officers, imprisoned two others, tried one for treason, and persuaded one to join them . That’s a level of “customs compliance” that would definitely not pass a modern audit. :-) Note: Of course there is a romanticised version of this period that isn’t as rosy as it first seems. For example, within chartered English boroughs (London especially), domestic trade was seemingly gated by guilds and the Freedom of the City . The 1562 Statute of Artificers required a seven-year apprenticeship for most trades, which was apparently the only national apprenticeship law in pre-modern Europe, and admission fees in the 16th and 17th centuries ranged from under one pound to twelve pounds and more, which was a substantial sum at the time. Guild monopolies were seemingly a real form of bureaucracy, just not a state-run one. So the open a shop with no paperwork framing is more accurate for rural England, the frontier American colonies, and overseas trading ventures than for established urban commerce. It was the commercial ventures specifically (the ships, the colonies, the trading expeditions) that operated with the kind of low-friction freedom we no longer have, not the neighbourhood bakery in seventeenth-century London, although that bureaucracy was still well below what we are facing in today’s world. The point I want to draw from this period is not that we should bring back privateering or massive chartered companies that can wage wars , which would be both impractical and politically unattractive, but that the basic relationship between private enterprise and the state was, at least for novel ventures, permissive by default . You could simply go ahead , and the state involved itself only when you crossed a specific line that had been drawn in advance. Yet, despite the lack of all modern bureaucracy, regulation and compliance, civilization evolved and societies developed, maybe at times even at a faster pace than we’re seeing it today. Skip forward two and a half centuries, and the world is unrecognisable in almost every way except that starting and running a business is still extraordinarily light on paperwork, even by modern standards. In 1896, New Jersey passed the first enabling general incorporation statute, allowing a company to be formed by simple administrative filing rather than by a special act of the legislature. Delaware followed on March 10, 1899 , and the modern American corporation was born. Before then, every incorporation in the United States required its own legislative act, but after it, you just mailed a form , figuratively speaking. The cleanest illustration of how thin that paperwork was is the document that incorporated the Ford Motor Company on June 16, 1903 . Henry Ford and twelve co-investors signed a four-page Articles of Association in Detroit . The document covered the name of the corporation, its purpose, its place of operation, its capital stock ($28,000), its term, and its stockholders. It was notarised, mailed to the Michigan Secretary of State , and the company was legally constituted by June 17, 1903. The same Ford Motor Company would go on, over the next four decades, to produce the Model T , build the Highland Park assembly line, employ tens of thousands of workers, and become one of the largest industrial enterprises on the planet, all without anyone needing to file beneficial-ownership disclosures, complete a Customer Due Diligence questionnaire, or commission a Data Protection Impact Assessment . The tax environment was also correspondingly simple. The 16th Amendment to the U.S. Constitution was ratified in 1913, and the Revenue Act of 1913 introduced a federal income tax with a 1% normal tax on net income above $3,000 (single) or $4,000 (married), with a graduated surtax topping out at 7% on income above $500,000. Approximately 3% of the U.S. population was even subject to the tax, and under 1% paid anything at all. In Britain, income tax averaged 2% to 3% of GDP from 1900 through 1913, and the super-tax , the precursor to surtax, was only introduced in Lloyd George ’s 1909 People’s Budget . Value-added tax, the workhorse of modern European public finance, did not exist anywhere in the world until Maurice Lauré’s reform was signed into French law on April 10, 1954, and was not mandated EEC-wide until two directives in April 1967. Note: If these are too many numbers and dates and words and you only want to remember one single thing from this chapter, then remember the following: Taxes, as we know them today, did not exist around a hundred years ago, and many of them only go as far back as ~70 years. It is also worth noting that even the way taxes were collected was different. Tax withholding at source, the now-ubiquitous mechanism by which your employer hands a slice of your salary to the state before you ever see it, was introduced in the United States only in 1943 with the Current Tax Payment Act , as a wartime measure to fund the war effort and to broaden the tax base from the wealthy to ordinary workers. Before 1943, Americans calculated their taxes annually and wrote a cheque, which is why tax-day filing was, for most of history, a relatively low-frequency interaction between citizen and state. Many EU member states introduced their withholding tax regimes only between 1952 and 2013. The withholding mechanism is, in many ways, the backbone of the modern administrative state. It works only because there is a persistent identity attached to every worker, a bank account they are paid into, and a payroll system that can route the deductions automatically. Banking, in the same period, was also fairly accessible. There was no formal Know Your Customer regime in the sense we now use it. The Bank Secrecy Act , which is the foundation of the modern American anti-money-laundering regime, was passed in 1970. KYC as a structured set of rules was not codified federally until the U.S.A. PATRIOT Act of 2001 introduced the Customer Identification Program under Section 326 . The Foreign Account Tax Compliance Act ( FATCA ) , which today shapes the experience of Americans abroad and the willingness of foreign banks to serve them at all, was only enacted in March 2010. If you were a working person in 1920 and you wanted a bank account, you walked into a bank, gave your name and address, signed a card, and received an account. There was no requirement to hand over a utility bill, to document the source of your funds, no electronic identity verification, no sanctions screening, and no algorithmic suspicious activity detection. De-banking , in the modern sense of having a financial institution close your account because of who you are or what you do, was not really a phenomenon at all in the early twentieth century. The Oxford English Dictionary records the verb debank as far back as 1929 , but the meaning that contemporary readers will recognise is essentially post-2014. This matters because the people who built the post-war economy did so in exactly this environment. The men and women of the GI Generation (born roughly 1901–1927), the Silent Generation (1928–1945), and the Baby Boomers (1946–1964) came of professional age in a regime where you could open a bank account in an afternoon, file a four-page incorporation document, hire and fire on a handshake, pay relatively low effective taxes, and grow a business through several decades without anyone asking for a beneficial-ownership statement, a tax-residency certificate, a data-protection impact assessment, or a sustainability report. This is not a moral observation about that generation, it is an observation about the environment they built businesses in. Before I move on to what changed, I want to take one short detour east, because it is the cleanest case I know of how much the regulatory environment can matter to outcomes. In 1953, at the end of the Korean War , South Korea had a GDP per capita of roughly sixty-seven U.S. dollars, which made it one of the poorest countries in the world , poorer than most of sub-Saharan Africa and on a par with Haiti. Seoul, its capital, had a population of about one million people and had been substantially flattened during the war. The country had no significant industrial base, no natural resources to speak of, and no obvious path forward. Seventy years later, South Korea’s GDP per capita is roughly thirty-three thousand dollars, the Seoul Capital Area is home to roughly twenty-five million people, and the country is a global leader in shipbuilding, steel, electronics, automobiles, semiconductors, and increasingly cultural exports. This is one of the most extraordinary economic transformations in recorded history. The popular story of Korea being a free-market miracle, however, is half right at best. The serious academic literature, particularly Alice Amsden’s Asia’s Next Giant and Robert Wade’s Governing the Market , makes clear that the Park Chung-hee regime (1961–1979) was an authoritarian developmental state , not a libertarian paradise. It directed credit, picked sectors, suppressed labour, and tolerated heavy chaebol concentration. What the regime did not do, however, was load new ventures with the kind of compliance and regulatory machinery that the modern OECD economies were already accumulating. New industries could be built quickly, factories could be thrown up, ports expanded, ships launched, because the bureaucratic overhead was thin and the political will to remove obstacles was high. I am definitely not holding Park -era Korea up as a model, as the political costs were severe. What I am pointing at is how fast a country can transform when the regulatory friction on building things is set close to zero. It is much, much faster than people who have only experienced modern OECD economies typically realise. The generations that built the post-war west ( GI , Silent , Boomer , and to a lesser extent early Gen X ) accumulated (or inherited) their wealth in this lighter regulatory regime. The generations that came after (later Gen X , Millennials , Gen Z , …) are trying to do the same thing in an environment that has significantly changed under their feet. The U.S. Federal Reserve’s Distributional Financial Accounts are the authoritative source, that shows, that as of late 2024, Millennials and Gen Z together represented 35.1% of U.S. households but owned only 10.1% of total household wealth , roughly 71% less than their household-share would predict. By contrast, Boomers in 1989, at a roughly comparable average age, held 19.5% of wealth while making up 42.2% of households. In other words, younger Americans today are more under-represented in wealth than Boomers were at a comparable point in their lives. Pew Research similarly found that the median net worth of households headed by Millennials aged 20–35 in 2016 was roughly $12,500, compared with $20,700 for Boomers at the same age in 1983, in constant dollars. That is, the Millennial household had about 60% of the inflation-adjusted net worth that the Boomer household had at the same stage of life . Homeownership data tells the same story. Apartment List ’s analysis of homeownership rates at age 30 finds that 55% of Silents owned a home by that age, falling to 48% of Boomers , 42% of Gen X , and just 33% of Millennials . In the United Kingdom, the Office for National Statistics reports that in 2024 the median home in England (£290,000) cost roughly 7.7 times median full-time annual earnings (£37,600), and the Resolution Foundation has shown that it now takes a typical young first-time buyer roughly 18 to 19 years to save a deposit from disposable income, compared with about 3 years in the mid-1990s . The Joint Center for Housing Studies at Harvard reports that in 2022 the U.S. median home price reached 5.6 times median household income, the highest ratio on record going back to the early 1970s. Note: I want to recognize that the wealth-comparison story is more nuanced than the Millennials are screwed narrative that I’m partially presenting here. For example, the St. Louis Fed has also found that, on a per-household basis, Millennials and Gen Z have been catching up rapidly since 2019. Critics, including New America and others, point out that this relies on average rather than median wealth and is heavily skewed by a thin slice of high-earning younger households. Both stories are simultaneously true, depending on which slice of the distribution you look at. The median younger household is materially behind, the average younger household less so. I am framing the argument around the median because that, in my view, is the more relevant indicator of broad opportunity. In addition, the crises that bracketed Millennial , Gen Z and later generation’s lives were not randomly distributed across generations. Those generations experienced the post-9/11 wars in Iraq, Afghanistan, and the broader counterterrorism campaign , the 2008 Global Financial Crisis , the COVID-19 pandemic , the Ukraine war , and the recent war in Iran with all its economic impact slowly unfolding. The cost of these, in the form of debt, inflation, and asset-price inflation through quantitative easing , has fallen disproportionately on the people who were/are not yet old enough to own assets when these events occurred. In fact, the Bank of England ’s own analysis of the distributional effects of quantitative easing acknowledged that a large share of the wealth gains flowed to households that already owned assets, and a 2023 Oxford Bulletin paper found that the asset-price channel of QE increases wealth inequality across most countries studied. There is a counter-argument from central banks that the alternative (a deeper recession) would have hit younger workers even harder through unemployment, and I think this counter-argument is partially correct, but the cumulative effect, on top of the housing-supply story documented by Glaeser and Gyourko , is a generational asset-price gap that compounds. I’m trying to be careful not to slide into a Boomers caused this framing, because that doesn’t appear to be what the data ultimately says, despite everything visually pointing towards this narrative. Boomers themselves appear to be highly stratified, with the median Boomer being noticeably less wealthy than generational averages seemingly suggest. The Urban Institute ’s research on the Great Inequality Transfer emphasises that policy regimes, not generational malice, are the proximate cause. What is true, however, is that the policy choices of the past several decades, made disproportionately by people who were already established in the post-war environment, accumulated into a stack of rules, asset prices, and compliance requirements that the people coming up behind them now have to navigate. In that sense, the current environment can in fact be attributed to the decisions made by Boomers , as well as the generations in their immediate proximity. Which brings me to the actual point about how big that stack of rules has become, and what its distribution of cost is. The U.S. Code of Federal Regulations , which is the codified body of federal regulatory rules, was a thin pamphlet at its origin in 1938. It is now, depending on how you count, somewhere north of 190,000 pages . The Mercatus Center ’s RegData project, which counts regulatory restrictions defined as instances of words like shall , must , and may not , finds that the federal CFR contained roughly 835,000 such restrictions in 1997, rising to over 1.08 million by 2019 and continuing to climb. The Federal Register , which is the daily journal in which new federal rules are first published, totalled 9,562 pages in 1950 across 15 volumes, and hit 86,356 pages in 2020 , the second-highest count ever recorded. Meanwhile, the European acquis communautaire , the body of cumulative EU law, has followed a similar trajectory, with estimates of the active acquis range from an 80,000-page figure to over 170,000 pages, depending on how you count, with more than 100,000 of those pages produced in the prior decade alone . The cumulative legislation since 1957 is on the order of 666,879 pages. The cost of complying with all this is, as you might have guessed, not evenly distributed. The widely cited 2010 SBA Office of Advocacy study by Crain and Crain estimated that U.S. small firms with fewer than 20 employees paid about $10,585 per employee per year in regulatory compliance, compared to $7,755 for firms with more than 500 employees, which is roughly a 36% gap. A more recent 2023 National Association of Manufacturers study put the total federal regulatory cost at $3.079 trillion in 2022 (about 12% of GDP), with small manufacturers paying $50,100 per employee per year compared to $24,800 for large manufacturers , which is roughly a 100% gap. Note: The Crain and Crain methodology has been criticised by the Congressional Research Service and others as including economic-impact estimates rather than just direct compliance costs, and using a cross-country regression that some economists consider unreliable. The NAM is an industry association with an obvious incentive to report large numbers. However, even if we discount both estimates substantially, the basic shape (that smaller firms pay disproportionately more per employee to comply with the same rules) is consistent across studies and across methodologies. A fixed cost of compliance simply hits a smaller firm harder, in per-employee terms, than a larger one. A few specific recent regulations are worth naming, considering their (cost-)impact: I will stop the list there, but the pattern is clear, and adding DAC6 , DAC7 , the DSA , the DMA , the CSRD , the CSDDD , UKCA marking, REACH , MDR , IVDR and the rest does not improve the picture. Each of these has a defensible rationale, and most of them addressed a real problem, but the cumulative burden, however, is significant . Sadly, there is no agency anywhere whose job is to look at the total weight of regulation on a small business and ask whether it is still proportionate. However, there are agencies, in many jurisdictions, whose job is to add to it. Tax complexity has followed the same arc. The U.S. Internal Revenue Code runs to roughly 2.4 million words, or about 10 million if you include Treasury regulations and IRS guidance. Wolters Kluwer ’s Standard Federal Tax Reporter , the practitioner’s reference, has grown to roughly 80,000 pages from a thin volume in 1913. The U.K.’s Tolley’s tax handbooks have grown from about 5,000 pages in 1997 to over 21,000 pages in current editions. The IRS Taxpayer Advocate , who is statutorily independent of IRS political leadership, has reported that Americans spend roughly several billion hours per year complying with the federal tax code. Meanwhile, the OECD ’s tax-to-GDP statistics show that the average tax-to-GDP ratio across member countries rose significatnly from 1965 to 2022. For example, France went from ~33% to ~46%, Denmark from ~29% to ~42%, the U.K. from ~30% to ~35%, Germany from ~31% to ~38%, Spain from ~14% to ~36%, and the U.S. from ~23% to ~28%. In other words, across most of the developed world, the share of economic activity passing through tax authorities has grown by roughly a third over six decades, and the complexity of the path it takes through those authorities has grown by considerably more. The crucial point, for my argument, is not about whether taxes are too high in some absolute sense, or whether taxation as such is actual theft , as that is a separate political question on which reasonable people disagree, but the point is that the complexity has grown to the level where it is itself a significant input cost, and that cost is again non-linear. A small business that needs to interpret 80,000 pages of tax guidance has to either hire someone to do it, or do it themselves at the cost of not running their business for the time that it takes. A multinational has a tax department, and frequently has the resources to make the complexity work in its favour. Which brings me to the most important part of the picture, which concerns tax *cough* planning . The Institute on Taxation and Economic Policy documented in its 2021 study, that 55 of America’s largest corporations paid $0 in federal income tax on $40.5 billion of pre-tax income in 2020. A 2024 update found 109 large profitable U.S. corporations paid 0% federal income tax in at least one year between 2018 and 2022, with an average effective rate of about 14.1% against a statutory rate of 21%. A 2022 study from the U.S. Government Accountability Office on large profitable corporations found an average effective federal rate of about 9% over the period 2014 to 2018, well below the statutory rate of the time. The mechanisms by which large multinationals (and wealthy individuals) achieve these rates are well-documented, largely legal and, most importantly, only available to companies (and individuals) of equal size and accounting firepower , and definitely not to your mom-and-pop-shop next door. The Double Irish with a Dutch Sandwich , used by Google , Apple , Facebook and others, was estimated by economist Gabriel Zucman to have shifted more than $100 billion per year at peak. Ireland closed it in 2014 with a phase-out completed by 2020. The European Commission ruled in August 2016 that Apple owed €13.1 billion in back taxes to Ireland, and the Court of Justice of the European Union finally upheld this on September 10, 2024 in Commission v. Ireland (C-465/20), eight years after the original ruling. The Tax Justice Network ’s State of Tax Justice 2023 report estimates that countries collectively lose roughly $472 billion per year to tax abuse, of which about $311 billion is corporate. It’s worth mentioning that the TJN’s methodology is contested by the IMF and others, and that the figure should be treated as an upper bound, but even at half that figure, the disparity is striking. The OECD’s BEPS Pillar Two , the global minimum corporate tax of 15% beginning in 2024, is estimated to raise corporate income tax revenue by roughly $155 to $192 billion per year, but it does nothing for the structural disparity between a small business (or regular individuals) that cannot relocate its profits and a multinational (or wealthy individuals) that can and, on the contrary, is likely to introduce even more bureaucracy for small businesses in future iterations of the code. There are honest reasons the system has ended up where it has, including the difficulty of taxing economic activity that crosses borders, but the lived effect is that a self-employed plumber in Paris or a small bakery in Chicago pays a higher effective tax rate than Apple or Amazon does on income shifted through the right holding structure. There is one more thread that I want to pull on, because it has changed character significantly in the past decade and is, I think, undertreated in the broader conversation, which is the slow conversion of banks from financial-services providers into compliance gatekeepers. One (in)famous exampale for this is Operation Choke Point , a U.S. Department of Justice initiative running from 2013 to 2017, that pressured banks to drop high-risk merchants, including payday lenders, firearms dealers, and adult-industry workers. The program was officially terminated in August 2017 after the FDIC settled lawsuits and pledged to cease informal or unwritten suggestions to banks, but the label Operation Choke Point 2.0 has since been applied to alleged debanking of crypto firms after the March 2023 collapse of Silvergate , Signature Bank , and Silicon Valley Bank . However, the evidence for a coordinated Choke Point 2.0 operation remains contested , and the framing has been used by politically interested parties on both sides. Less contestable, on the other hand, is the Nigel Farage / Coutts case, in which the U.K. private bank Coutts closed Farage ’s account, and an internal 36-page Reputational Risk Committee dossier from November 2022 cited his political views as “at odds with our position as an inclusive organisation” . The CEO of parent group NatWest resigned in July 2023, and the U.K.’s Financial Conduct Authority subsequently reviewed account closures across multiple banks, finding roughly 343,000 personal and business accounts were closed in 2021 to 2022 alone. Banks self-reported that few were for political views, but the FCA also noted significant data-quality problems. Disclaimer: I have no skin in the U.K.’s political game and I do not care about Farage as a political figure or even as an individual. However, the Farage / Coutts case is one of the most prominent cases, which is why I picked it up to give an example. Make no mistake to believe that de-banking is solely an issue on one side of the political spectrum , as it is clearly not. The volume of Suspicious Activity Reports filed by U.S. financial institutions to FinCEN has risen from about 1.3 million in 2014 to roughly 3.6 million in 2022 , and Currency Transaction Reports run at about 20.5 million per year. The European Banking Authority ’s 2022 opinion on de-risking is even explicitly acknowledged that AML rules are causing unwarranted account closures across NGOs, money-service businesses, and correspondent banks. To understand the real world implications of how these account freezes and closures impact even regular people on a day to day basis it’s enough to look at individual institutions’ bad ratings on any unbiased review site, e.g. for (Transfer)Wise on ConsumerAffairs . The mechanism here is, again, one I think is poorly understood. Banks are one part malicious, injecting their own policy and beliefs into their decision-making, and one part cautious, as they face fines for AML failures. For example for laundering $881 billion, the HSBC paid $1.9 billion in fines in 2012. But don’t worry, nobody at HSBC went to jail. Similarly, the U.S. Treasury Department settled with the Standard Chartered for $1.1 billion, for violations of multiple sanctions in 2019. On the other hand, however, AML over-compliance effectively carries no penalty at all, e.g. for closing the account of a legitimate small business or unbanking an innocent individual. The economically rational response is to weight profit vs. risk and to interpret risk conservatively for any account that does not pay enough to justify the regulatory exposure . The result is that the marginal small business, the freelancer with an unusual revenue pattern, or the person whose work happens to fall in a politically sensitive category, finds banking impossible, without any of this being written into any law as such. It is the emergent behaviour of a stack of regulations, none of whose authors probably intended this outcome. Add to this the ever changing regulatory environment and banking suddendly becomes yet another bureaucratic burden for small and medium businesses, let alone lower- and middle-class private individuals. The deeper irony is that this regime consistently fails at the very thing it was built to do. The list of major money-laundering scandals over the past two decades, including HSBC ’s settlement for laundering Mexican cartel money , Credit Suisse ’s Suisse Secrets leak revealing accounts held by criminals and corrupt politicians, the 1MDB scandal in which billions of dollars flowed through major Western banks, the CumEx tax fraud in which European treasuries lost an estimated €150 billion, and the Wirecard collapse in which one of its senior executives simply vanished, all happened despite KYC, AML, beneficial-ownership disclosure, and the rest of the modern compliance stack, without any of the involvement of cryptocurrencies or any other modern technologies, that are usually politically vilified for enabling these sort of schemes. The people the regulatory regime is supposedly catching are, with rare exceptions, not being caught. The people most affected are those who do not have a tax planner, a private banker, a trust fund, or a corporate structure that can absorb the friction and make issues simply go away . Take the popular case of Flipper Devices , the small hardware company behind the Flipper Zero , a multi-tool aimed at hardware hackers, penetration testers, and electronics hobbyists. The product’s Kickstarter campaign in 2020 was extraordinarily successful, raising nearly five million dollars from tens of thousands of backers. In late 2022, the company publicly reported that PayPal had frozen approximately $1.3 million of its funds, applying the platform’s standard 180-day review hold and citing only generic suspicious activity as justification. After significant media attention the funds were eventually released, but for a small hardware company in the middle of manufacturing and fulfilling international orders, going six months without access to over a million dollars of customer money is plainly a near-fatal event. Flipper survived because the tech press noticed and because they had alternative revenue streams, but the experience is far from unique. Most small companies that find themselves on the wrong side of a payment processor’s algorithmic risk score do not have a public profile large enough for anyone outside maybe their accountant or, ultimately, their lawyer to care. I believe that what is happening here is important and underappreciated. The bureaucratic delegation of compliance enforcement to private financial institutions has handed banks, payment processors, and similar gatekeepers a degree of power over private economic life that, historically, simply did not exist at this scale. A bank has the unique ability to create a business, by extending it credit on terms no ordinary lender would offer, or to destroy one, by freezing or even closing its account. If a major institution decides a particular firm is strategically valuable, it can throw virtually endless money at it through revolving credit facilities, underwriting commitments, intra-day liquidity, and market-making support, propping up balance sheets that, on the merits, would have folded years earlier. The opposite operation is just as easy, and considerably faster, as a compliance officer flagging a customer as inconvenient can, overnight, sever that customer from the payment rails on which essentially all modern economic activity runs. There is no court, no due process, and no meaningful right of appeal, and the customer typically receives a single boilerplate letter that does not even state the reason. This is a degree of power over individual livelihoods and corporate existences that, in democratic societies, used to require a court order. It is now exercised routinely by salaried risk officers operating under regulatory pressure that strongly incentivises closing first and asking questions later never. The same dynamic falls, sometimes even more starkly, on individuals, where a debanked person can find themselves locked out of housing, employment, and even the ability to receive their own salary, with no agency, court, or ombudsman that they can effectively appeal to. It’s this exact same financial-control infrastructure that has been used for instance by the Canadian government in response to the Freedom Convoy protests , or by the German government in response to Antifa . By freezing bank accounts associated with protest participants and donors, without conventional court orders, these individuals were cut off of modern life in an instant. Regardless of the underlying political debate and whatever you think of each of these cases individually, the precedent (specifically, a government using existing AML infrastructure to remove citizens from the financial system as a form of political pressure) is now established, in a world in which even the everyday use of cash, which is the official government-issued currency , has been recoded as suspicious in many jurisdictions. Large-cash deposits trigger reports, jewellers and car dealers face mandatory reporting thresholds, and several EU member states have explicitly capped what can be paid in cash at all. Going back to the more general topic of bureaucracy , especially in the context of business activity, I think the outlook is worrying when we project forward on the current curve. The U.S. Census Business Formation Statistics show that applications surged after 2020 from roughly 3.5 million per year to about 5 million per year, which is generally a welcome thing. But the underlying business dynamism has been declining for decades. Decker, Haltiwanger, Jarmin and Miranda ’s Brookings work documents that the U.S. startup rate fell from roughly 13% of all firms in the 1980s to about 8% by the 2010s. Additionally, multiple studies show that the share of employment at firms with fewer than 20 employees fell significantly in the past fourty years, and the OECD ’s Entrepreneurship at a Glance series finds similar declining startup rates across most member economies. So the recent surge in applications is encouraging, but it is seemingly happening against a multi-decade trend of declining small-firm employment and declining new-firm formation relative to incumbents. One plausible end-state, which I do not think is inevitable but which is clearly the trajectory we are on, might look something like this: Large incumbents accumulate the regulatory, tax, and compliance machinery (at their scale, the per-employee cost of compliance falls). Small entrants either do not start, start under the radar in regulatory grey zones (if even possible, see below), or get acquired before they can scale. The marginal new business is increasingly a side-hustle on a platform owned by an incumbent (think Amazon FBA , TikTok Shop , etc.), where the platform absorbs the compliance burden in exchange for a (hefty) cut, but also sets the terms unilaterally. The number of independent businesses falls, the share of actual, as well as paractical employment in incumbents rises, and the regulatory state both causes and justifies this concentration, on the grounds that fewer, larger firms are easier to oversee, while simultaneously likely to be corrupted bought lobbied by these exact firms. For most of the past century, the infrastructure of compliance was built and operated by bureaucrats , namely people sitting in offices, processing forms, applying judgement within the limits of their statutory remit. The friction generated by that arrangement was high, but the friction was also a feature, in a way, as it built in a small reserve of leeway , in the form of a human who could lose a form, mark a case as borderline, or exercise discretion. The trajectory we are now on is the replacement of that human by a system, with the bureaucratic structure inherited intact and made fully queryable . The bureaucrats built the cathedral, and the techno-/algocrats are now installing the 24/7 surveillance and the “AI” . Decades of beneficial-ownership filings, KYC records, CRS and FATCA exchanges, DAC7 platform reports, payment-service-provider data, e-invoicing pipelines, real-time VAT reporting (Italy’s SDI , Spain’s SII , Hungary’s RTIR , the impending EU-wide ViDA regime), property and Land Registry records, vehicle registries, customs data, and social-security feeds, all sitting in databases that, for most of their existence, were used in isolation, as data-silos. The techno-/algocratic project, broadly speaking, is to wire those databases together, to make them fully searchable, and to layer pattern-detection and “AI” on top. Make no mistake in believing that this is only hypothetical. The U.K.’s HMRC Connect , which is operational since 2010 and built for the tax authority by BAE Systems Applied Intelligence at a reported cost in the tens of millions of pounds, already cross-references dozens of distinct sources, including bank statements, social media, Land Registry filings, DVLA vehicle records, Companies House data, PayPal transactions, and offshore-account exchanges. On September 8, 2023, the U.S. IRS announced a major expansion of audit activity targeting large partnerships and high-income individuals, with Inflation Reduction Act funding and an explicit reliance on “AI” to identify return patterns that human reviewers would not have spotted. The OECD ’s forum on tax administration has, for years, been pushing member states toward real-time compliance and data-driven audit as the operating model of choice. With all of this the direction of travel is clearly set, and the technical capacity to act on it has now finally caught up. The cautionary tales of what happens when this approach is rolled out at scale, without the institutional caution that has historically slowed bureaucratic overreach, are already with us. For example Australia’s Robodebt scheme , which was in operation from 2016 to 2020, used automated income-averaging to issue hundreds of thousands of debt notices to welfare recipients on the basis of data-matching alone. The scheme was found unlawful by the Federal Court in November 2019, the government settled a class action for AUD 1.8 billion, and the Royal Commission that reported in July 2023 concluded the programme was crude, cruel, and produced disproportionate harm, including contributions to suicides . Also, the Netherlands’ toeslagenaffaire , in which the Belastingdienst ’s self-learning risk model wrongly accused tens of thousands of mostly immigrant-background parents of childcare-benefits fraud, demanding repayments that drove families into bankruptcy and, in over a thousand documented cases, the loss of custody of their children, was serious enough to bring down the third Rutte cabinet on January 15, 2021. Finally, the Dutch SyRI system , a separate algorithmic fraud-detection tool deployed in low-income neighbourhoods, was struck down by the District Court of The Hague in February 2020 for violating Article 8 of the European Convention on Human Rights on grounds of opacity and disproportionality. AlgorithmWatch ’s Automating Society reports have catalogued dozens of similar cases across European member states, in welfare, policing, education, and employment. What unites these cases, and what should worry anyone trying to run a small business or live a private life, are the integral features of the techno-/algocratic arrangement, which are that the system acts at machine speed, that the cost of being wrongly flagged is borne entirely by the citizen, and that the institutional pathway for appeal is essentially the same slow, human bureaucracy that has now been deprioritised in favour of the system that flagged you. The political-philosophy literature on algocracy , or governance by algorithm, has been making this point for over a decade, but has only recently moved it from academic concern into operating practice. The borderline situation, namely the small business that took a contested deduction, the freelancer with an unusual revenue mix, the side-hustle whose VAT return is six weeks late, or the consultant whose payment patterns trip an unexplained risk score, that, twenty years ago, would have been quietly tolerated, mis-filed, or simply missed becomes discoverable instantly. Once discovered, it is sanctionable with no human in the loop, and the same asymmetry that already shapes the regulatory landscape applies here, as large multinationals have the budget to deploy their own AI , hire armies of tax engineers, and structure around the algorithmic detection, while small businesses inherit the algorithmic enforcement without the means to defend against it. The leeway that used to exist in the system, a function of human inattention, finite processing capacity, and occasional judgement, is being engineered out as a deliberate goal, and sold as efficiency and fairness . The people who lose the most when that leeway disappears are precisely the ones who needed it most. I think this is sadly where we are headed if nothing changes, and I think it should worry people across the political spectrum, in every developed and developing nation. Probably the strongest argument against this is, that the reason 1700 looked deregulated is, that it was also worse on almost every dimension of human welfare. Workers had no protection, children worked in mines, the seas were full of slaves, rivers were poisoned, and banks collapsed routinely and took depositors’ savings with them. The reason the modern regulatory state exists is that the previous arrangement was actively killing people, and the slow accumulation of rules is the price of a society in which most people “no longer” die at work , drink contaminated water , or lose their savings to a bank’s bad bets . That’s at least what the bureaucrats , and technocrats , and algocrats keep telling us. In principle, cumulative regulation is not a flaw of the system, it is a record of every preventable disaster the system has tried to prevent from recurring, and removing the rules in aggregate would remove the protections in aggregate. And don’t get me wrong, I am glad when workers have meaningful safety protections, when consumers can sue over defective products, when depositor insurance exists, when environmental externalities are at least partially priced in, and when a small number of bad actors no longer get to externalise their costs onto everyone else. I do not think that the counterfactual world in which we kept the freedom of 1700 and added the income from 2026 is a world I or anyone else would probably want to live in. What I do think, however, is that there is a meaningful difference between essential protections (that actually work) and accumulated regulatory drift . The basic worker-safety rule that says you have to provide fall protection above a certain height is essential. The 47-page guidance document about how to file your beneficial-ownership disclosure for a single-member LLC is drift. The basic principle that consumers should be told what is in their food is essential. The 200-page set of EU labelling rules covering every permissible variation of free-range is drift. And the regulatory process, almost everywhere, is asymmetric, as rules are added much more easily than they are removed. The U.K.’s one-in, two-out initiative was an attempt to rebalance this, and was quietly abandoned. The EU’s REFIT programme was modest in ambition and modest in delivery. The basic dynamic, that political incentives strongly favour adding rules in response to any given incident and very weakly favour removing them in response to cumulative drift, is the big issue here. If you can grant me that distinction, between essential protection and accumulated drift , then I think the current state of the western regulatory system contains a lot more drift than its defenders are willing to admit, and removing some of that drift would not actually require dismantling any of the protections that make modern life better than in 1700. To wrap this up with something approaching constructive thoughts, I think we should want a regulatory state that protects against catastrophic externalities (pollution, fraud, systemic financial collapse, occupational deaths) while making it easy to start the kind of small, independent business that built post-war prosperity. I think we should want a tax system that is fair and simple enough that a person running a one-person operation can comply with it in an evening, and graduated enough that a multinational cannot escape it through accounting geography . Speaking of which, I also think that we should want a levelled playing field, in which accounting geography is either impossible, or possible for anyone regardless of the depth of their pockets or the political and economical influence they might have. I think we should definitely want banking that is open to anyone who has not been individually adjudicated to have done something wrong, and not closed to people on the basis of category-level reputational risk. And we should almost certainly want this lifeblood of our modern life to require a lot more effort to be simply turned off in an instant than it does today. I think we should want a habit, in the political class, of asking what should we remove this year , with the same energy we currently bring to the question what should we add . None of this is a return to 1700, but it is more like a return to the economic environment of, say, the 1950s, 60s, 70s and maybe even 80s, in which the post-war west had built a real welfare state and meaningful worker protections, but had not yet loaded on top of that the accumulated drift of seventy further years of rule-making. That is not a libertarian fantasy, and it may in fact be living memory for some of the people reading this. It was the environment in which their parents or grandparents started shops, opened bakeries, built small factories, and made middle-class lives. None of the rules that I think constitute drift were added in bad faith and probably each of them was a response to a real problem, designed by people who (in most cases) meant well, and voted for by representatives whose constituents wanted that specific problem solved. The cumulative effect was nobody’s intention, it is just what happens when a system has a stronger tilt towards adding than towards removing, and that runs on such an imbalance for several decades. Therefor, I think the next political project that is worth caring about, more than most of the noise that currently passes for debate, is the project of deciding what to keep, what to remove, and how to build an institutional habit of asking that question regularly. I do not have a clear policy proposal for how to do that, as I am far from being truly politically and economically knowledgeable, but I am reasonably sure, that the current trajectory ends somewhere I would rather not arrive at, and that the people who will pay the highest price for arriving there are the people who were not yet born when most of the drift was added. If you take only one thing from this post, take this: The bureaucratic weight that we treat as an immovable feature of modern life is, in fact, a very recent construction. It was built in living memory, by people we can name, in response to problems we can list, with consequences they did not entirely foresee or willfully ignored. It can be rebuilt, lightened, simplified, and reformed, in the same way it was built up. The question is whether we have the political stomach to treat accumulated rules with the same scepticism we currently treat proposed rules , and to remember that every line of regulation, however well-intentioned, is also a small tax on every future person who has to read it before they are allowed to do something useful. I would like to think we still have that stomach, but I am not certain we do. Footnote: The cover artwork is a real painting by Heather Castles . Sarbanes-Oxley ( SOX ) from 2002 added 3,000 to 10,000 compliance hours per company per year, with average direct cost of $1.7 million for accelerated filers, and average annual SOX cost for a small public company rose from about $1.5 million in 2001 to over $2.8 million by 2007. This is a significant part of the reason that the number of U.S. publicly listed companies has roughly halved since the 1990s. Dodd-Frank from 2010 required, at peak, around 398 distinct regulatory rulemakings, and the American Action Forum estimated cumulative compliance burden at over $36 billion and 73 million paperwork hours by 2016. The 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act rolled back some of this for regional banks, but the substantive bulk remained. MiFID II from January 2018 cost the financial industry roughly $2.1 billion in first-year implementation costs and several hundred million in ongoing costs, with the top ten sell-side firms each spending more than $50 million. A documented side-effect, perhaps an unintended one, was a substantial fall in EU sell-side research analyst headcount over the following two years. The General Data Protection Regulation ( GDPR ) , in force from May 2018, has been one of the most consequential pieces of EU legislation of the past decade. Industry surveys at the time put average Fortune 500 GDPR spend in the mid-eight-figure range, with substantial recurring annual costs thereafter. More than a thousand U.S. news sites blocked European users entirely after GDPR came into effect, including major publications like the Los Angeles Times and the Chicago Tribune , and many of those blocks remain in place years later. GDPR was a serious response to a real problem, but the way the cost falls is itself an externality of how the rule was designed. Strong Customer Authentication ( SCA ) under PSD2 , enforced from 2021, made online payments in the EU more secure but, by Stripe ’s estimate, also lost European e-commerce roughly €57 billion in sales in the first year. The U.S. Corporate Transparency Act , effective January 1, 2024, requires beneficial-ownership disclosure on roughly 32.6 million existing entities plus another 5 million new entities annually, at first-year compliance cost estimated by FinCEN itself at approximately $22.7 billion . The constitutionality is currently in litigation, but the regulatory intent tells you a lot about where the trajectory is. The EU AI Act , passed in 2024 and phasing in through 2027, will impose high-risk AI compliance obligations whose cost the Commission estimated at roughly €29,000 per system, but which independent analyses (such as CEPS ) suggest could run closer to €400,000 for a small company deploying a high-risk system. The order-of-magnitude disagreement is itself a sign that nobody really knows what this is going to cost yet, which is not a reassuring property of a major piece of legislation.

0 views
マリウス 1 months ago

80Retros x HMX Monochrome

After spending a fair amount of time with the KTT x 80Retros GAME 1989 Orange , I figured it was about time to take a closer look at the HMX -side of the 80Retros catalogue. The 80Retros x HMX Monochrome have been with me for a while, ever since I picked them up back in Seoul. The switches stand out from the rest of the 80Retros lineup as they don’t ship in a film canister, and they have a fairly boring black and white colorway. The 80Retros x HMX collaboration comprises of a handful of linear switches, amongst others the KD200 (a Kodak -yellow homage), the FJ400 (a Fujifilm -green homage), the GAME 1989 Classic (a Game Boy DMG-grey homage with pink stems), the Joker (a green/white/purple character homage), and the Monochrome , which arrived as one of the later releases. While most other 80Retros switches ship in oversized film-canister packaging, which is probably half the reason people bought into the lineup in the first place, the Monochrome , however, break that pattern, as they come in a plain sealed pack. 80Retros have framed this as a practical decision, since a sealed bag preserves the factory lube better than a (non-airtight) film canister. The Monochrome have a white top housing, a black stem, and a black bottom housing. There’s no nostalgia, just basically a clean, modern industrial look. It’s probably one of the few switches in the lineup that would feel at home on a build that’s trying to look new rather than old. The interesting thing here is that the Monochrome seem to be materially identical to the KD200 , at least from the information I was able to dig up on them. It seems like they use the same PA12 top housing, same LY stem, same 13.55mm stem length, and the same HMX P2 bottom housing. The only spec that appears to be different on paper is the spring, that is a 42g on the Monochrome versus a 45g on the KD200 . The Monochrome seem to basically be a KD200 in different clothes with a lighter spring. Therefor it seems like most of the KD200 -flavoured tendencies show up here too. The first thing you notice is just how light they are. 42g is on the gentle end of the linear spectrum these days, and even coming from the GAME 1989 Orange at 40g actuation, the Monochrome feels softer, probably because the PA12 top, HMX P2 bottom, and LY stem combo doesn’t have the same dry, gritty character the KT2 stem gives the Orange . There’s no audible texture in the travel here. It’s just smooth from top to bottom. Stock smoothness is very good. HMX ’s factory lube is well applied, with visible coverage on the stem sides and along the spring contact points. Slow-pressing a single switch at ear level reveals nothing worth complaining about, as there’s no scratch, no spring ping, and no leaf chatter. This means you can just install them and stop thinking about them, which, for a stock switch, is probably what most people would want. Wobble seems to be in line with the rest of HMX ’s newer-mold output. There’s a touch of north-south play and a touch of east-west, neither of which are distracting in normal typing. The Monochrome has a sound profile that’s noticeably soft, light, and, for lack of a better word, swooshier . The Korean reviewer who teardown-photographed the whole 80Retros x HMX lineup described it as a “wave-like” sound. There’s still a clean tonk on the bottom-out, but it sits lower in the mix and the upper harmonics that make for a louder pop are largely absent. Volume-wise, the Monochrome is on the quieter side. Not silent, not Volume 0 -quiet, but noticeably more restrained than e.g. the GAME 1989 Orange . On softer builds (gasket-mount, Poron -foamed, that sort of thing), it leans firmly into muted thock territory. On more rigid aluminium builds I’d expect it to open up slightly, but my own testing has been on softer cases, so take that with a grain of salt. In short, where the Orange has audible character, the Monochrome is doing something quieter and a little more uniform. If you enjoy the Orange ’s pop you’re probably be slightly disappointed with the Monochrome . As for the factory lubing, it is competently done. I peeked into a few switches and the application is consistent enough that I didn’t feel any particular urge to retune them. If you’re someone who lubes everything regardless, maybe be sparing here, as otherwise you’ll smother what little articulation the switch already has. The switches accept films, like everything else in the lineup, and films do their usual job of tightening housing tolerances and compressing the sound profile slightly. Given how restrained the Monochrome already sounds, I’d hesitate to film them unless the build absolutely needs it. You’d mostly be removing what little air is left in the sound. The 80Retros x HMX Monochrome are soft and gently-weighted linears with very few rough edges and they are relatively quiet in volume. Whether that’s the switch you want depends entirely on what you’re trying to build. If you want acoustic complexity, the GAME 1989 Orange is definitely more interesting. If, however, you want a low-effort and low-noise linear that disappears into the build, the Monochrome fit that role pretty well. I wouldn’t call it an exciting switch, but I would, however, call it a sort of grown-up switch. Disclaimer: I’m not a switch scientist. I don’t own a force curve rig, I can’t tell you the exact durometer of the KT2 blend, and my ears are probably not calibrated to the standards of someone like ThereminGoat . This review is based on my personal experience typing on these switches across a few different boards and ultimately actively using them on my primary keyboard . Your mileage may vary based on your plate material, case, keycaps, and other factors. Take everything here as one person’s experience and use it as a starting point for your own.

0 views
マリウス 1 months ago

Photography Workflow with ~~Darktable on Linux~~ Lightroom on GrapheneOS

Disclaimer: I had initially prepared this post under the title Photography Workflow with Darktable on Linux , but after endless fights with Darktable I eventually decided to scrap that workflow altogether and look for an alternative. The workflow documented herein is unfortunately very far from the result I was striving for, yet it is sadly the best I can put together given the current state of open-source RAW development and photo editing software. After I gave Adobe the finger back in 2019 and moved my photography workflow to Capture One on a MacBook , I eventually had to reconsider this approach when I moved back to Linux on the desktop and replaced the device with a Linux laptop . I briefly tried running Capture One in a Windows VM on my laptop , but decided against it, as it was a huge PITA and lacked proper hardware acceleration. Initially I considered a fork of what is probably the best-known open-source RAW developer and photography workflow application out there, Darktable , called Ansel , but ultimately decided against it. The points that Ansel ’s author, Aurélien, brought up seemed like valid criticisms and demonstrated both his knowledge of and his passion for making Darktable a better tool. However, reading further through his website and his GitHub account, it became apparent that he might be the kind of misunderstood genius who has great ideas and ambition, but who would ultimately struggle to operate within, let alone lead the kind of community required to successfully maintain a fork of a piece of software this large. I therefore didn’t have high hopes of this lone cowboy keeping up with, let alone surpassing, the development efforts the Darktable community is currently putting in. Given that Ansel was explicitly billed as a hard-fork that would not remain compatible with the official Darktable release, going down that path felt too risky. Ansel would ultimately have to provide a migration path for existing Darktable users, as otherwise there would be little to no incentive for anyone with a functioning Darktable workflow already in place to put up with the effort. Instead, I decided to stick with Darktable . For about a year I tried to build a new workflow on top of it. The things I would miss the most from Capture One were the VSCO presets that I had brought over from Lightroom , and for which there didn’t seem to be any way to convert them into a format compatible with Darktable while producing roughly similar results. Luckily, João, a developer and photographer, made what he calls t3mujinpack , a collection of film emulation presets for Darktable . In a blog post , he provides details on which film stocks are included and how to make use of them in Darktable . His pack includes the presets I almost exclusively use from VSCO : Kodak’s Portra 160, 400 and 800. While the results aren’t 100% identical to what Capture One produces with the converted VSCO packs, neither are those exports identical to what Lightroom originally produced. Every piece of software has slight differences in its inner workings, so this is to be expected and can be adjusted for. During my travel through all of Spain in 2024 I decided to rely exclusively on Darktable for developing and editing the photos that I would ultimately upload to this site. That was a big mistake. I rarely say bad things about truly open-source software, because ultimately it is open-source, it’s driven by a community of volunteers, and everyone should be happy that these people do what they do. Also, given that it’s open-source, anyone is free to go ahead and improve what they deem worth improving. However, Darktable is, in my opinion, one of the few exceptions that seem to have derailed so badly that it’s fair to say it has reached a point of no return in terms of usability and jankiness . Let me explain by starting with one of the most annoying things: More often than not, Darktable crashes in the middle of editing sessions, apparently due to Wayland-related issues. However, since I’m also running GIMP and Blender , which I would argue do similar, or even slightly more complex things than Darktable , yet don’t run into such issues, I’d assume that this is not a problem with my Wayland setup specifically. I didn’t try to debug the issue further, as I was mainly focused on testing and establishing a workflow. Had Darktable otherwise worked perfectly fine for me and only run into this issue every once in a while, I would have dug deeper to find the root cause. Unfortunately, this was only one of many things that kept me from continuing to use Darktable . Besides the random crashes, Darktable is unbearably janky and slow. The UI feels like it’s about to fall over at any moment, regardless of whether ROCm acceleration is enabled or not. UI elements feel hacked together, the overall navigation is hostile towards regular users, and it’s impossible to find anything just by looking, because everything is hidden behind collapsed modules, tabs and a gazillion sliders and buttons. To give a single example of the sheer UI craziness that is Darktable : To rotate an image to the right (clockwise), you need to drag a slider to the left (counterclockwise). While on a touchscreen interface this might be more intuitive, when using a touchpad on a laptop or even a mouse it definitely doesn’t feel natural. After all, maybe a slider isn’t the best UI element for this operation to begin with? Another issue that I experienced was related to organizing photos. With over 4000 (RAW) photos in the library, Darktable becomes unbearable to work with. Aside from the spontaneous crashes and overall slow UI, finding specific photos in a library of that size is an excruciatingly painful task. Unlike Capture One and Lightroom , Darktable doesn’t easily support a workflow based on individual, smaller libraries, e.g. organized by location or event. There are ways to sort photos within Darktable ’s main library, but I couldn’t find an easy way to split them out into multiple small libraries. Assuming that you managed to find and edit the photos you were looking for, the headaches continue when you try to export them. It appears that Darktable is unable to export photos with pixel-perfect adherence to the crop aspect ratio . The implementation details and the proposed solution appear to be just as janky as everything else, and a quick search for in the Darktable GitHub repository uncovers a lot more of that same jankiness. I ended up running the following command over every photo exported by Darktable , just to obtain a properly shaped image, meaning I’d lose a few pixels here and there: As mentioned a long time back in an update , I ended up with a broken Darktable library, meaning that I lost all the adjustments that I did manage to export up until that point . Short story long, I eventually ditched Darktable for a plan B . After Darktable broke my library and I lost months’ worth of edits, I found myself back at square one. The idea of returning to Adobe felt like defeat, but when I looked at what was actually available for my setup, which is a Google Pixel Tablet running GrapheneOS , Adobe Lightroom for Android turned out to be the only realistic option that could handle RAW files and offer a non-destructive editing workflow. Adobe Lightroom Mobile is, on paper, a reasonably capable RAW editor for Android. It supports a wide range of camera RAW formats and offers the familiar tone curve, HSL sliders, color grading, masking, and healing tools that anyone coming from desktop Lightroom will recognize. It can read photos directly from the device’s own storage, edit them locally without an internet connection, and export to JPEG with full control over quality and output dimensions. In short, the feature set is there. The physical side of the workflow is straightforward. I attach a USB-C SD card reader to the Pixel Tablet, open a file manager, and copy the RAW files from the card into a dedicated folder on the tablet’s internal storage. From there I open Lightroom , import the photos from that folder into a local album, and work through them one by one. Once a photo is where I want it, I export it as a JPEG into the folder on the tablet’s storage. That folder is monitored by Syncthing , which synchronizes the finished exports to my other devices in the background. The performance of Adobe Lightroom on Android is, to put it mildly, terrible. Rendering a RAW preview after entering edit mode takes long enough that you find yourself staring at a loading indicator more often than at the actual photo. Scrolling through a grid of thumbnails is a choppy, stuttering affair that makes you wonder whether the application is doing something computationally expensive or is just poorly written. I acknowledge that the Pixel Tablet is an older budget device, yet Lightroom treats it as if it were running on hardware from 2005. Lightroom on Android is every bit as buggy as Adobe products traditionally are on macOS and Windows, but somehow worse, because the interface is also frequently broken in ways that make the application essentially unusable without restarting it. The UI will routinely enter a state where confirmation and action buttons either stop responding to taps, as if the touch layer has fallen out of sync with whatever is rendered on screen, or simply disappear altogether. The only resolution is to quit the app and reopen it, at which point you hope that the edit you were in the middle of survived. Entire features will similarly go dark without warning. The auto-straighten function, which should detect the horizon in a photo and level it, simply grays out and stops working at some point. No error, no indication as to why it has become unavailable, nothing. Again, restart the app, try again, maybe it works this time. These are not edge cases or exotic scenarios, but rather the normal operating experience of Adobe Lightroom Mobile . One of the things I was most concerned about before committing to this workflow was the prospect of Adobe silently uploading my photos to their cloud infrastructure. The desktop version of Lightroom has a long and well-documented history of syncing content to Adobe’s servers in ways that are easy to miss and difficult to fully disable. On Android, GrapheneOS gives you a tool that the desktop doesn’t: Per-application network permission revocation. I first disabled the cloud sync option within Lightroom ’s own settings, then went into GrapheneOS’s permission manager and removed the network permission from the Lightroom app entirely. It continues to function as a local RAW editor without any network access whatsoever. Photos stay on the device. Nothing leaves without my explicit say-so via Syncthing. Note: To keep things simple, I did not go into the fact that Lightroom is running inside an Android 16 Private Space , which also contains a sandboxed instance of Google Play Services and lets me create a virtual barrier between the rest of the FOSS apps on the Pixel Tablet and this spyware malware crap proprietary software. With this setup, however, importing data becomes slightly more tedious, as it requires the Google Files app to be able to read an attached USB-C storage device (SD card) from within the Private Space . The Google Files app is a giant UX disaster all by itself, into which, for the sake of our both’s time and mental health, I won’t dive into. One pleasant surprise was that I managed to import the VSCO Lightroom presets I purchased well over a decade ago into Lightroom Mobile on Android. The preset files still work, and the film emulations I had relied on for years, in particular the Kodak Portra series, show up in the presets panel and can be applied to photos. With Adobe being Adobe, however, this had to come with a catch. Lightroom Mobile is apparently incapable of remembering which preset was applied to a given photo. Open an edited photo that had a VSCO preset applied, and Lightroom will display a warning telling you it cannot find the preset, even though the preset is sitting right there in the presets list, available and functioning, ready to be applied to new photos. The edit itself is intact… well… at least sometimes. Other times, Lightroom simply loses the edits altogether. It’s the kind of bug that suggests the feature was never properly tested beyond the initial happy path, which is about what you’d expect from Adobe. To be frank, this workflow sucks compared to the one I had on macOS using Capture One . Lightroom is still the terrible POS it had always been, and paying money to a company like Adobe feels like funding a criminal organization. Unfortunately, there doesn’t appear to be a viable alternative, especially not one that’s libre . The remaining options would be to either pay into Apple’s walled garden by purchasing one of their newer iAmtheproduct devices and subscribing to Capture One Mobile , or to rely exclusively on Fuji’s in-camera film simulations (which sadly won’t work for the Sony ). Judging by the reviews of Capture One Mobile , however, the former option doesn’t appear too promising either. Looking at the situation in a more positive light, I nevertheless managed to replace the underlying stack on which my photography workflow runs with more privacy-respecting software ( GrapheneOS ). That’s at least something , although it seems this workflow won’t live that long either, given that Google keeps locking down their Pixel devices and GrapheneOS appears to be pivoting to Motorola-made hardware , who might not release a GrapheneOS-compatible Moto Pad anytime soon. Oh well. Pro tip: A USI 2.0 pen makes using Lightroom on a device like the Pixel Tablet significantly less painful, at least as long as the USI pen actually works properly, which sadly isn’t always the case with the Renaisser pen I own. If you’re looking for a more general review of the Google Pixel Tablet with GrapheneOS, look here .

0 views
マリウス 2 months ago

The Rise of the Bullshittery

Disclaimer: This is an opinion piece and it is the result of years of watching the same pattern play out in different industries, and sort of running out of patience. If you are one of the people doing honest, careful work in a field that no longer rewards it, this post is for you. However, if you are one of the people I am about to describe, then you probably already know who you are and you might want to keep on reading nevertheless. The tl;dr is at the bottom. A few weeks ago, I found myself in one of the rare situations in which I was mindlessly doom-scrolling on LinkedIn just to exclusively see one post after another that contained no actual information and not a single sentence that would have lacked any more substance if you replaced every noun in it with a different noun. There were thought leaders leading no thoughts, founders founding nothing of actual value, strategists describing strategies that amounted to “be visible” and “ship fast” , and an alarming number of self-described AI experts whose expertise appeared to consist entirely of having a ChatGPT or Claude subscription and the willingness to write about it in seventeen-paragraph posts. There is a word for this kind of communication, one the philosopher Harry Frankfurt famously employed back in 1986, when he wrote a short essay called On Bullshit . Frankfurt’s central observation, which has aged terrifyingly well, is that the bullshitter is not the same as the liar , because the liar at least respects the truth enough to try to hide it, but the bullshitter does not care whether what they are saying is true or false. The truth-value of the statement is simply not part of their concern. The bullshitter is optimising for a different objective, usually appearing competent , appearing confident , or appearing to be the right kind of person to be in the room . And precisely because the bullshitter is indifferent to truth, Frankfurt argued, they are a greater threat to honest discourse than any liar. Twenty years on, that essay reads like a pre-mortem on the modern internet and, in parts, modern society. The unspoken contract behind most professional life used to be as simple as learning how to do something, doing it well and gradually developing a reputation among people who could tell the difference. Over time, that reputation would then translate into work, money, and a degree of stability. It was a slow process, that sometimes was unfair, and that was never as meritocratic as its proponents claimed, but at least the basic shape of it made sense. Doing a good job was, on average, an advantage. That contract, however, has been broken in ways that are hard to comprehend, let alone ignore these days. The dominant mechanism for distributing professional opportunity is no longer slow reputation, it is algorithmic visibility . The algorithm, howeveer, does not particularly care whether you are good at your job, it only cares whether your message is engaging enough to spread fast and far. Researchers studying the so-called attention economy have been making this point for years, but one specific area that is particularly interesting is the one about politicians. A 2024 analysis of more than 6,500 U.S. state legislators found that distributing low-credibility information correlated positively with attention on the major platforms. In other words, being less reliable was, on average, a winning strategy for getting noticed. The same dynamic applies, in a less visible but more pervasive way, to anyone who has to build an audience to find work. The people who optimise for being correct are competing on an unfair playing field against people who optimise for being heard , and the result of this is a slow inversion of incentives. The careful professional, who takes a week to think through a problem, who refuses to claim expertise they do not have, and who writes one in-depth researched post about a specific topic, gets out-competed and buried by the carnival barker who will claim any expertise that fits the trending topic, and who fires off five posts a day, each of them a slightly different rephrasing of the same content-free observation. I am not arguing that honest, competent work has disappeared, but I am arguing that the incentive structure no longer points toward it, and that this fact has consequences that compound over time. If you want to see the cleanest expression of this, the place to look is LinkedIn . The platform has become, by any reasonable metric, the professional-class equivalent of late-night infomercial television, except the products on offer are other people’s careers . There is now a well-documented genre of so-called mentorship influencers on the platform who leverage job seekers’ desperation to sell hollow advice, false hope, and bogus referrals, often under the facade of having worked at a recognisable (mostly tech) company. The trick is the same one snake-oil salesmen have been running for centuries: Look at me, I am living proof that what I am selling works! These days, however, this trick comes with a slightly more modern twist and the proof for the sales pitch tends to be a curated profile picture, a fabricated job title, and a few thousand bot-inflated followers. What makes this maddening is not the existence of grifters , who are an old problem, but the way LinkedIn (and many other platforms) actively rewards them. The algorithm does not know the difference between a thoughtful five-paragraph essay by somebody who has spent a decade in the field, and a five-paragraph essay generated in twenty seconds by an LLM, that’s probably sprinkled with emojis. From the algorithm’s perspective, both are content , and the one that triggers more engagement (usually the cheaper, more emotional, more bombastic one) wins. Multiply that across millions of users and you end up with a feed in which the loudest claims rise to the top, and the people doing the actual work become invisible. The same shape repeats on Medium , on Twitter X , on Instagram , on YouTube , on TikTok , on Substack , and on all the other content-driven platforms, where there is now an entire AI grift economy of fake money-making gurus recycling the same handful of prompts and selling courses about how to do it. While the platforms might be different, the physics are the same, the currency is engagement, and the byproduct is bullshit. The casualty of all of this is sadly anyone whose work cannot be compressed into a fifteen-second hook. While snake oil predates the internet by a few centuries, and plenty of people built lucrative careers out of nothing long before LinkedIn existed, what is new, and what I think changes the problem, is that the marginal cost of producing convincing bullshit has collapsed. Large Language Models have done for grift what the shipping container did for global trade. They did not invent it, but they turned a manual process into an industrial one. Now, anyone with a browser can generate a thousand words of confident, on-topic, syntactically clean text on any subject in under a minute. They can ship a book to Amazon , an article to a content farm, a thread to LinkedIn , and even a video to YouTube , all without ever having to know what they are talking about. The output passes the basic test of sounds about right , and that is, increasingly, the only test the distribution channels (and sadly the readers/viewers) apply. This behavior might however stem from a phenomenon that was observed over a decade ago already, which is the spread of paid employment that even the employee secretly believes is pointless and in a sense hollow . In his 2013 essay On the Phenomenon of Bullshit Jobs , David Graeber argued that an enormous and growing fraction of professional work, in finance, consulting, middle management, communications, and adjacent fields, was producing nothing of obvious social value, and that the people doing it knew. However, it is important to mention that the empirical data for Graeber’s strongest claims is contested , and that a 2022 study found that less than 8% of European workers reported feeling their job was useless, well below the 20-60% that Graeber’s framing implied. Also, it appears that toxic culture and bad management were better explanations than pointlessness for the unhappiness he was describing. I nevertheless think that there is an argument of his observation that survives the critique, which is that an awful lot of modern professional life consists of producing artifacts whose primary audience is other people producing artifacts . Slide decks for slide decks, strategy documents about strategy documents, posts about posting. Obviously this work seems not useless to the worker, who is being paid, or to the platform, which is selling ads against it, but it is still utterly useless to anyone outside the loop. This is the bullshittery in its mature form, which doesn’t consist of individual lies, or individual scams, but a steady-state ecosystem in which a large share of professional output is produced to be seen by other people producing output, and in which the connection to anything resembling a real customer, a real problem, or a real outcome has gone slack. The part that bothers me the most is what it does to the people who refuse to participate in this whole charade. If you are a software engineer who insists on shipping things that work, a writer who insists on knowing the subject before publishing, a designer who insists on testing the thing on actual humans, a craftsperson of any kind who treats the work as the whole point of it, you are competing in a market that has been quietly tilted against you. The person next to you, who is willing to fake the demo and declare victory on LinkedIn even before the launch, is going to look more successful than you. They will get the speaking slots, they will get the promotions or, worse, the funding rounds. Heck, they might even end up on Forbes’ 30 under 30 . All that you will get is the satisfaction of doing the job properly, which, don’t get me wrong, is a beautiful thing, but sadly it does not pay rent. I think a lot of the cynicism, exhaustion, and quiet bitterness that has crept into professional life over the last years is downstream of this problem. I don’t believe that people no longer want to do good work, but I think that doing good work has stopped paying the way it used to, while doing bad work loudly has started paying significantly better, so people notice and they adjust. Of course, I might be completely off here and it is possible that the situation is not actually worse, only more visible. Bullshit has always been with us and neither LinkedIn nor any other platform invented the self-promoting middle manager. What has changed, though, is the observability of the bullshit, for which we now have a continuously updating feed. We see it all consolidated into a handful of prominent places, and maybe the volume looks higher because we are looking at all of it at once, and maybe not because the per-capita rate has actually climbed. This could be an explanation, but I frankly don’t think it accounts for all of what I am describing. It could also be, however, that what I’m describing are just people trying to keep up . The slop-posting middle manager who cannot tell you what their team actually built last quarter is not necessarily a malicious fraud, but they may be a person whose job no longer rewards them for knowing, in a system that has trained them to perform and act instead. While this, if true, does not make the output less hollow, it certainly does change who the actual villain is. Frankly, I don’t know, and I do not have any advice to give straight away on this. I believe, however, that in order to be able to dial things down again with regard to the bullshittery, we need actions on both sides, the reader/viewer, as well as the performer / creator . As viewers, we probably need to go back to reward substance when we see it. If somebody you follow does the careful and properly-sourced version of a piece of work, say so out loud. The system is starving them of the signal that it cheerfully overpays the bullshitters with and you are one of the people who can correct that. If you, as a viewer, can afford it, pay for the human-made version when you can. If a writer, an engineer, a designer, a musician is doing the work, and there is a way to give them money that does not pass through three instances of platform extraction, do it! The economics of doing real work in public are bad enough already without the further insult of zero direct support. As creators, we have to refuse to perform what we do not believe. This is harder than it sounds, because there is incentive and maybe even pressure to write that post , record that video , do that talk , publish that announcement , and saying no costs visibility you may not be able to afford to lose. But every honest professional who declines to bullshit is a small data point against this trend, and I think there need to be more of those data points. Frankfurt’s deepest argument is that the bullshitter is not embarrassable, because they have no relationship to the truth they could betray, while the honest person can be embarrassed, because they have made a claim they meant. As a creator, hold on to that, because being embarrassable is not a weakness. In a market that has stopped penalising shamelessness, it is one of the few remaining markers that the person you are talking to is operating in good faith. So be embarrassable! When I started writing this post, the angry version of it was about the people. The grifters and the gurus , the LinkedIn content pushers and the vibe-coding founders shipping vaporware to investors who frankly should know better. But after a few drafts I realised that I was aiming at the wrong target, because the people are mostly responding rationally to a system that pays for performance and ignores substance. If I blame them, I have to also blame myself for the times I stayed quiet and smiled at the demo, or signed off on the launch I did not believe in. I guess that most of us have done some version of that. It’s the system that is to blame, or as the old saying goes, “don’t hate the player, hate the game” . A market that prices visibility above credibility, that rewards the loudest claim over the truest one, and that lets a thin facade outsell a real product because the facade ships faster, is not a force of nature, but the cumulative effect of a lot of small decisions made by platforms, regulators, employers, and consumers, including me and you. None of those decisions are settled forever and each one of them is, in principle, reversible. I do not think honest work is going away, but I do think it is being pushed into a narrower, harder-to-find tier, the way handmade goods got pushed away when the factories arrived. There will still be a livelihood in it, and for some of us a very rewarding one, but the path to that livelihood will increasingly require you to do the work and to make the case, in public , for why your version of it is worth more than the cheaper, louder, hollower alternative. And that is a significantly harder game than the one we used to play. The simplest thing I can offer to anyone reading this, who is tired of being out-shouted by the bullshittery, is also the most boring: Keep doing the work, keep a principled and honest stance, keep saying I don’t know when you don’t, keep being embarrassable. Even though the market is bad at rewarding it right now, it will not continue to be forever. Hopefully.

0 views
マリウス 2 months ago

I Do Not Recommend Bitwarden

Almost four years ago I published a guide on how to run your own LastPass on hardened OpenBSD , in which I explained how to set up an OpenBSD instance, either as a cloud instance or as a Raspberry Pi bare metal installation, that would host Vaultwarden as a backend for the Bitwarden client applications. After having used a similar approach for myself for several years now, I came to the conclusion that I do not recommend the use of Bitwarden any longer. Let me explain. Wikipedia describes Bitwarden as _a freemium open-source password management service that is used to store sensitive information […] owned and developed by Bitwarden , Inc. , and that is now almost ten years old. The company behind the software is not only developing the Bitwarden server , as well as client applications for most platforms, but it is also offering a SaaS product for users who don’t want to put up with hosting this unwieldy beast on their own. More on this in just a moment. Bitwarden ’s pricing for their hosted offering is similar to their competitors' offerings, albeit with differences in terms of functionality. Regardless of whether one picks their hosted offering or decides to self-host, however, the client applications remain the same. Since 2022, Bitwarden is also backed by $100M of PSG growth equity , joined by Battery Ventures . A password manager that wants to remain open-source is one thing, but the same password manager with an investor on its board that needs to see a return on $100M is another. Without wanting to sound overly cynical, this is usually the point in time in which the rent-seeking begins and the product slowly shifts from serving its users to serving its investors. If you decide to self-host Bitwarden , however, you will relatively quickly find yourself in what I would describe as enterprise software hell . The standard Bitwarden server deployment is a heavy-weight C# backend that ships with MSSQL Express and won’t work with more Linux-native databases like PostgreSQL or MariaDB . Depending on the size of the deployment and the requirements with regard to high availability, you might want to utilize Kubernetes, which in turn adds additional overhead and complexity. Because of this, many smaller to medium-sized deployments prefer to look into Vaultwarden instead, which is an unofficial Bitwarden-compatible server written in Rust™ . The simple and lightweight nature of Vaultwarden compared to the official Bitwarden server makes such a big difference for administrators that the unofficial server project has seemingly three times the stargazers on GitHub as compared to Bitwarden ’s official implementation. This should make you think, especially as a series B -funded company with $100M, whether your (technical) users appreciate the current direction your software stack is heading towards, or whether you might want to look into bringing the people that built a vastly more successful backend implementation on-board to optimize and accelerate your official stack. And surely that’s what Bitwarden decided to do, right? Sadly, however, it seems that Bitwarden ’s NIH syndrome was too strong to simply take over Vaultwarden as an official project. Instead, the company seemingly hired the main developer of the Vaultwarden project and decided to publish a “lighter” version of their existing backend dubbed Bitwarden unified lite , which is still a service built on Microsoft ’s .NET , and which still appears to require more than three times the RAM a Vaultwarden instance usually consumes. Regarding the open-source part of Bitwarden , things have been getting murkier over the past year or so. In late 2024, users started noticing that a new dependency, , had been pulled into the clients. Its license read: You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK. For a product that prides itself on being open-source, this is a fairly significant plot twist . After considerable backlash in the community, however, Bitwarden called it a “packaging bug” and eventually relicensed the SDK under GPLv3 . Technically, the issue is resolved. Philosophically, however, this episode tells you all you need to know about where Bitwarden is heading: The freeware parts are bait , the actual product is the SaaS subscription, and the community is there to contribute issues and translations as long as it doesn’t cost the company anything. Setting aside the backend, however, the real culprit with regard to Bitwarden are the client applications. Advertised functions do not work as expected, basic features are non-existent (after ten years!) and the user interface is poor to put it mildly, especially when compared to equally priced alternatives. And don’t get me wrong, if Bitwarden was purely a FOSS-effort and not funded by venture capital all these flaws could be brushed aside because, after all, it would be a community effort. However, Bitwarden isn’t a community effort , which is reflected very noticeably in the bureaucratic processes they drowned the community in, but more on this in a moment. About a year ago, I supported someone who tried to switch from a competitor to Bitwarden under the thought of rather supporting open-source software with a yearly subscription than some proprietary platform that one has no insights into. Part of the migration was naturally importing existing vaults from the previous password manager into the new Bitwarden account. As can be seen in my bug report on GitHub , however, this went sideways very quickly, and resulted in at least one vault requiring significant technical workarounds for the import to work. The response from what sounded like an official Bitwarden employee left me frankly stunned. Despite the migration/import feature being advertised in multiple places throughout Bitwarden ’s marketing materials and documentation, and despite dozens of users having already complained about the exact same issue, Bitwarden simply decided to ignore the issue report and instead requested opening another likely dead-ended discussion in their community forum. This level of corporate bureaucracy is not at all what open-source software should look and feel like, and it is definitely completely unjustified for a feature that is being advertised on both the open-source software, as well as the paid product, but that simply does not work as advertised. Similarly, many other issues are funneled through this process of community discussions , which more often than not turn out as not much more than lengthy threads of pointless back-and-forth, and almost never materialize in actual implementations. Note: The same import was tested with proprietary alternatives to Bitwarden and worked flawlessly. Migration pain is not limited to the initial import. Even when you’re already inside Bitwarden and simply want to shuffle entries between an organization vault and your individual vault, or the other way around, there is, to this day, no proper “move the selected items to …” feature. For a handful of logins you can clone/edit each one manually, but anyone who has ever tried this with a few hundred items (say, after cleaning up a collection , leaving a company, or consolidating several organizations ) knows that this quickly becomes a carpal tunnel -inducing exercise. The official workaround that Bitwarden support and community threads recommend is to export the source vault as unencrypted JSON , edit the file, and then re-import it into the destination vault. Setting aside the obvious security footgun of having 500+ credentials sitting in plain text in , or worse, a directory that’s silently synced to the cloud (think Dropbox , OneDrive , iCloud , …) while you figure out where to put them, the process happily loses a non-trivial amount of data along the way: […] if there are file attachments in any of your vault items, then these will not be included in the export […] the export will not include items in the Trash , or any password histories or timestamps. For any organization that relies on attachments (e.g. SSH key files, licence keys, recovery codes as images) or on password history for compliance/audit reasons, this is plainly unacceptable. For a product whose entire job is to be the source of truth for your credentials, the complete absence of a “move these 500 items to that vault, keep everything intact, click OK” button in year ten of its existence speaks volumes about where Bitwarden ’s engineering priorities lie. Another example concerns client updates. It appears that Bitwarden pushes new updates to their clients that can lead to vaults becoming inaccessible (on the client side) at random, without any heads-up to the users. I personally encountered this issue while travelling. When I had my phone plugged-in overnight, F-Droid decided it’s a good time to update a few apps, one of which was Bitwarden . The next morning I had to log into my banking and when I opened the Bitwarden app on my phone I was unable to access my vault. It took some time to figure out what was going on ( via Vaultwarden ), and I was lucky that I had my UPDC (which hosts my Bitwarden backend) with me, as otherwise I could have ended up in a pretty bad situation with my whole vault being unavailable. The sheer irresponsibility with which Bitwarden appears to push what looks like breaking protocol changes between the clients and the backend is frightening. As someone who relies heavily on my password manager to work in offline mode, this experience taught me that Bitwarden cannot be trusted. From that moment on, I disabled automatic updates for the Bitwarden clients and exported a current snapshot of all passwords to a local backup in KeePassChi / KeePassXC / KeePassDX . This is, by the way, not a Vaultwarden -specific issue, despite Bitwarden staff claiming so. Searches through the repository return a long list of very similar reports, for example around the 2025.12.x release introducing regressions that prompted users for the master password twice after login and then crashed the app, or the 2025.6.0 release that simply crashed on startup for many users. The Android app in particular went through a full rewrite from .NET MAUI to native Kotlin in 2024, which shipped alongside a trail of regressions that continue to show up in quarterly releases. Aside from the aforementioned technical details, Bitwarden is (and has always been) one of the subjectively worst applications on my phones and my desktop in terms of user interface. The UI/UX is in fact so horrible, that even after years of use I still dread opening the ungoogled-chromium extension, let alone any of the desktop and mobile apps. Aside from the fact that building the Electron -based desktop app from source is a huge PITA and that the pre-built Flatpaks are not working properly on Wayland , one more general, major issue that I’m experiencing with the Bitwarden client applications (and extensions) is the fact that while they clearly support offline use, they’re not intentionally built for it. Hence, whenever I open the mobile app or the browser extension, there’s a noticeable delay that sometimes takes literal seconds or even minutes, in which the client application seemingly tries to reach the backend, which often isn’t around (because I’m not hosting my Bitwarden backend on the open internet). While this sounds like a nitpick, it truly slows down things whenever one has to unlock Bitwarden (which is almost always, as I do not trust especially the browser extension to remain unlocked all the time). Sadly, there seems to be no way to turn off syncing when unlocking the vault to prevent the clients from waiting unnecessarily. Another example of a bad user experience is the logins overview (titled Vault ). Whenever I am on a website (in my desktop browser) and I would like Bitwarden to fill the login form, I tend to click the extension’s icon in the toolbar and then click the entry in the list. This has been how all other password manager UIs that I have used in the past have worked; Not Bitwarden , though. There, you need to click the small Fill button on the right side of the list item. If you click the big list item itself, which is highlighted on mouse-over, you simply open that item to show its details. Instead of allowing the user to click the big UI element (which is the whole list item), Bitwarden forces them to click a significantly smaller, harder to hit UI element (a button on top of a clickable list item). As with the syncing feature, there’s also no way to flip this behavior, so that clicking the list item would fill in the form, while clicking the tiny button would open the item’s details page. I’m apparently not alone in this sentiment. A quick glance at recurring Hacker News threads on the topic reveals that users have been complaining about pretty much every single one of these issues, ranging from the desktop app not focusing correctly when opened , to “loading for over 5 minutes before showing my passwords” , to the browser extension asking to save passwords that are already there , to broken biometric login on iOS, laggy mobile apps, and, of course, the famous “Log-In suggestions not showing” . Feature requests that have been sitting in the community forum since 2021 (such as a simple edit history for entries) remain untouched, which is a pattern that MSP resellers also called out publicly as “glacial feature development” . Speaking about lists, the Bitwarden CLI has an equally bad user interface. For example, the command of the tool will unexpectedly output every detail of every item, including passwords and TOTP codes, without the need for an additional e.g. flag. There’s no way that reasonable engineers looked at this and said “Yep, that’s how we do things, because we cannot imagine a single situation in which anyone might mistakenly pipe to some place and unintentionally expose all their credentials” . Also, can we take a step back and talk about the fact that the Bitwarden CLI is a terminal tool built in TypeScript ? Not only because it requires a metric ton of runtime and dependencies, but also because JavaScript isn’t exactly the stack anymore that you’d run carefree on your continuous integration environments. “Why?” , you ask? Hold my beer… A password manager has, essentially, one job : Keeping the user safe, by keeping their credentials safe. For a product that has been around since 2016 , Bitwarden has accumulated a surprisingly long list of incidents in which it at least partially failed at exactly that task. And no, I’m not talking about theoretical vulnerabilities, I’m talking about things that actually shipped to production. In January 2023, shortly after the LastPass breach had the entire industry questioning the real-world strength of cloud-hosted password vaults, security researcher Wladimir Palant published an analysis showing that Bitwarden ’s advertised 200,001 PBKDF2 iterations were, in practice, closer to 100,000 . The reason was that the additional server-side iterations were only applied to the master password hash used for login , but not to the encryption key protecting the vault data. An attacker with access to a leaked vault could therefore bypass the server entirely and was left with the same effective security as with LastPass . Additionally, the default client-side iteration count was still at 100,000 , below OWASP recommendations at the time, and a concern that had been raised as far back as 2020 . Bitwarden eventually raised the default to 600,000 and added Argon2 support, but (mirroring LastPass ’ earlier mistakes) the change initially applied only to new accounts, leaving existing users responsible for manually updating their own KDF settings. Still in 2023, RedTeam Pentesting disclosed “Bitwarden Heist” ( CVE-2023-27706 ), a vulnerability in the Windows desktop client that allowed attackers with domain-administrator access to extract the vault decryption key from the local DPAPI storage without ever prompting Windows Hello or the master password. In the words of the researchers: Any process running as the low-privileged user session can simply ask DPAPI for the credentials to unlock the vault, no questions asked. The fix eventually shipped in version 2023.4.0 , months after initial disclosure. Also in 2023, CVE-2023-27974 was disclosed. The vulnerability was about the Bitwarden browser extension, which happily offered to fill credentials into cross-domain iframes embedded on trusted pages, as long as the base domain matched. Meaning, if embedded an iframe from (e.g. on a subdomain controlled by a third party), credentials could be stolen. Bitwarden ’s response was that iframes “must be handled this way for compatibility reasons” , and that “Auto-fill on page load” was not enabled by default. Small comfort if you did enable it. Fast-forward to August 2025, when security researcher Marek Tóth publicly disclosed a class of DOM-based clickjacking attacks that could trick the Bitwarden browser extension into autofilling credit card details and personal information after a single click on a malicious page. The vulnerability had been reported four months earlier, in April 2025, but was classified by Bitwarden as “moderate severity” and was not patched until version 2025.8.2 , shipped on the very day the researcher’s embargo expired. And then, a few days before I started writing this post, news broke that the official Bitwarden CLI client ( ) was compromised in the ongoing Checkmarx supply chain attack : The affected package version appears to be , and the malicious code was published in , a file included in the package contents. The attack appears to have leveraged a compromised GitHub Action in Bitwarden’s CI/CD pipeline , consistent with the pattern seen across other affected repositories in this campaign. Organizations that installed the malicious Bitwarden npm package should treat this incident as a credential exposure and CI/CD compromise event . The payload downloaded the Bun runtime, decrypted a second-stage Shai-Hulud worm and started harvesting GitHub and npm tokens, SSH keys, shell history, AWS , GCP , Azure credentials, GitHub Actions secrets, and even MCP configuration files used by AI tooling. The data was then exfiltrated by auto-creating a public repository on the victim’s own GitHub account and uploading the stolen credentials there. Bitwarden ’s npm distribution pipeline stayed compromised for approximately 19 hours and 334 developers had enough time to pull the malicious package before it was caught. Bitwarden ’s official statement emphasised that no end-user vault data was accessed , which is technically true and entirely beside the point. Everyone running in a CI pipeline just handed the attackers whatever else happened to live on that machine. For a company whose one job is keeping secrets safe, distributing an actively malicious CLI through its official channels is not a great look. It also ties back nicely to the earlier rant about shipping a password manager CLI as a Node package. Had been a single statically-linked binary in Go or Rust (as most of the ecosystem has moved towards) the npm -shaped blast radius simply wouldn’t exist in that form. And while supply-chain attacks within the Go and Rust ecosystems are on the rise as well, the barriers for successful attacks are still higher. Note: None of the above incidents are world-ending on their own. Every non-trivial piece of software will ship with bugs, and critical vulnerabilities happen to everyone. What bothers me is the pattern . The reactive (rather than proactive) security posture, the “working-as-intended” responses to embarrassing findings, the reliance on a Node.js toolchain for a security-critical CLI, and the fact that several of these issues had been quietly flagged by external researchers long before they were actually addressed. As this post is not an ad-driven hit-piece by any of Bitwarden ’s competitors, you won’t be reading anything along the lines of "… switch to <insert SaaS product here> now and get 50% off your first year with promo code SWORDFISH" . Instead, I will describe the approach that I’m taking moving forward, which might be something that you, as an equally frustrated long-time Bitwarden user, might be interested in exploring as well. Over the past years, I came to the conclusion that there’s no single password manager that will work perfectly for every use case and setup. For example, in my personal life, I do not need the ability to share vaults or individual passwords with other people. In my professional life, however, that is a fairly common occurrence. Similarly, the login credentials for bank accounts or insurance portals do not need to be available through a CLI tool, but they have to be available across multiple devices. Secrets for cloud storage or SSH private keys for deployments, however, don’t need to sync to any of my phones , but they do need to be accessible from a command-line tool that can be invoked programmatically. With these requirements in mind, it only makes sense to think of a way to better compartmentalize each set of credentials, rather than trying to find a single software or platform that can kill ten birds with one stone. Also, looking at it from a security perspective, it makes total sense to split up these password groups into different softwares and services in order to minimize the impact that a data breach might have. Generally, the approach that I came up with splits my credentials into the following groups: For group A I’m going with a SaaS password manager that offers proper vault sharing, integrates with the tools clients actually use (SSO, browser extensions on corporate machines, audit logs), and takes the hosting burden off my plate. The platform is proprietary, which I would normally not be thrilled about, but given that the scope of this group is client work only , I’m accepting the trade-off. For group B , the rationale is a bit counter-intuitive at first. The accounts tied to these credentials already contain personal information like name, address, date of birth, maybe payment details, which is regularly leaked by the very same services anyway, as a quick look at Have I Been Pwned confirms. A breach of the password manager itself would therefore not meaningfully expand the attacker’s knowledge. With TOTP and Passkeys in place, it frankly doesn’t even matter anymore at this point. What does matter here is cross-device availability, realiability and offline capabilities. I’m using a second, separate cloud-based password manager for this group, from a different vendor, with a different master password and different recovery mechanisms, so that a compromise of group A doesn’t automatically compromise group B and vice-versa. As I will be running their mobile app on at least one GrapheneOS device, I prefer a solution that doesn’t depend on Google Play Services and ideally offers an open-source/source-available client. Group C covers all the accounts I have on internet forums, websites, privacy-respecting services, and anything that doesn’t hold PII. For these, I don’t need, nor do I want, a cloud service. I’m using KeePassChi / KeePassXC / KeePassDX with the database file sitting in a folder that is being synced across my devices via Syncthing , which is an approach I have already written about in the past . The file is itself encrypted, which means that even if Syncthing were compromised (and the attacker somehow got their hands on the file), they would still need to break the KeePassChi / KeePassXC encryption to get anything useful out of it. On mobile, KeePassDX on Android reads the same file without fuss. For group D , I’m using a mixed approach of storing personal credentials using the same approach taken in group C , and credentials that are actually used by scripts, CI jobs, and remote servers, using HashiCorp Vault , which is the same one I was already running for PKI in my OpenBSD setup. Vault is a bit of an overkill for a single user, but it gives me proper access policies, token-based authentication for automated agents, short-lived credentials for things that support it, and audit logs. Having that said, I’m looking into Infisical . For group E , the API keys, personal access tokens, and random secrets that I only ever use from the command line, I’ve settled on the venerable utility. It stores each secret as an individual GPG -encrypted file in a Git repository, which is conceptually simple, easy to audit, and cooperates perfectly with shell scripts and my dotfiles . The Git repository lives on my own infrastructure, not on GitHub , and it’s only synced manually when I actually need to access it from a different machine. This might all sound like a lot of moving parts, and I understand if it looks like overkill for someone coming from a single-vault world. The reality, however, is that after years of using Bitwarden as a one size fits all solution, I realised that one size fits all meant one size fits poorly . Splitting credentials across multiple tools turned out to be significantly less painful than I had initially assumed, mostly because each tool is individually well-suited to its specific task. And if any one of them gets breached, the blast radius is limited to one category of secrets, not the whole lot. After several years of self-hosting Bitwarden , I’ve come to the conclusion that the product has drifted further and further away from what I originally signed up for. The enterprise-first architecture that barely fits on a Raspberry Pi, the half-hearted attempt at a “lighter” backend, the SDK licensing situation , the slow pace at which features are being addressed, the avoidable UX paper-cuts that haven’t been fixed in years, and finally the string of security issues that shouldn’t have shipped in the first place, all paint a picture that I find hard to reconcile with the “open-source password manager for everyone” narrative. I’m not suggesting that the alternatives are universally better or free of their own issues, because password managers are simply hard, and every player in this space has its fair share of skeletons. What I am suggesting is that you take a hard look at how much trust you are placing into a single piece of software for all of your credentials, and whether that bet is still the right one, which for me, it no longer was. Here are some other views on this topic: A: Credentials for professional/client projects (think platform logins, etc.) B: Credentials for accounts containing PII (think bank accounts, online shops, etc.) C: Credentials for accounts that do not contain PII (think accounts on internet forums, online platforms, etc.) D: Credentials for infrastructure (think server logins, SSH keys) E: One-off credentials (think API keys, tokens, etc.) Ask HN: Alternatives to Bitwarden? Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign Concerns Over Bitwarden Moving Away from Open Source

0 views
マリウス 2 months ago

Privacy Setup for Android 16 with GrapheneOS

GrapheneOS is a free and open-source mobile operating system, built on top of the Android Open Source Project (AOSP) but with a strong focus on privacy and security. It’s developed independently, with no ties to Google or any hardware vendor, and it’s the operating system I’ve been recommending (and using on my own devices) for years, both on the phone side and on the tablet side . Compared to the Android you get out of the box on a new Samsung Galaxy , nothing phone or even Google Pixel , GrapheneOS is a fundamentally different thing. Where stock Android ships deeply integrated with Google ’s services, that constantly sync contacts, calendars, search history, advertising identifiers, approximate location, and trickle telemetry back to Mountain View , GrapheneOS strips all of that out by default. Where vendor Android additionally ships with preloaded apps from Facebook , Microsoft , Amazon and the manufacturer’s own ecosystem, each with their own telemetry pipeline, GrapheneOS ships with almost nothing at all. And where stock Android relies on Google for things like push notifications, attestation, captive portal checks and time synchronization, GrapheneOS routes these through its own infrastructure, or makes them optional entirely. On top of that, GrapheneOS adds a substantial amount of hardening at every layer of the stack, from a hardened memory allocator and stricter sandboxing rules, all the way up to user-facing tools like per-app network and sensor permission toggles that simply don’t exist on stock Android. In short, GrapheneOS is what Android could look like if the people building it weren’t in the business of selling your data. And because it’s open source, independently audited and developed with a clear threat model in mind, it has earned the trust of journalists, activists, engineers and plenty of ordinary people who simply don’t want their phone to be a surveillance device. With all that said, there’s a common misconception that I keep encountering, that simply flashing GrapheneOS onto a compatible device is enough to magically protect its owner from Big Tech or other adversaries spying on them and their data. While GrapheneOS goes to great lengths to disable and circumvent the tracking that smartphone vendors like Google usually build into their Android phones, and hardens various aspects of the system on top of that, the main cause for concern is usually less the bare naked Android system, but more often than not the apps running on top of it. If you are using apps like Facebook , TikTok , Outlook and Amazon , the surveillance happens within these apps and platforms, regardless of what operating system they’re running on. Common questions from others that I’m encountering with regard to the use of GrapheneOS are along the lines of “I need to use this banking app on my phone, can I do that with GrapheneOS?” , or “I need to use Microsoft Teams for work, does GrapheneOS support it?” . While many of these questions can be answered with yes , there’s a fundamental issue with this approach, in which people think that if only they switch the base operating system of their smartphone, all of the sudden they will become invisible to the companies behind these apps. This is sadly a misconception. The operating system is, albeit an important part, only one layer of the stack. Flashing GrapheneOS protects you from a lot of what Google bakes into stock Android, and it adds a surprising amount of defense in depth via things like the hardened memory allocator , the network permission toggle or storage scopes . What it cannot do, however, is change what the apps you install are sending to their backends. If you depend heavily on using apps that are inherently privacy-invasive, it doesn’t make much sense to limit yourself to the few devices that an operating system like GrapheneOS is able to run on, and then go through all the hoops of getting the apps that you need to work on those devices. In such a case, compartmentalization is the better approach: Run these type of apps on e.g. a modern iOS device, which is a platform with industry leading out-of-the-box security for the average user, and only use a GrapheneOS device for the apps and platforms that you have full control over or can reasonably trust to not spy on you. This is in my opinion the most important mental model to internalize before starting down this path. The goal isn’t “one device that does it all, perfectly private” , as that device doesn’t exist and chasing it will only give you a false sense of privacy. The goal is to make sure that the device which lives in your pocket, the one that knows where you drive, where you sleep and who you talk to, is running a minimal, trustworthy and hardened stack. Everything that brings known spyware into the mix, like corporate communication suites, banking apps, rideshare apps, airline loyalty clients, food delivery apps, all the usual suspects, belongs on a separate, deliberately untrusted device. That device can happily be a stock iPhone or a stock Pixel. Don’t fight that reality, use it in the most minimal way possible. That device does not need a copy of your full address book and calendar, nor does it needs access to your primary password vault. And it most certainly doesn’t need your family vacation photos or your Taylor Swift concert videos. It can co-exist just fine on a dedicated SIM card, with a dedicated phone number and everything else that the corporate you needs. Using the spyware device in such a conscious way ultimately benefits your privacy alter-ego , as it maintains a public persona of yourself that hAs NoThInG tO hIdE . Many people recoil at the idea of carrying two phones, but in practice the spyware device rarely needs to leave your desk or (Faraday-)bag. You pull it out when you need to check in for a flight, pay a bill, submit an expense report or hop on a corporate video call. For everything else, the GrapheneOS device is more than sufficient. And because it doesn’t carry the weight of two dozen chatty apps, its battery life and overall responsiveness will improve dramatically as a side effect. However, because life is never as clear cut as this, with Android 16 there is a new Private Space feature that can be utilized to further compartmentalize apps within the same device. Private Space is essentially a separate user, nested inside of the owner user, with its own isolated storage, its own set of installed apps and its own work/background state. The apps inside a Private Space don’t share any common data with the rest of your apps and they don’t even necessarily share the same network routes. Therefor, if you are using a VPN on your main profile, your Private Space apps won’t see this and hence won’t be using the connection, and vice-versa. That last bit is worth pausing on. You can have a completely different VPN configuration, a completely different set of DNS settings and, effectively, a completely different exit IP for the apps inside your Private Space , without having to juggle user profiles via the lockscreen. When the space is locked , the apps inside it are frozen, their processes are torn down, their notifications are silenced and their icons disappear from the app drawer and the recents view. When the space is unlocked , it’s as if you briefly teleported to a second phone, used the app you needed, and then went back. Examples of apps which would make sense to run inside the Private Space would be for example the Uber app. This app contains your private information (name, payment info) and is something you don’t want to be running in the background 24/7, as you quite likely only need it sporadically, whenever you have to hail a ride. By installing Uber only inside the Private Space , it will only be allowed to run once you unlock the space. You don’t need to worry about Uber continuing to track your location after you completed your ride ever again. A similar argument can be made for a messenger like WhatsApp . I would not recommend relying on WhatsApp as your primary means of communication, but if you have that one group chat with family members that absolutely refuses to move off WhatsApp , or that one client who insists on sending you voice notes there, installing it inside the Private Space and only unlocking it when you actually need to check in is a reasonable middle ground. You get the communication channel, Meta doesn’t get a background service on your primary profile 24/7. However, this approach clearly only makes sense for apps that you only need to use sporadically or in emergency situations in which you might not have your dedicated spyware device with you. If you need to use something like Microsoft Teams on a constant basis, putting it into the confined Private Space might not make much sense as, unless the space is unlocked, the app won’t deliver message notifications. The official AOSP documentation even carries a warning that Private Space is not suitable for apps that need to run in the background or send critical notifications, such as medical apps. Treat it as the right tool for “occasional use” , not as a replacement for proper profile hygiene. People new to GrapheneOS often ask how Private Space differs from the traditional secondary user profiles that GrapheneOS has supported for years. The short answer is that Private Space is strictly more convenient, and secondary profiles are strictly more isolated. Secondary user profiles have their own encryption keys, derived from their own unlock credential. When you switch out of a profile or, even better, explicitly end the session of the profile, its data goes back to rest on disk and no longer resides in memory in a decrypted state. Private Space , on the other hand, lives inside the owner profile and piggybacks on its encryption context. When the owner profile is unlocked, the mere existence of data inside the Private Space can be inferred, even if the contents themselves remain protected. For most threat models this difference is purely academic, but it’s worth being aware of. In practice, my recommendation, and the one GrapheneOS itself tends to partially make , is roughly as follows: If you’re coming from a setup that relied solely on secondary profiles, you’ll notice that Private Space eliminates the lockscreen dance for the casual apps, while leaving the cryptographic isolation of secondary profiles available for the things that truly warrant it. The GrapheneOS installation itself is a breeze and, in my experience, the easiest way to put a non-stock operating system onto a smartphone. No , no , no fiddling with recovery images or sideloading obscure ZIPs. You unlock the bootloader, connect the phone to a computer and open GrapheneOS’ WebUSB installer in a compatible browser. From there, the installer walks you through the individual steps. The whole process takes around fifteen minutes and results in a factory-fresh GrapheneOS device. Make sure your device is in the list of officially supported models . Up until nowUp until now GrapheneOS specifically targets Google Pixel phones because Pixels offer verified boot with user-controllable root-of-trust, proper firmware and driver updates, the Titan M2 security chip and a bunch of other hardware-level properties that other Android vendors simply don’t match. This, however, is supposed to change with compatible devices from Motorola hitting the market in 2027. Running a “privacy ROM” on an unsupported device is in many ways worse than running stock Android, since you lose verified boot and in some cases even timely security patches. Once the device boots into GrapheneOS for the first time, resist the urge to immediately install all the apps you’re used to. Walk through the setup wizard, set a strong PIN or passphrase (six digits minimum!) and then, before doing anything else, spend fifteen minutes in the settings. This is the part most guides gloss over. GrapheneOS ships with sensible defaults, but a handful of additional tweaks can noticeably harden the device against both remote and physical threats. GrapheneOS adds a network permission toggle that appears on the install dialog of every new app and as a toggle in the app’s permissions screen. Habitually uncheck network access for any app that has no business talking to the internet. A gallery viewer, a calculator, a local file manager, a launcher, none of these should need network access. It’s a tiny friction with a disproportionately large effect on the amount of telemetry and personal data leaving your device. The sensors permission toggle covers everything the regular Android permissions don’t: Accelerometer, gyroscope, compass, barometer, and so on. You can block these on a per-app basis, which is particularly valuable for apps that have no legitimate reason to know how often you pick up your phone. GrapheneOS also exposes quick-toggle tiles for the camera and microphone in the pull-down menu, which cut access at the system level rather than the per-app level and are convenient for walking into a sensitive meeting or leaving the phone on the nightstand. Under Settings ➔ Network & internet ➔ Private DNS you can point the system resolver at a DNS-over-TLS provider of your choice. Quad9 , Mullvad DNS and NextDNS are all reasonable options. Cloudflare is (sadly) GrapheneOS’ default fallback. If you run your own recursive resolver, which I’d argue is the gold standard, even better. Keep in mind that the Private DNS hostname is looked up once via plaintext, so use a provider you’re okay briefly touching in the clear. With the base system locked down, it’s time to think about what actually goes on it. My general recommendation is to solely use F-Droid for free-software apps. Yes, F-Droid has its well-documented issues as is far from perfect, but for technically literate users who can read source code it remains the best option available in terms of provenance and privacy. For a browser, Vanadium is the default and the safest pick from a pure security standpoint, as it’s a hardened Chromium fork maintained by the GrapheneOS team, with strict site isolation, JIT disabled by default and a per-site JavaScript toggle. The main tradeoff is the lack of proper extension support, which rules out more sophisticated blocking support. If that’s a dealbreaker, install Cromite alongside Vanadium and reserve it for sites where you really need content blocking, while keeping Vanadium as your default for general browsing and anything sensitive. Also make sure to disable JavaScript by default and only enable it for sites that you know and trust! Once the setup is done, the real work is maintaining the discipline. A few habits that have served me well over the years: GrapheneOS on a recent Pixel remains, in my opinion, the closest thing to a genuinely private and secure mobile device that a non-state-actor can own today, despite Google ’s hardware being absolute garbage from quality control and performance perspectives. What GrapheneOS is not , however, is a magic spell that undoes the surveillance business models of the companies whose apps we’ve allowed into our lives. If you take one thing away from this post, let it be the compartmentalization mindset. Use a dedicated stock iOS or Android device for the stuff that absolutely demands surveillance-laden apps like banking portals that only ship as an app, corporate messaging suites, airline loyalty programs, food delivery, and rideshare. Use your GrapheneOS device for everything else, and save the Private Space on that GrapheneOS device for the in-between category, the apps you genuinely only need once in a while, like Uber while traveling, or a messenger like WhatsApp that a handful of people in your life refuse to leave behind. Reserve secondary user profiles for the hard cases that require Google services but that you don’t want bleeding into your daily profile. For new GrapheneOS users, the temptation will be to replicate your old app collection one-to-one. Don’t. Treat the move as an opportunity to audit what you actually need, and keep the owner profile as boring and empty as possible. For experienced users, the addition of Private Space in Android 16 is, I think, the single biggest quality-of-life improvement in years. It lets you retire a bunch of those one-off secondary profiles you created for “that one app” , without giving up meaningful isolation. Revisit your profile layout, consolidate where it makes sense, and lock the rest away behind a space that is off until you explicitly ask for it. None of this replaces thinking about your own threat model, your own habits and the people you communicate with. But on top of a thoughtful threat model, GrapheneOS with Android 16 is sadly about as good as it gets. Footnote: The cover image is a parody ( “meme” ) made from a screen capture of Google ’s Made by Google event with Jimmy Fallon . The host sadly did not publicly endorse GrapheneOS the same way he e.g. endorsed the highly questionable Bored Ape NFT . Owner profile: Lean, minimal, no Google services. F-Droid, trustworthy apps, a solid browser like Vanadium or Cromite . Secondary user profile for sandboxed Google Play : Install sandboxed Google Play here, along with the handful of apps that genuinely require Play Services, like certain banking apps. Keep this profile as small as possible, enable notifications so you don’t miss a transfer confirmation, and end the session whenever you’re done. Private Space inside the owner profile: The occasional use bucket. Uber, Lyft, food delivery, maybe WhatsApp for that one stubborn contact, loyalty apps that you open once a quarter. Lock it when you don’t need it. Auto-reboot: Settings ➔ Security & privacy ➔ Auto reboot . By default GrapheneOS reboots the device after 18 hours of being locked, putting all data back at rest and rendering cold-boot and many forensic attacks significantly harder. I personally lower this to eight or twelve hours. Duress PIN: Settings ➔ Security & privacy ➔ Device unlock ➔ Duress Password . This lets you configure an alternate PIN or password that, when entered on the lockscreen, irreversibly wipes the device in the background without any warning or confirmation. Useful if you’re ever in a situation where you’re compelled to hand over the device unlocked. Lockdown: The standard Android lockdown action (long-press the power button ➔ Lockdown ) disables biometrics and notification previews until the next successful PIN/passphrase entry. Make this a reflex whenever you hand the phone to someone or walk into a situation where you might be compelled to unlock it with your face or fingerprint. PIN scrambling and two-factor fingerprint unlock: Both are available in the lockscreen settings. The former randomizes the keypad layout to defeat shoulder-surfing, the latter requires a PIN after the fingerprint as a second factor. USB-C port control: Settings ➔ Security & privacy ➔ More security & privacy ➔ USB-C port . Set this to Charging-only when locked , or even Charging-only at all times if you rarely use the port for data. This prevents a plugged-in cable from establishing a data connection without your explicit consent. Resist re-installing apps you just removed. The whole point of going through this exercise is to shrink your attack surface. If you find yourself missing Instagram after two weeks, it’s worth asking whether you actually miss Instagram or whether you miss the dopamine loop. Review permissions periodically. Keep the spyware device actually separate. No shared WhatsApp account, no shared password manager vault. Treat it as a different person’s phone. Hit lockdown before boarding a plane or crossing a border. Biometrics offer essentially no legal protection in most jurisdictions. Lockdown forces the next unlock to require a passphrase and if things go sideways there’s the duress PIN. Reboot the device before sleep. Before First Unlock is a meaningfully different security state from After First Unlock . A fresh reboot means the keys haven’t been touched since the last time you intentionally typed your passphrase.

0 views
マリウス 3 months ago

KTT x 80Retros GAME 1989 Orange

I picked up the KTT x 80Retros GAME 1989 Orange switches a while ago at Funkeys , a physical brick-and-mortar mechanical keyboard store in Yongsan-gu, Seoul , and it’s my first linear switch. Given its surprisingly cheap price I really didn’t expect much from it to be honest. KTT is a name people normally associate with budget options, like Peaches , Sea Salts , and Strawberries . It’s the kind of switches that show up in beginner build guides and they are generally good stuff, but not really the kind of thing that made me stop and think about what I was typing on. However, the GAME 1989 Orange changed that perception for me, and it did it in a way I genuinely didn’t see coming. But before we get into the switch itself, we need to talk about the vibe , because the vibe is half the story here. 80Retros is a relatively young brand out of China that debuted on ZFrontier around December 2023 with an interest check for their GAME 1989 cherry-profile PBT keycap set inspired by the original Game Boy . They describe themselves as lovers of all things vintage and retro, and unlike a lot of brands that slap “retro” on things as a marketing afterthought, they actually seem to mean it. What’s remarkable is how fast they’ve moved since then. Within a few years, they went from a single keycap IC to pushing out nearly a dozen different switches across two separate manufacturers ( KTT and HMX ), along with matching keycap sets in multiple colorways. The G.O.A.T. of switch reviews himself, ThereminGoat , covered this in detail in his HMX Volume 0-T review , and the GAME timeline is pretty interesting: The original HMX -manufactured GAME 1989 switches came first, followed by what he calls the “Film Trio” (the KD200 , FJ400 , and GAME 1989 Classic ), all packaged in these absolutely gorgeous film canister-inspired containers that look like oversized Kodak rolls. The film canister thing started as a nod to the KD200 and FJ400 being camera-brand-inspired, but the community loved the packaging so much that 80Retros seemingly just kept using it for everything. Even for switches that have nothing to do with photography. The KTT -manufactured GAME 1989 Orange and Red are the newer entries in this expanding catalogue, released as part of an “Expanded Film Series” in early 2025 alongside a Silent White variant and an HMX XMAS switch. So we’re looking at a brand that is absolutely not slowing down. On paper, PC top and PA66 bottom is a pretty classic material combo. KTT has used variations of this pairing for years. What makes this switch interesting is the KT2 stem made out of their proprietary UPE blend. UPE ( ultra-high molecular weight polyethylene ) is a material that’s been showing up more and more in the switch world, but it’s one of those things where the specific manufacturer’s blend matters enormously. Keygeek ’s U4 , for example, sounds glassy and solid. KTT ’s KT2 is more dry, a bit foamy, and (this is the part I didn’t expect) it brings an audible character that I can only describe as “marble-y” . It’s not soft, but it’s not hard either. It sits in this interesting middle ground. At 4mm travel with a pole bottom-out the switch is technically a long-pole linear, but the full travel distance means it doesn’t feel like one in the snappy, sharp way that most long-poles do. The pole bottom-out is there, but it’s mellowed out by the travel length and the stem material. More on that later. Stock smoothness is good, and I mean genuinely good. Probably not HMX -tier buttery, and probably not the absolute smoothest thing I’ve tried in the recent years, but there’s a quality to the travel that feels deliberate and controlled. The factory lube is present but light. A thin coating on the bottom housing railings, some on the stem legs and leaf, and the springs seem lightly done too. There is a texture to the keystroke and some people might call it scratch, but I’m not sure that would be fair, though it’s not entirely wrong either. UPE blends can be unpredictable when paired with other housing materials. Sometimes you get something silky, sometimes you get audible friction. The KT2 blend with this PC/PA66 housing produces a slight tactile grain in the travel that I genuinely enjoy. It’s subtle enough that you won’t notice it during normal typing speed, but if you slow-press a single key at ear level, it’s there. Spring-wise, 40g actuation bottoming out at around 50g is on the lighter side, especially for me and my usual Frankenswitches . I wouldn’t call it featherweight, but if you tend to bottom out hard, you’ll definitely hit the end of the stroke with minimal effort. The springs are clean, without noticeable ping in my set. The factory lube on the springs seems to do its job. One thing to note is that there’s reportedly about a 3g variance between individual switches. I couldn’t verify that precisely, but I did notice the occasional key that felt marginally different. Not a dealbreaker for me, but if you’re the kind of person who weighs every spring in a batch, keep it in mind. As for wobble, it is present. There’s some slight vertical (north-south) wobble and maybe a touch of east-west if you go looking for it. This seems to be a known trade-off with KTT ’s newer molds. Their older switches like the Hyacinths seemingly had incredibly tight tolerances, but those molds are from a different era. KTT has been retooling to accommodate new materials like their KT2 and KT3 blends, and the fit isn’t quite as snug as the old stuff. As for films, they probably do help to tighten up the housings and I’ve read that filming the switches apparently also compresses the sound profile slightly. Personally, the wobble doesn’t bother me too much. The sound profile is where the GAME 1989 Orange gets genuinely interesting, because the sound profile is busy , and I mean that in a good way. The bottom-out is lower-pitched than you’d typically expect from a PC -topped switch. The PA66 bottom housing and the KT2 stem material seemingly pull the tone down into a territory that’s thocky without being mushy. There’s a definite pop to the keystroke, and the bottom-out has weight to it. The top-out (the return stroke) is a touch brighter, creating this slight tonal contrast between the downstroke and upstroke that gives the switch a lot of auditory dimension. There’s a lot happening acoustically at any given keystroke and none of it sounds muddied or confused. The “marble-y” quality I mentioned earlier really comes through in the sound. It’s not a wet, lubed sound, but a relatively dry and more textured one, with a character that feels… natural, in lack of better words. The slight scratch in the travel actually adds to the sound profile rather than detracting from it. The initial contact, the pole hitting bottom, the spring compression, the return remains distinct of each other and layered. Volume-wise, it’s moderate. Definitely not silent, but also not exactly loud. Slightly quieter than your average long-pole, which makes sense given the full 4mm travel and the way the KT2 material absorbs some of the impact energy. I haven’t yet tested it on any of my aluminium builds , but at least on the few keyboards Funkeys had these switches on, as well as on my Kunai , I find that the sound profile works beautifully. Having that said, these switches are definitely less ideal for quiet/public environments, like open space offices and cafes. The switches come factory lubed and they work just fine stock. I’d personally resist the urge to lube them further unless you specifically want to kill the audible scratch, which I think is part of the charm. If you do lube, know that you’re trading character for smoothness, and these are already reasonably smooth to begin with. They accept films, and filming them does seem to tighten the sound slightly with less resonance in the housing, a more compressed signature. Depending on your build and plate material, that might be exactly what you want or exactly what you don’t. Try a few with and without before committing. As for the packaging, if you buy the 35-switch sets, they come in those aforementioned film canister containers. It’s genuinely lovely and a nice touch that makes the whole experience feel considered. Not something I’d pay extra for, but it’s a detail that matters for the overall product identity. One thing to note is that the canisters open very easily. I wouldn’t walk around holding them upside down unless I’d want to play find 35 switches hidden underneath the furniture . The KTT x 80Retros GAME 1989 Orange surprised me. It’s a switch that trades the ultra-polished, frictionless perfection for something with a dry, textured, slightly scratchy keystroke that somehow comes together into a sound profile that’s warm, full, and more complex than it has any right to be at this price point. It’s not perfect. The wobble is there, and the housing tolerances aren’t as tight as the best in the business. It doesn’t feel like every other linear on the market, at least not like the ones I had the chance to try over the past years. It has character, which, in a hobby that’s increasingly crowded with technically excellent but personality-free switches, has its charm. If you want the smoothest linear available, look elsewhere. If you want something that sounds interesting, feels engaging, and comes wrapped an homage to a long gone era give the 1989 Orange a shot. I’m genuinely glad I did. Disclaimer: I’m not a switch scientist. I don’t own a force curve rig, I can’t tell you the exact durometer of the KT2 blend, and my ears are probably not calibrated to the standards of someone like ThereminGoat . This review is based on my personal experience typing on these switches across a few different boards and ultimately actively using them on my primary keyboard . Your mileage may vary based on your plate material, case, keycaps, and other factors. Take everything here as one person’s experience and use it as a starting point for your own.

0 views
マリウス 3 months ago

Updates 2026/Q1

This post includes personal updates and some open source project updates. 안녕하세요 and greetings from Asia! Right now I’m in Seoul, Korea. I’ll start this update with a few IRL experiences regarding my time here and some mechanical keyboard related things. If you’re primarily here for the technical stuff, you can skip forward or even skip all of the personal things and jump straight to the open source projects . With that said, let’s dive straight into it. Seoul has been one of the few places that I genuinely love coming back to. I cannot pinpoint why that is, but there’s a particular rhythm to the capital that’s hard to explain until you’ve lived in it for a while. Not the tourist rhythm, where you tick off palaces and night markets to “complete your bucket list” but the deeper, slower one that makes the city truly enjoyable. The rhythm of picking a neighborhood, learning its backstreets, finding your morning coffee spot, and then finding a different one the following week. I spent my time here doing exactly that, and what follows are some honest reflections on a city that continues to surprise me. As some of you might know by now, I’m basically the Mark Wiens of coffee, because I travel for coffee , except that I don’t film myself and put it online. But I’ve surely had a lot of coffee, in a lot of cities. However, Seoul’s coffee scene operates on a completely different level. The sheer density of independently run coffee shops is staggering. Within a fifteen-minute walk in neighborhoods like Mangwon , Hapjeong , or Sangsu , you can pass dozens of places where someone is carefully dialing in their espresso, roasting their own beans, and serving a beautifully made Americano for usually around three or four thousand KRW . That’s roughly two to three US dollars for a genuinely excellent cup of coffee, which is a pretty solid value proposition. I’ve been in Seoul before, multiple times actually, and I had the chance to find genuinely great cafes which I kept on my list of places to revisit whenever I would happen to come back. And so I did. But as life moves forward, places change or, in more unfortunate circumstances, even close down for good. das ist PROBAT is one of the places that sadly closed just a few days before I arrived. In its spot is now a new Ramen restaurant that seemed fairly popular. A few other places I’d loved on previous visits and that are still operating left me genuinely disappointed this time around. Compile Coffee was one of the sharper letdowns. Two years ago, it was a highlight. This time, however, the experience felt rushed and careless. The barista hurried through the ordering process, despite no one else waiting in line, and the cappuccino that followed was a spectacle for all the wrong reasons. The milk was frothed to an almost comical extreme, the liquid poured in first, then the foam scooped in one spoonful at a time, and finally a thick layer of chocolate powder on top that I hadn’t asked for. It felt like watching a car accident happening slowly enough for every detail to remain stuck in one’s head, yet too fast to articulate anything about it. I gave the place another try a few weeks after this incident only to experience a similarly rushed and somewhat unloving execution. Another change that I hadn’t seen coming was Bean Brothers in Hapjeong . The coffee house converted from their old industrial-style space to a noticeably more polished and… well, “posh” one. The new spot is nice enough, but the vibe has shifted towards a more upscale, less alternative one. In addition, they also opened up a new location in Sangsu , which leans further in that direction, with wait times for walk-ins that suggest a clientele they’re specifically courting. Bean Brothers seems to be evolving into a streamlined, upscale chain, and while that’s not inherently bad, it’s a different thing from what originally made it special. And last but not least, there’s Anthracite Coffee Roasters , specifically the Seogyo location , which had been one of my absolute favorite spots back in 2023. It pains me to say this, but the place has become a ripoff, with this specific location charging eight thousand KRW for a hot (drip coffee) Americano to go. For context, the healthy food chain Preppers serves a full meal consisting of a big portion of rice and a protein, as well as some greenery, for 8,900 KRW. The cup of drip coffee at Anthracite is only halfway full, and most of the time it arrives already lukewarm, which makes it essentially useless as a to-go option, unless all you want is to gulp down around 120ml of coffee. You’d think a place charging premium prices would at least discount a thousand Won for takeaways, as many Seoul cafes do. The Seogyo location’s commitment to drip coffee not only makes it feel somewhat pretentious considering the prices, but also adds a whole other layer of issues. During peak hours, the wait is considerable, and the coffee menu is limited to a small rotation of options that, more often than not, skew toward the acidic side of the spectrum. If that’s your preference, there’s nothing wrong with that. But when combined with the pricing, the lukewarm temperatures, and the half-filled cups, the experience increasingly feels like you’re paying for a brand name rather than a good cup of coffee. However, the beautiful thing about Seoul’s coffee culture is that for every established spot that drifts toward becoming another Starbucks experience, ten new places pop up that more than make up for it. The ecosystem is relentlessly self-renewing. In the same neighborhood as Anthracite ’s Seogyo location, I discovered a handful of places that are not only better in the cup, but dramatically more affordable: These are only a handful of places that I think of off the top of my head, but rest assured that there are plenty more. The quiet confidence of people who care about the craft without needing to perform it is what makes these places special. No gimmicks, no inflated prices justified by whatever interior design. Just friendly people and good coffee that’s made well and respects the customer. The time in Seoul reinforced what I already knew from past visits. This city is one of the best places in the world to simply be in. The neighborhoods are endlessly walkable, the infrastructure works beautifully (with the exception of traffic lights and escalators, but more on that in a bit), and the coffee culture, despite the occasional disappointment from places that have lost their way, remains one of the richest and most dynamic I’ve encountered anywhere. The disappointments, if anything, make the discoveries sweeter. The food also deserves a mention. Seoul is one of those cities where even a quick, unremarkable lunch tends to be delicious and more often than not at a sane price, judging from a global perspective. Compared to other capital cities like London or, worse, Madrid , in which food prices are frankly absurd, especially when taking the generally low quality into account, the cost of food in Seoul still strikes me as overall reasonable. Unlike for example Madrid , which is an almost homogenous food scene, Seoul offers incredibly diverse options, ranging from traditional Korean food, all the way to Japanese, Thai, Vietnamese and even European and Latin American food. And while the Italian pasta in many places in Seoul might not convince an actual Italian gourmet, it suddenly becomes a very high bar to complain about dishes that originate as far as twelve thousand kilometers/seven thousand miles away and that have almost no local cultural influence . Another beautiful thing about Seoul, at least for keyboard -enthusiasts like I am, is the availability of actual brick-and-mortar keyboard stores. Seoul is home to three enthusiast keyboard shops: Funkeys , SwagKeys , and NuPhy . The first two are local vendors that have physical locations across Seoul, the latter is a Hong Kong-based manufacturer of entry-level enthusiast boards that just opened a showroom in Mapo-gu . I took the time to try to visit each of them and I even scooped up some new hardware. The Funkeys store is located in the Tongsan district, on the second floor of a commercial space. The store is relatively big and stocks primarily FL-Esports , AULA , and 80Retros boards, keycaps and switches, but you can also find a few more exclusive items like the Angry Miao CyberBoard . I seized the opportunity to test (and snap up) some 80Retros switches, but more on that further down below. SwagKeys is probably a name that many people in the keyboard enthusiast community have stumbled upon at least once. They are located in the Bucheon area and they used to have a showroom, which I tried to visit. Sadly, it wasn’t clear to me that the showroom was temporarily (permanently?) closed, so I basically ended up standing in front of locked doors of an otherwise empty space. Luckily, however, SwagKeys have popup stores in different malls, which I have visited as well. Unfortunately in those popup stores they only seem to offer entry-level items; Enthusiast products are solely available through their web shop and cannot be ordered and picked-up at any of their pop-up locations. I was curious to test and maybe get the PBS Modern Abacus , which SwagKeys had in stock at that time, but none of the pop-ups had it available. Exclusive SwagKeys pop-up. This is a shared space with plenty of other brands to choose from. The NuPhy showroom in the Mapo-gu area is a small space packed with almost all the products the brand offers, from keyboards, over switches and keycaps all the way to accessories and folios /bags. However, the showroom is exactly that: A showroom. There’s no way to purchase any of the hardware. As with almost everything in Seoul, your best bet is to order it from NuPhy’s official Korean store, which accepts Naver Pay . Apart from Funkeys , SwagKeys and NuPhy , there are various brands (like Keychron , Razer and Logitech ) that can be found across in-store pop-ups in different malls. It’s interesting to see a society like the one in Seoul, that has largely moved away from offline-shopping for almost everything but fashion (more on this in a moment) having that many shops and pop-ups selling entry-level mechanical keyboards. I guess with keyboards being something in which haptics and personal preference play a big role, it makes sense to have places for people to test the various boards and switches, even if most of them will ultimately only sell the traditional Cherry profiles. Speaking of mechanical keyboards, I happened to be in the right place at the right time this year to visit the Seoul Mechanical Keyboard Expo 2026 at the Seoul Trade Exhibition Center ( SETEC ) in the Gangnam area. It was an interesting experience despite being less of a traditional enthusiast community event and more of a manufacturer trade fair targeting average users. Because yes, the average user in Korea does indeed seem to have a soft-spot for mechanical keyboards. This, however, meant that most vendors would primarily showcase the typical mainstream products, like Cherry profile keycaps and boards that are more affordable. For example while Angry Miao were around, their Hatsu board was nowhere to be seen. And it made sense: Every vendor had little signs with QR codes that would lead to their store’s product page for people to purchase it right away. Clearly, the event was geared more toward the average consumer than the curious enthusiast. It was nevertheless interesting to see an event like this happening in the wild . Getting around is different in Seoul than it is in other cities. If you’re navigating Seoul with Google Maps , you’re doing it wrong. Naver Map is simply superior in every way that matters for daily life here, although this might soon change . Not only does Naver show you where the crosswalks are, something you don’t realize you need until you’ve jaywalked across six lanes of traffic because Google told you the entrance was “right there” , but it also shows last order times for restaurants and cafes, saving you from going to places only to find out they’re not serving anymore. And public transit arrival times? Accurate to a degree that feels almost unsettling. You trust Naver , because it earns that trust. Clearly, however, me being me , I only used Naver without an account and on a separate profile on my GrapheneOS phone . Also, I mostly use it for finding places and public transit; For everything else CoMaps works perfectly fine, and I take care to contribute to OSM whenever I can. Note: The jaywalking example isn’t too far-fetched. You’re very tempted to cross at red lights simply because traffic light intervals in Seoul are frankly terrible. As a pedestrian you age significantly waiting for the stoplight to finally turn green. If you’re unlucky, you’re at a large crossing that is followed by smaller crossings, which for reasons I cannot comprehend turn green for pedestrians at the exact same time. Unless you are Usain Bolt there is no way to make it across multiple crossings in one go, leading you to have to stop at every crossing for around three minutes. That doesn’t sound like much, until you’re out at -15°C/5°F. Seoul has too many pedestrian crossings with traffic lights, and too few simple marked crosswalks. This is however probably due to drivers often not giving a damn about traffic rules and almost running over people trying to cross at regular marked crossings. My gut feeling tells me that, because of the indifference of drivers, the government decided to punish every traffic participant by building traffic lights at almost every corner. However, this didn’t have the (supposedly) intended effect, as especially scooters, but also regular cars often couldn’t care less about their bright red stop light. Considering the amount of CCTVs (more on this in just a second) one could assume that traffic violations are being enforced strictly. However, judging by the negligence of drivers towards traffic rules I would guess that this is probably not happening. Circling back to the painfully long waiting times at crossings, that are only outrivalled by painfully slow escalators literally everywhere, a route for which CoMaps estimates 10 minutes can hence easily become a 20 minute walk. Naver , however, appears to be making time estimations based on average waiting times at crossings, leading to it being more accurate than CoMaps in many cases. With Naver being independent of Google , it works without any of the Google Play Services bs that apps often require for anything related to location. And don’t get me wrong, Naver is just as much of an E Corp as Google , but there’s something worth appreciating on a broader level here. Korea built and maintains its own mapping platform rather than ceding that ground to US big tech, and it shows. Naver Map is designed by people who actually navigate Korean cities, and that local knowledge is baked into every interaction. I would love to see more countries doing the same, especially European ones. While there is Nokia HERE Maps HERE WeGo in Europe, it’s as bad for public transport as you might expect from a joint venture between Audi , BMW and Mercedes-Benz , and it is not at all comparable to Naver Maps , let alone Naver as a whole. One big caveat with Naver , however, is that it will drain your battery like a Mojito on a hot summer evening, so it’s essential to carry a power bank . Even on a Pixel 8 , the app feels terribly clunky and slow. In addition, the swiping recognition more often than not mistakes horizontal swipes (for scrolling through photos of a place) for vertical swiping, making it really cumbersome to use. I assume that on more modern Samsung and Apple devices the app probably works significantly better, as the Korean market appears to be absolutely dominated by these two brands. As a matter of fact, the Google Pixel is not even being sold in Korea, which brings me to one important aspect of life in Seoul that might be interesting for the average reader of this site. As much as I enjoy Seoul, it is an absolute privacy disaster. CCTV cameras in Seoul are everywhere and the city government actively expands and upgrades them as part of its public-safety and smart city initiatives. The systems are “AI” -enabled and can automatically detect unusual behavior or safety risks . It’s hard to find a definitive number, but it’s estimated that Seoul is covered with around 110,000 to 160,000 surveillance cameras, with an ongoing expansion of the network. This makes Seoul one of the most surveilled major cities in the world. In addition to CCTV surveillance, Seoul is also almost completely cashless. Most places only accept card/NFC payments with cash payments being a highly unusual thing to do. While there are still ATMs around, getting banknotes is almost pointless. You can top up your transit card using cash, and you might be thinking that at least this way nobody knows who owns the card and you cannot be tracked, but with the amount of “AI” cameras everywhere, there’s no need to track people using an identifier as primitive as a transit card. Speaking of which, mobile connectivity is another thing. In Korea SIM cards are registered using an ID/Passport. From what I have found, there’s no way to get even just a pre-paid SIM without handing over your ID. In addition, with everything being cashless, your payment details are also connected to the SIM card. You could of course try to only use the publicly available WiFi to get around and spare yourself the need for a SIM card. However, the moment you’d want to order something online, you will need a (preferably Korean) phone number that can retrieve verification SMS and you might even need to verify your account with an ID. You might think that this doesn’t really matter because online shopping isn’t something vital that you have to do. But with Seoul being almost completely online in terms of shopping you cannot find even the most basic things easily in brick-and-mortar stores. For example, I was looking to upgrade my power brick from the UGREEN X757 15202 Nexode Pro GaN 100W 3-Port charger that I’ve been using for the past year to the vastly more powerful UGREEN 55474 Nexode 300W GaN 5-Port charger. I bought the 3-Port Nexode last year during my time in Japan , in a Bic Camera . However, in Seoul it was impossible to find any UGREEN product. In fact, I could not find any household name products, like Anker or Belkin , regardless of where I looked. Everyone kept telling me to look online, on Naver or Coupang . Short story long, to be able to live a normal life in Seoul you will unfortunately have to hand over your details at every corner. Note : Only one day before publishing this update, the popular Canadian YouTuber Linus Tech Tips uploaded a video titled “Shopping in Korea’s Abandoned Tech Mall” , which perfectly captures the sad state of offline tech stores in Seoul. What I found more shocking than this, however, is that it doesn’t seem like privacy concerns are part of the public discourse. The dystopian picture that people in the Western hemisphere paint in literature and movies, in which conglomerates run large parts of society and the general population are merely an efficient workforce and consumers isn’t far off from how society here appears to be working. At the end of February I ran into an issue that I had seen before : Back then, I attributed it to either alpha particles or cosmic rays, as I was unable to reproduce the issue nor reliably find bad regions in the RAM. This time, however, my laptop was crashing periodically, for seemingly no reason at all. After running the whole playbook of and to verify the filesystem, as well as multiple rounds of the , I found several RAM addresses that were reported faulty. I decided to seize the opportunity and publish a post on BadRAM . At this point, I removed one of the two 32GB RAM sticks and it appears to have helped at least somewhat: The device now only crashes every few hours rather than every twenty or so minutes. But with RAM and SSD prices being what they are, I’m not even going to attempt to actually fix the issue. After all, it might well be that whatever is causing the buzzing sound I’ve been hearing on my Star Labs StarBook has also had an impact on the RAM modules or even the logic board. I’m going to hold on to this hardware for as long as possible, but I’ve also realized that the StarBook has aged quicker than I anticipated. I have therefore been glancing at alternatives for quite a while now. I love what Star Labs has done with the StarBook Mk VI AMD in terms of form factor and Linux support. Back when I bought it , the Zen 3 Ryzen 7 5800U had already been on the market for almost 4 years and wasn’t exactly modern anymore. However, its maturity gave me hope that Linux support would be flawless (which is the case) and that Star Labs would eventually be able to deliver on their promises. When I purchased the device, Star Labs had advertised an upcoming upgrade from its American Megatrends EFI (“BIOS”) to Coreboot , an open-source alternative. Years later, however, this upgrade is still nowhere to be seen . At this point it is highly unlikely, that Coreboot on the AMD StarBook will ever materialize. As already hinted exactly one year ago I’m done waiting for Star Labs and I am definitely not going to look into any of their other (largely obsolete) AMD offerings, especially considering the outrageous prices. I’m also not going to consider any of their StarBook iterations, whether it’s the regular version, or the Horizon , given that none of them come with AMD CPUs any longer, and, more importantly, that their Intel processors are far too outdated for their price tags. Let alone all the quirks the Star Labs hardware appears to be having, and the firmware features that sometimes make me wonder what the actual f… the Star Labs people are smoking. Note : The firmware update lists the following update: * Remove the power button debounce (double press is no longer required) “Power button debounce” is what Star Labs calls the requirement to double-press the power button in order to power on the laptop when it is not connected to power. It is mind-boggling that this feature made it into the firmware to begin with. Who in their right mind thought “Hey, how about we introduce a new feature with the coming firmware update which we won’t communicate anywhere, which requires the user to press the power button quickly twice in a row for their device to power on, but only when no power cable is connected? And how about if they only press it once when no power cord is attached the device simply won’t boot, but it will nevertheless produce a short audible sound to make it seem like it tried to boot, but in reality it won’t boot?” …? Because this is exactly what the “power button debounce” was about. I believe it got introduced sometime around , but I can’t really tell, because Star Labs didn’t mention it anywhere. Short story long, instead of spending more money on obsolete and quirky Star Labs hardware, I have identified the ASUS ExpertBook Ultra as a potential successor. The ExpertBook Ultra is supposed to be released in Q2 in its highest performance variant, featuring the Intel Core Ultra X9 Series 3 388H “Panther Lake” processor, running at 50W TDP and sporting up to 64 GB LPDDR5x memory, which is the model that I’m interested in. I will wait out the reviews, specifically for Linux, but unless major issues are to be expected I’ll likely upgrade to it. “Wait, aren’t you Team Red?” , you might be wondering. And, yes, for the past decade I’ve been solely purchasing AMD CPUs and GPUs, with one exception that was a MacBook with Intel CPU. However, at this point I’m giving up on ever finding an AMD-based laptop that fits my specs, because sadly with AMD laptops it’s always something : Either the port selection sucks, or there’s no USB4 port at all, or if there is it’s only on one specific side, or the display and/or display resolution sucks, or the battery life is bad, or you can only get some low-TDP U variant, or the device is an absolute chonker, or or or. It feels like with an AMD laptop I always have to make compromises at a price point at which I simply don’t want to have to make these compromises anymore. So unless AMD and the manufacturers – looking specifically at you, Lenovo! – finally get their sh#t together to build hardware that doesn’t feel like it’s artificially choked, I’m going back to Team Blue . “Panther Lake” seems to have made enough of a splash, TDP-performance-wise, that it is worth considering Intel again, despite the company’s history of monopolistic business tactics, its anti-consumer behavior, its major security flaws, its quality control issues, and its general douchebag attitude towards everything and everyone. The ASUS ExpertBook Ultra appears to feature the performance that I want, with all the connectivity that I need, packaged in a form factor that I find aesthetically pleasing and lightweight enough to travel with. If the Intel Core Ultra X9 388H notably exceeds the preliminary benchmarks and reviews of the Intel Core Ultra X7 358H version of the ExpertBook Ultra , then I’m “happy” to pay the current market premium for a device that will hopefully hold up for much longer and with fewer quirks than I’ve experienced with the StarBook . With a Speedometer 3.1 rating of around 30 and reporting 11:25:05 hours for on my current device, however, I’m fairly certain that even the X7 358H will be a significant improvement. “Did you hear about the latest XPS 14 & 16 from Dell? They also come with Panther Lake!” , I hear you say. See here and there on why those are seemingly disappointing options. The tl;dr is that Dell only feeds them 25W (14") / 35W (16"), instead of the 45W that ASUS runs the CPU at. I can’t tell for sure how long I’ll be able to continue working on the StarBook . While I can do the most critical things, the looming threat of data-corruption and -loss is frightening. The continuous crashes also introduce unnecessary overhead. I’m hoping for ASUS to make the ExpertBook Ultra available rather sooner than later, but if there’s no clarity on availability soon I might have to go with a different option. Ultrabook Review luckily has a full list of Panther Lake laptops to help with finding alternatives. What’s the second best thing that can happen when your computer starts failing? Exactly: Your phone (slowly) dying. It appears that the infamous Pixel 8 green-screen-of-death hit my GrapheneOS device, making it almost impossible to use it. Not only does the display glitch terribly, but it appears that the lower bottom part of the phone gets abnormally hot. When the glitching began, it would be sufficient to literally slap the bottom part of the phone and it would temporarily stop glitching. Sadly, the effectiveness of this workaround has decreased so much over time that now I basically need to squeeze the bottom part of the phone for the glitching to stop. The moment I decrease force, the screen starts glitching again. My plan was to keep the Google Pixel 8 for the next few years and eventually move to a postmarketOS /Linux phone as soon as there will be a viable option. Sadly it seems that I’m going to have to spend more money on Google’s bs hardware to get another GrapheneOS device for the time being. Unfortunately Google is not selling the Pixel devices across Asia, making it hard to find an adequate replacement for the phone right now. I might just have to suck it up and wait until I’ll pass by a region in which Pixel devices are more widely available. Of course, I luckily brought backups , although those run malware and are hence less than ideal options. My Anker Soundcore Space Q45 have died on me during a flight, for absolutely no reason at all. I purchased them back at the end of May 2024 and now, after not even 2 years it appears that the electronics inside of them broke in a way in which the headphones cannot be turned off or on again. They seem to be in a sort-of odd state in between, in which pressing e.g. the ANC button does something and makes the LED light up, but there’s no Bluetooth connectivity whatsoever. When connecting them via USB-C to power or to another device, the LED changes dozens of times per second between white and red. Holding the power button makes the LED turn on (white) but nothing else. The moment the power button is let go, the LED turns back off. This is yet another Anker product that broke only shortly after its warranty expired and I’m starting to see a common theme here. Hence, I will avoid Anker products going forward, especially given the tedious support that I had experienced in the past with one of their faulty power banks. I still use the Soundcore headphones via audio jack, as this luckily works independently of the other electronics. To avoid anything bad happening, especially during flights, I opened the left earcup and removed the integrated battery. The USI 2.0 stylus that I had bought back in mid September of 2024 from the brand Renaisser is another hardware item that has pretty much died. It seems like the integrated battery is done, hence the pen doesn’t turn on anymore unless a USB-C cable is connected to it to power it externally. While I’m still using it, it is slightly inconvenient to have a relatively stiff USB-C cable pull on the upper end of the pen while writing or editing photos, which is what I use the pen primarily for. As mentioned in the Seoul part, I picked up a handful of mechanical keyboard-related items, namely MX switches for my keyboard(s) . KTT x 80Retros GAME 1989 Orange , 40g (22mm KOS single-stage extended, bag lubed with Krytox 105 ), lubed with Krytox 205G0 . 80Retros x HMX Monochrome , 42g (48g bottom out), LY stem, PA12 top housing, HMX P2 bottom housing, 22mm spring, factory lubed, 2mm pre-travel, 3.5mm total. I invested quite some time in pursuing my open source projects in the past quarter, hence there are a few updates to share. This quarter I have finally found the time to also update my feature and make it work with the latest version of Ghostty , the cross-platform terminal emulator written in Zig. You can use this commit if you want to patch your version of Ghostty with this feature. It is unlikely that the Ghostty team is ever going to include this feature in their official release, yet I’m happy to keep maintaining it as it’s not a lot of code. I have updated and it now supports a new flag (that does not support), which makes it possible to build a complete power management policy directly through command-line arguments. I have documented it in detail in the repository , but the idea is that the flag allows executing arbitrary shell commands when the battery reaches a specific percentage, either by charging or discharging. The flag takes three arguments: For , the command fires when the battery percentage drops to or below the given value. For , it fires when the percentage reaches or exceeds it. The command fires once when the condition is met and will only fire again after the condition has cleared and been met again. Additionally, the flag can be specified multiple times to define different rules. This makes it possible to build a complete power management policy, from low-battery warnings to automatic shutdown, without any external scripts or configuration files. The benefit this has over, let’s say, rules, is that script execution as the current user is significantly easier, less hacky and poses fewer overall security risks, as does not need to (read: should not ) be run in privileged mode. Another one of my Zig tools that got a major update is , the command line tool for getting answers to everyday questions like or more importantly . The new version has received an update to work with Zig 0.15.0+ and its command line arguments parser logic was rewritten from scratch to be able to handle more complex cases. In addition, is now able to do a handful of velocity conversions, e.g. . As a quick side note, alongside the Breadth-first search implementation that it is using, , has also been updated to support Zig 0.15.0+. I had some fun a while ago building an XMPP bot that’s connected to any OpenAI API (e.g. ) and is able to respond when mentioned and respond to private messages. It preserves a single context across all messages, which might not be ideal in terms of privacy, but it is definitely fun in a multi-user chat – hey, btw, come join ours! The code is relatively crude and simple. Again, this was a just a two-evening fun thing, but you can easily run the bot yourself, check the README and the example configuration for more info. The work on my new project, ▓▓▓▓▓▓▓▓▓▓▓, which I had announced in my previous status update sadly didn’t progress as quickly as I was expecting it to, due to (amongst other things) the RAM issues that I’ve had to deal with. It also turns out that when writing software in 2026, everyone seems to expect instant results, given all the Codexes and Claudes that are usually being employed these days to allow even inexperienced developers to vibe code full-blown Discord alternatives within shorts periods of time. However, because I don’t intend to go down that path with ▓▓▓▓▓▓▓▓▓▓▓, it will sadly take some more time for me to have a first alpha ready. To everyone who reached out to offer their help with alpha testing: You will be the first ones to get access as soon as it’s ready. Kauf Roasters : A roastery with a clear focus on simplicity and quality without pretension. Identity Coffee Lab : This one stunned me. A hot Americano to go for 3,000 KRW. That’s almost a third of what Anthracite charges. And the coffee isn’t just cheaper, it is significantly better! It’s a bigger cup, it’s notably less acidic, and, here’s the part that really got me, it comes out steaming hot and stays that way for a good twenty minutes. You can actually walk around and sip it casually, even in freezing cold temperatures, just the way a to-go coffee is meant to be enjoyed, instead of gulping it down before it turns into cold brew. Oscar Coffee Booth : This became a personal favorite. Another spot where the coffee is serious, the price is fair, and nobody is trying to impress you with anything other than a well-made drink. On top of that the owner is a genuinely kind person. : Either (aliases: , ) or (aliases: , ) : The battery level (number from 0 to 100) : The shell command to execute

0 views
マリウス 3 months ago

Hold on to Your Hardware: BadRAM

We’re living in unprecedented times, once again , in which holding on to our existing hardware has become more important than ever before. With prices for solid state drives and especially RAM going through the roof, it can be at the very least frustrating to have a computer malfunction due to faulty memory. In this post, I’d like to show how to check a system’s memory for defects and how to work around those defects to prolong a system’s life without needing to replace the RAM module(s), or worse the whole mainboard, right away. Note: This guide is intended for Linux users, specifically systems with GRUB that do not use secure boot / lockdown mode . If you are a Windows user, look up the command, specifically its subsection. If you’re on a Mac, you will probably have to dig into tools like this or make use of the setting. The first thing we need to do is to check whether our RAM is the actual culprit of any system instability we might be experiencing. For that, we can use the open-source program . Most Linux distributions either come with it pre-installed, have it as an installable package in their repos, or at the very least offer it on their installation live CD/DVD/USB media. If you start your computer and you see a bootloader entry for then you already have it installed. If not, consult the documentation of your specific distro on how to install it. Otherwise you can simply download any live media (e.g. Ubuntu Desktop , Fedora Workstation , etc.) and boot into from there. As soon as launches you should go into its configuration, select all tests and set the output to BadRAM patterns . Depending on the amount of RAM in your system the test will take anything between a few hours to multiple days. will use various patterns to test the RAM for errors and will either finish with a green message or show a big red and output the relevant BadRAM patterns that can be used to blacklist the presumed faulty addresses. Bear in mind that these test results can be flaky and should be validated by running repeatedly over a period of time to see whether issues show up consistently. The resulting list of BadRAM patterns can be used to blacklist the specific addresses, so that the Linux kernel does not try to access those areas. To do so, it is either possible to utilize the configuration in , or manually append the kernel parameter, e.g. via . The advantage of is that you can simply copy-paste the output of into the setting and be done with it. However, the downside is that GRUB will generate a dedicated boot attribute from this, which, if faulty (e.g. due to typos or bugs ) will brick the bootloader and require booting from a recovery medium to fix the issues. The more manual solution requires a bit more work but can be fixed right from within the GRUB boot prompt if anything goes wrong, by editing ( key) the boot entry. An example entry could look as follows: Depending on the mask for every specific address you might need to adjust the size of the isolated area from to a value that fits the specific address. To calculate the area, we take the mask, e.g. and XOR it with to get or decimal . This is our area of faulty RAM in bytes. We round the value up to the next power of 2, which is , which translates to the following : Keep in mind that the minimum viable area is . It also makes sense to blacklist a slightly larger area, as it is likely that surrounding addresses will fail moving forward. A complete GRUB configuration for several s could look as follows: Due to how works the character has to be escaped, and the escape character has to be escaped as well. Don’t even ask. The last step that remains is to actually run to re-generate the file. Make sure to double-check that afterwards to make sure that GRUB did not mess it up. The Linux kernel supports a long list of parameters , one of which is . This parameter “specifies the number of memtest passes to be performed. Each pass selects another test pattern from a given set of patterns. Memtest fills the memory with this pattern, validates memory contents and reserves bad memory regions that are detected.” We can append e.g. to our to enable this feature. The Linux kernel memory test takes around half a minute on my system with 64GB of RAM during boot and will ideally identify any new RAM issues and automatically mark those addresses as unusable. For runtime insights into the system memory, it is possible to , and . You should be able to identify blacklisted regions within the output of these commands. This is supposed to act as a temporary measure and not a long-term solution. Faulty RAM will cause headaches down the road and can lead to irreparable data corruption.

0 views
マリウス 4 months ago

GL.iNet Slate 7

If you happened to have stumbled upon my write-up almost four years ago about running an open source home area network , you might know that I’m enjoying a fairly elaborate and mostly FOSS-based infrastructure, that is as lightweight and travel-friendly as possible. Although many things have changed ever since and an update to the original post is well overdue, the fundamentals remained the same: My personal infrastructure has to be as flexible and portable as possible, to fit my ever-changing life. One key component of my setup had been the Linksys WRT3200 ACM router running OpenWrt , an embedded Linux distribution designed primarily for network devices. The Linksys has been a reliable piece of equipment for me for now well over five years and besides its dated and somewhat flaky Wi-Fi I have few complaints about the device’s functionality whatsoever. Whenever I needed to move to a new location or travel for prolonged periods of time, however, the approximately 246×194×52mm device (without its four antennas) isn’t exactly the most travel friendly at 798g/1.76lb. In addition, the Linksys is powered via its barrel connector and requires a dedicated, external PSU, which in turn usually requires bringing either multiple power socket adapters or, given the limited amount of power outlets in hotel rooms, a single adapter and a Type A/B power strip to connect all my electronic devices. This, in turn, brings up the total weight to well over 1kg/2.2lb. Short story long, I have been on the lookout for a replacement for the aging Linksys for a while now and have ultimately decided to give the GL.iNet Slate 7 a try, considering that it’s at least based on OpenWrt . At the hardware level, the Slate 7 is an interesting take on the travel router concept, featuring dual-band Wi-Fi 7 ( 802.11be ) with external foldable antennas, dual 2.5 GbE Ethernet ports, a touchscreen, and probably the most important feature to me, USB-C PD input. All in a compact 130×91×34mm package that weighs only 295g/0.65lbs. Spec-wise the Slate 7 is above most consumer travel routers, but below full-featured routers with tri-band Wi-Fi 7 and multi-gigabit backbones. The router doesn’t support the 6 GHz band, and hence only does Multi-Link Operation ( MLO ) over the 2.4 GHz and the 5 GHz bands. The exact specifications of the hardware are as follows: GL.iNet ’s documentation of the MLO feature sadly is misleading/wrong, depicting the 6 GHz band on the screenshot and saying, quote: Note : This Wi-Fi band is only available on Flint 3e (GL-BE6500), Flint 3 (GL-BE9300), and Slate 7 (GL-BE3600). MLO (Multi-Link Operation) is one of the core features of Wi-Fi 7 (802.11be), designed to improve network performance, significantly reduce latency, and enhance connection stability by utilizing multiple frequency bands simultaneously such as 2.4 GHz, 5 GHz, and 6 GHz. For wireless networking aficionados, the aforementioned lack of the 6 GHz band on the Slate 7 might hence be a deal breaker. The Slate 7 runs OpenWrt 23.05-SNAPSHOT (Kernel 5.4.213) as of the time of writing, with GL.iNet ’s firmware layer on top. This layer includes Qualcomm ’s SDK and binary blobs, which is sadly a proprietary mess, as it is with so many devices (e.g. smartphones) running presumed open-source software these days. That said, the device offers full root access via SSH and it’s possible to install OpenWrt ’s LuCI UI if necessary. Even without that, however, it’s possible to configure everything using the command and the configuration files. This makes it at least slightly more trustworthy than your average ASUS router . If you buy this device for its open-source flexibility, however, be aware you’re effectively in a GL.iNet -flavored OpenWrt sandbox with proprietary Qualcomm components. Like every other OpenWrt device, the Slate 7 also implements a package manager that allows you to install additional components from the package repository. One thing that I like is the fact that it comes with Multi-WAN , WireGuard and DNScrypt-proxy2 pre-installed and offers a user-friendly UI to configure these things which, on my OpenWrt Linksys took a bit of wrangling to get them right, especially the Mwan3 part. The Slate 7 tries something unusual for a router in this class, namely a built-in touchscreen for controls, which is another reason I opted for this device. The touchscreen can display a variety of different things, from your Wi-Fi details with QR-code for quick joining, over VPN status info with on/off toggle, all the way to real-time connection and hardware stats. During firmware upgrades, the touchscreen will display a progress bar with the upgrade process, which is definitely a plus over the Linksys . In its current version, the firmware also implements a lockscreen that protects the display with a 4-digit PIN, in case you wouldn’t want others to access your Wi-Fi details or turn off your VPN. Speaking of which, the router supports WireGuard with ~500 Mbps throughput, as well as OpenVPN with ~380 Mbps peak and integrates with a handful of paid VPN offerings for easy configuration. It’s nevertheless possible to simply import your own configuration. The Slate 7 comes with beta support for Tailscale , which I had briefly tested and which appears to be working without any issues. However, it is not possible to configure advanced Tailscale flags via the web interface. If you need a more sophisticated Tailscale setup, you will likely have to hack it yourself. Yes, the Slate 7 can run a Tor node to allow you to browse Onion sites from within your network. The feature is marked beta but appears to work fairly well. However, the moment Tor is enabled, VPNs , DNS , AdGuard Home and IPv6 will not work properly anymore. Note: These “ will not work properly” limitations are 100% a GL.iNet issue and not caused by OpenWrt . The reason I know this is because I had all these services working simultaneously on the Linksys , and I had them interconnected in a way that would allow to e.g. perform DNS lookups via Tor, through DNScrypt-proxy2 . Clearly it’s possible to neatly integrate all these services, but I guess that the GL.iNet admin UI simply isn’t there yet, as these integrations require more complex configurations in the background. AdGuard Home is part of the default installation of the Slate 7 . I haven’t tested it so far, mainly because my DNS setup already filters most things out, but judging by the web interface and the manual it seems like GL.iNet ’s implementation is pretty much plug-’n-play . The router has a Network Acceleration feature that can be enabled to use hardware acceleration for networking, which reduces CPU load and device heat. However, when enabled, features like Client Speed and Traffic Statistics , Client Speed Limit , Parental Control , and VPN with IPv6 will not work properly, at least with the current firmware version. I’ve had the Slate 7 for about two months at this point and so far I’m relatively satisfied with how it has been performing. Every now and then I have experienced Wi-Fi reconnects specifically on my phone , however, I was unable to reproduce this behavior on any other device. It appears that these reconnects have something to do with the GrapheneOS Pixel 8 rather than the Slate 7 . On the upside, the Slate 7 supports tethering via its USB-A port, so I can directly attach my Netgear Nighthawk M2 LTE router and use its mobile connectivity as WAN. Unlike with Mwan3 on vanilla OpenWrt , configuring USB port tethering on the Slate 7 is a matter of a few clicks. Comparing the Slate 7 to the full-size WRT3200 is a bit of an odd thing to do, given that the devices serve different purposes, despite me misusing the Linksys as a travel router. However, for the sake of comparing a pure OpenWrt device with the Slate 7 the experience I’ve had with the Linksys serves as a good basis. As mentioned before, the Slate 7 is a modern, Wi-Fi 7 dual-band travel router, integrating dual 2.5 GbE ports, a touchscreen, and USB-C PD input in a compact form factor. It assumes you’re optimizing for portability. In contrast, the WRT3200 ACM is a larger SOHO class router from several generations earlier, built around Wi-Fi 5 with Tri-Stream 160 and MU-MIMO . Its hardware (Marvell Armada ARM SoC, 512 MB RAM, 256 MB flash) was high-end in its day and remains capable for routing/firewall throughput on OpenWrt , but it lacks the ability to run many modern features sufficiently, e.g. a WireGuard VPN client at full speed. However, perhaps the largest point of divergence is software openness and the Wi-Fi driver stack. The WRT3200 ACM enjoys true upstream OpenWrt support with builds maintained in the official images, albeit with quirks in its wireless drivers ( ) and some limited features, giving you an experience close to vanilla OpenWrt with full package control, firewall, and kernel update paths. However, the price for this openness sadly is Wi-Fi instability and the lack of more up-to-date features. By contrast, the Slate 7 runs a Qualcomm SDK-based OpenWrt fork with proprietary driver blobs for its Wi-Fi 7 PHY, which enables the vendor firmware to provide the advertised Wi-Fi features (e.g., 160 MHz channels). True vanilla OpenWrt however isn’t easily available and upstream OpenWrt builds won’t natively support the Qualcomm wireless stack. This means you may be stuck on GL.iNet ’s cadence for Wi-Fi driver updates unless the community or Qualcomm upstreams that support. We can safely assume, though, that this is unlikely to happen. The Slate 7 is hence OpenWrt only in spirit . For raw routing, VLANs, firewall, VPN, and routing policies, both are capable platforms with SSH/LuCI and full package ecosystems. The Slate 7 ’s hardware advantages like better multi-gig throughput, lower power envelope, USB-C PD, and next-gen Wi-Fi PHY, skew it towards users who want high-speed WAN ingress/egress, travel/office portability, and modern client support. Meanwhile, the WRT3200 ACM shines as a classic OpenWrt playground with strong software freedom and mature community tooling for advanced network setups (e.g., VLAN trunking, policy routing) but doesn’t offer the multi-gigabit wired backbone or next-gen wireless speed of Slate 7 . While its four 1 GbE LAN ports (+ 1 GbE WAN) still serve well for home and small office LANs, the Linksys is clearly outclassed in wired throughput and spectrum efficiency compared to the Slate 7 . While the Linksys WRT3200 ACM ’s OpenWrt support has at times lagged (e.g. builds stuck at ), its position in the official OpenWrt target tree gives it clear upstream maintenance prospects for years to come. The Slate 7 , on the other hand, may never get full upstream driver support for its Qualcomm hardware, leaving its long-term wireless stack reliant on the cooperation between GL.iNet and Qualcomm , which presents an uncertain future for the device. If your priority is pure open-source flexibility with a mature community rail-to-rail OpenWrt experience, the WRT3200 ACM still holds value for many people. However, if you prioritize/need faster throughput and better efficiency, and a travel-ready appliance that still lets you have it your way (at least to some extent) via OpenWrt , the Slate 7 seems like a decent choice, albeit with some proprietary caveats around wireless drivers. The Slate 7 is a compelling travel router design that bridges modern Wi-Fi tech and OpenWrt customization into an ultra-portable package, but it carries the classic open-source hardware caveat, where the software ecosystem matters as much as the silicon, and only time will tell how that ecosystem is going to develop. If you don’t require portability and prefer a native OpenWrt experience, then the OpenWrt One , or, if you can wait, the OpenWrt Two , which is going to be produced by GL.iNet , might be a better fit for you. If, however, you’re looking for modern hardware that includes proprietary features at the cost of openness, yet still offers a solid OpenWrt basis, the Slate 7 (or its newer, more powerful, Tri-band capable upgrade, the Slate 7 Pro ) might be for you. I will likely stick to the Slate 7 for travel, as the reduced size and weight of the device, and the ability to power it via USB-C PD makes up for its shortcomings. CPU: Qualcomm Quad-core ≈1.1 GHz Memory: 1 GB DDR4 RAM Storage: 512 MB Flash Ethernet: 1× 2.5 GbE WAN, 1× 2.5 GbE LAN Wireless: IEEE 802.11be (Wi-Fi 7) dual-band Not tri-band, only 2.4 GHz and 5 GHz 160 MHz channels on 5 GHz Maximum theoretical PHY rates 2.4 GHz: 688 Mbps 5 GHz: 2882 Mbps Antennas: 2× foldable external USB: 1× USB-A 3.0 for tethering/modem or storage Power: USB-C PD compatible (~5–12 V), usable with powerbanks Size: 130×91×34mm Weight: 295g/0.65lb

0 views
マリウス 4 months ago

Hold on to Your Hardware

Tl;dr at the end. For the better part of two decades, consumers lived in a golden age of tech. Memory got cheaper, storage increased in capacity and hardware got faster and absurdly affordable. Upgrades were routine, almost casual. If you needed more RAM, a bigger SSD, or a faster CPU or GPU, you barely had to wait a week for a discount offer and you moved on with your life. This era is ending. What’s forming now isn’t just another pricing cycle or a short-term shortage, it is a structural shift in the hardware industry that paints a deeply grim outlook for consumers. Today, I am urging you to hold on to your hardware, as you may not be able to replace it affordably in the future. While I have always been a stark critic of today’s consumer industry , as well as the ideas behind it , and a strong proponent of buying it for life (meaning, investing into durable, repairable, quality products) the industry’s shift has nothing to do with the protection of valuable resources or the environment, but is instead a move towards a trajectory that has the potential to erode technological self-sufficiency and independence for people all over the world. In recent months the buzzword RAM-pocalypse has started popping up across tech journalism and enthusiast circles. It’s an intentionally dramatic term that describes the sharp increase in RAM prices, primarily driven by high demand from data centers and “AI” technology, which most people had considered a mere blip in the market. This presumed temporary blip , however, turned out to be a lot more than just that, with one manufacturer after the other openly stating that prices will continue to rise, with suppliers forecasting shortages of specific components that could last well beyond 2028, and with key players like Western Digital and Micron either completely disregarding or even exiting the consumer market altogether. Note: Micron wasn’t just another supplier , but one of the three major players directly serving consumers with reasonably priced, widely available RAM and SSDs. Its departure leaves the consumer memory market effectively in the hands of only two companies: Samsung and SK Hynix . This duopoly certainly doesn’t compete on your wallet’s behalf, and it definitely wouldn’t be the first time it would optimize for margins . The RAM-pocalypse isn’t just a temporary headline anymore, but has seemingly become long-term reality. However, RAM and memory in general is only the beginning. The main reason for the shortages and hence the increased prices is data center demand, specifically from “AI” companies. These data centers require mind-boggling amounts of hardware, specifically RAM, storage drives and GPUs, which in turn are RAM-heavy graphics units for “AI” workloads. The enterprise demand for specific components simply outpaces the current global production capacity, and outbids the comparatively poor consumer market. For example, OpenAI ’s Stargate project alone reportedly requires approximately 900,000 DRAM wafers per month , which could account for roughly 40% of current global DRAM output. Other big tech giants including Google , Amazon , Microsoft , and Meta have placed open-ended orders with memory suppliers, accepting as much supply as available. The existing and future data centers for/of these companies are expected to consume 70% of all memory chips produced in 2026. However, memory is just the first domino. RAM and SSDs are where the pain is most visible today, but rest assured that the same forces are quietly reshaping all aspects of consumer hardware. One of the most immediate and tangible consequences of this broader supply-chain realignment are sharp, cascading price hikes across consumer electronics, with LPDDR memory standing out as an early pressure point that most consumers didn’t recognize until it was already unavoidable. LPDDR is used in smartphones, laptops, tablets, handheld consoles, routers, and increasingly even low-power PCs. It sits at the intersection of consumer demand and enterprise prioritization, making it uniquely vulnerable when manufacturers reallocate capacity toward “AI” accelerators, servers, and data-center-grade memory, where margins are higher and contracts are long-term. As fabs shift production toward HBM and server DRAM , as well as GPU wafers, consumer hardware production quietly becomes non-essential , tightening supply just as devices become more power- and memory-hungry, all while continuing on their path to remain frustratingly unserviceable and un-upgradable. The result is a ripple effect, in which device makers pay more for chips and memory and pass those costs on through higher retail prices, cut base configurations to preserve margins, or lock features behind premium tiers. At the same time, consumers lose the ability to compensate by upgrading later, because most components these days, like LPDDR , are soldered down by design. This is further amplified by scarcity, as even modest supply disruptions can spike prices disproportionately in a market where just a few suppliers dominate, turning what should be incremental cost increases into sudden jumps that affect entire product categories at once. In practice, this means that phones, ultrabooks, and embedded devices are becoming more expensive overnight, not because of new features, but because the invisible silicon inside them has quietly become a contested resource in a world that no longer builds hardware primarily for consumers. In late January 2026, the Western Digital CEO confirmed during an earnings call that the company’s entire HDD production capacity for calendar year 2026 is already sold out. Let that sink in for a moment. Q1 hasn’t even ended and a major hard drive manufacturer has zero remaining capacity for the year. Firm purchase orders are in place with its top customers, and long-term agreements already extend into 2027 and 2028. Consumer revenue now accounts for just 5% of Western Digital ’s total sales, while cloud and enterprise clients make up 89%. The company has, for all practical purposes, stopped being a consumer storage company. And Western Digital is not alone. Kioxia , one of the world’s largest NAND flash manufacturers, admitted that its entire 2026 production volume is already in a “sold out” state , with the company expecting tight supply to persist through at least 2027 and long-term customers facing 30% or higher year-on-year price increases. Adding to this, the Silicon Motion CEO put it bluntly during a recent earnings call : We’re facing what has never happened before: HDD, DRAM, HBM, NAND… all in severe shortage in 2026. In addition, the Phison CEO has gone even further, warning that the NAND shortage could persist until 2030, and that it risks the “destruction” of entire segments of the consumer electronics industry. He also noted that factories are now demanding prepayment for capacity three years in advance , an unprecedented practice that effectively locks out smaller players. The collateral damage of this can already be felt, and it’s significant. For example Valve confirmed that the Steam Deck OLED is now out of stock intermittently in multiple regions “due to memory and storage shortages” . All models are currently unavailable in the US and Canada, the cheaper LCD model has been discontinued entirely, and there is no timeline for when supply will return to normal. Valve has also been forced to delay the pricing and launch details for its upcoming Steam Machine console and Steam Frame VR headset, directly citing memory and storage shortages. At the same time, Sony is considering delaying the PlayStation 6 to 2028 or even 2029, and Nintendo is reportedly contemplating a price increase for the Switch 2 , less than a year after its launch. Both decisions are seemingly driven by the same memory supply constraints. Meanwhile, Microsoft has already raised prices on the Xbox . Now you might think that everything so far is about GPUs and other gaming-related hardware, but that couldn’t be further from the truth. General computing, like the Raspberry Pi is not immune to any of this either. The Raspberry Pi Foundation has been forced to raise prices twice in three months, with the flagship Raspberry Pi 5 (16GB) jumping from $120 at launch to $205 as of February 2026, a 70% increase driven entirely by LPDDR4 memory costs. What was once a symbol of affordable computing is rapidly being priced out of reach for the educational and hobbyist communities it was designed to serve. HP, on the other hand, seems to have already prepared for the hardware shortage by launching a laptop subscription service where you pay a monthly fee to use a laptop but never own it , no matter how long you subscribe. While HP frames this as a convenience, the timing, right in the middle of a hardware affordability crisis, makes it feel a lot more like a preview of a rented compute future. But more on that in a second. “But we’ve seen price spikes before, due to crypto booms, pandemic shortages, factory floods and fires!” , you might say. And while we did live through those crises, things eventually eased when bubbles popped and markets or supply chains recovered. The current situation, however, doesn’t appear to be going away anytime soon, as it looks like the industry’s priorities have fundamentally changed . These days, the biggest customers are not gamers, creators, PC builders or even crypto miners anymore. Today, it’s hyperscalers . Companies that use hardware for “AI” training clusters, cloud providers, enterprise data centers, as well as governments and defense contractors. Compared to these hyperscalers consumers are small fish in a big pond. These buyers don’t care if RAM costs 20% more and neither do they wait for Black Friday deals. Instead, they sign contracts measured in exabytes and billions of dollars. With such clients lining up, the consumer market in contrast is suddenly an inconvenience for manufacturers. Why settle for smaller margins and deal with higher marketing and support costs, fragmented SKUs, price sensitivity and retail logistics headaches, when you can have behemoths throwing money at you? Why sell a $100 SSD to one consumer, when you can sell a whole rack of enterprise NVMe drives to a data center with circular virtually infinite money? Guaranteed volume, guaranteed profit, zero marketing. The industry has answered these questions loudly. All of this goes to show that the consumer market is not just deprioritized, but instead it is being starved . In fact, IDC has already warned that the PC market could shrink by up to 9% in 2026 due to skyrocketing memory prices, and has described the situation not as a cyclical shortage but as “a potentially permanent, strategic reallocation of the world’s silicon wafer capacity” . Leading PC OEMs including Lenovo , Dell , HP , Acer , and ASUS have all signaled 15-20% PC price increases for 2026, with some models seeing even steeper hikes. Framework , the repairable laptop company, has also been transparent about rising memory costs impacting its pricing. And analyst Jukan Choi recently revised his shortage timeline estimate , noting that DRAM production capacity is expected to grow at just 4.8% annually through 2030, with even that incremental capacity concentrated on HBM rather than consumer memory. TrendForce ’s latest forecast projects DRAM contract prices rising by 90-95% quarter over quarter in Q1 2026. And that is not a typo. The price of hardware is one thing, but value-for-money is another aspect that appears to be only getting worse from here on. Already today consumer parts feel like cut-down versions of enterprise silicon. As “AI” accelerators and server chips dominate R&D budgets, consumer improvements will slow even further, or arrive at higher prices justified as premium features . This is true for CPUs and GPUs, and it will be equally true for motherboards, chipsets, power supplies, networking, etc. We will likely see fewer low-end options, more segmentation, artificial feature gating and generally higher baseline prices that, once established, won’t be coming back down again. As enterprise standards become the priority, consumer gear is becoming an afterthought that is being rebadged, overpriced, and poorly supported. The uncomfortable truth is that the consumer hardware market is no longer the center of gravity, as we all were able to see at this year’s CES . It’s orbiting something much larger, and none of this is accidental. The industry isn’t failing, it’s succeeding, just not for you . And to be fair, from a corporate standpoint, this pivot makes perfect sense. “AI” and enterprise customers are rewriting revenue charts, all while consumers continue to be noisy, demanding, and comparatively poor. It is pretty clear that consumer hardware is becoming a second-class citizen, which means that the machines we already own are more valuable than we might be thinking right now. “But what does the industry think the future will look like if nobody can afford new hardware?” , you might be asking. There is a darker, conspiratorial interpretation of today’s hardware trends that reads less like market economics and more like a rehearsal for a managed future. Businesses, having discovered that ownership is inefficient and obedience is profitable, are quietly steering society toward a world where no one owns compute at all, where hardware exists only as an abstraction rented back to the public through virtual servers, SaaS subscriptions, and metered experiences , and where digital sovereignty, that anyone with a PC tower under their desk once had, becomes an outdated, eccentric, and even suspicious concept. … a morning in said future, where an ordinary citizen wakes up, taps their terminal, which is a sealed device without ports, storage, and sophisticated local execution capabilities, and logs into their Personal Compute Allocation . This bundle of cloud CPU minutes, RAM credits, and storage tokens leased from a conglomerate whose logo has quietly replaced the word “computer” in everyday speech, just like “to search” has made way for “to google” , has removed the concept of installing software, because software no longer exists as a thing , but only as a service tier in which every task routes through servers owned by entities. Entities that insist that this is all for the planet . Entities that outlawed consumer hardware years ago under the banner of environmental protectionism , citing e-waste statistics, carbon budgets , and unsafe unregulated silicon , while conveniently ignoring that the data centers humming beyond the city limits burn more power in an hour than the old neighborhood ever did in a decade. In this world, the ordinary citizen remembers their parents’ dusty Personal Computer , locked away in a storage unit like contraband. A machine that once ran freely, offline if it wanted, immune to arbitrary account suspensions and pricing changes. As they go about their day, paying a micro-fee to open a document, losing access to their own photos because a subscription lapsed, watching a warning banner appear when they type something that violates the ever evolving terms-of-service, and shouting “McDonald’s!” to skip the otherwise unskippable ads within every other app they open, they begin to understand that the true crime of consumer hardware wasn’t primarily pollution but independence. They realize that owning a machine meant owning the means of computation , and that by centralizing hardware under the guise of efficiency, safety, and sustainability, society traded resilience for convenience and autonomy for comfort. In this dyst… utopia , nothing ever breaks because nothing is yours , nothing is repairable because nothing is physical, and nothing is private because everything runs somewhere else , on someone else’s computer . The quiet moral, felt when the network briefly stutters and the world freezes, is that keeping old hardware alive was never nostalgia or paranoia, but a small, stubborn act of digital self-defense; A refusal to accept that the future must be rented, permissioned, and revocable at any moment. If you think that dystopian “rented compute over owned hardware” future could never happen, think again . In fact, you’re already likely renting rather than owning in many different areas. Your means of communication are run by Meta , your music is provided by Spotify , your movies are streamed from Netflix , your data is stored in Google ’s data centers and your office suite runs on Microsoft ’s cloud. Maybe even your car is leased instead of owned, and you pay a monthly premium for seat heating or sElF-dRiViNg , whatever that means. After all, the average Gen Z and Millennial US consumer today apparently has 8.2 subscriptions , not including their DaIlY aVoCaDo ToAsTs and StArBuCkS cHoCoLate ChIp LaTtEs that the same Boomers responsible for the current (and past) economic crises love to dunk on. Besides, look no further than what’s already happening in for example China, a country that manufactures massive amounts of the world’s sought-after hardware yet faces restrictions on buying that very hardware. In recent years, a complex web of export controls and chip bans has put a spotlight on how hardware can become a geopolitical bargaining chip rather than a consumer good. For example, export controls imposed by the United States in recent years barred Nvidia from selling many of its high-performance GPUs into China without special licenses, significantly reducing legal access to cutting-edge compute inside the country. Meanwhile, enforcement efforts have repeatedly busted smuggling operations moving prohibited Nvidia chips into Chinese territory through Southeast Asian hubs, with over $1 billion worth of banned GPUs reportedly moving through gray markets, even as official channels remain restricted. Coverage by outlets such as Bloomberg , as well as actual investigative journalism like Gamer’s Nexus has documented these black-market flows and the lengths to which both sides go to enforce or evade restrictions, including smuggling networks and increased regulatory scrutiny. On top of this, Chinese regulators have at times restricted domestic tech firms from buying specific Nvidia models, further underscoring how government policy can override basic market access for hardware, even in the country where much of that hardware is manufactured. While some of these export rules have seen partial reversals or regulatory shifts, the overall situation highlights a world in which hardware access is increasingly determined by politics, security regimes, and corporate strategy, and not by consumer demand . This should serve as a cautionary tale for anyone who thinks owning their own machines won’t matter in the years to come. In an ironic twist, however, one of the few potential sources of relief may, in fact, come from China. Two Chinese manufacturers, CXMT ( ChangXin Memory Technologies ) and YMTC ( Yangtze Memory Technologies ), are embarking on their most aggressive capacity expansions ever , viewing the global shortage as a golden opportunity to close the gap with the incumbent big three ( Samsung , SK Hynix , Micron ). CXMT is now the world’s fourth-largest DRAM maker by production volume, holding roughly 10-11% of global wafer capacity, and is building a massive new DRAM facility in Shanghai expected to be two to three times larger than its existing Hefei headquarters, with volume production targeted for 2027. The company is also preparing a $4.2 billion IPO on Shanghai’s STAR Market to fund further expansion and has reportedly delivered HBM3 samples to domestic customers including Huawei . YMTC , traditionally a NAND flash supplier, is constructing a third fab in Wuhan with roughly half of its capacity dedicated to DRAM, and has reached 270-layer 3D NAND capability, rapidly narrowing the gap with Samsung (286 layers) and SK Hynix (321 layers). Its NAND market share by shipments reached 13% in Q3 2025, close to Micron ’s 14%. What’s particularly notable is that major PC manufacturers are already turning to these suppliers . However, as mentioned before, with hardware having become a geopolitical topic, both companies face ongoing (US-imposed) restrictions. Hence, for example HP has indicated it would only use CXMT chips in devices for non-US markets. Nevertheless, for consumers worldwide the emergence of viable fourth and fifth players in the memory market represents the most tangible hope of eventually breaking the current supply stranglehold. Whether that relief arrives in time to prevent lasting damage to the consumer hardware ecosystem remains an open question, though. Polymarket bet prediction : A non-zero percentage of people will confuse Yangtze Memory Technologies with the Haskell programming language . The reason I’m writing all of this isn’t to create panic, but to help put things into perspective. You don’t need to scavenger-hunt for legacy parts in your local landfill (yet) or swear off upgrades forever, but you do need to recognize that the rules have changed . The market that once catered to enthusiasts and everyday users is turning its back. So take care of your hardware, stretch its lifespan, upgrade thoughtfully, and don’t assume replacement will always be easy or affordable. That PC, laptop, NAS, or home server isn’t disposable anymore. Clean it, maintain it, repaste it, replace fans and protect it, as it may need to last far longer than you originally planned. Also, realize that the best time to upgrade your hardware was yesterday and that the second best time is now . If you can afford sensible upgrades, especially RAM and SSD capacity, it may be worth doing sooner rather than later. Not for performance, but for insurance, because the next time something fails, it might be unaffordable to replace, as the era of casual upgrades seems to be over. Five-year systems may become eight- or ten-year systems. Software bloat will hurt more and will require re-thinking . Efficiency will matter again . And looking at it from a different angle, maybe that’s a good thing. Additionally, the assumption that prices will normalize again at some point is most likely a pipe dream. The old logic wait a year and it’ll be cheaper no longer applies when manufacturers are deliberately constraining supply. If you need a new device, buy it; If you don’t, however, there is absolutely no need to spend money on the minor yearly refresh cycle any longer, as the returns will be increasingly diminishing. And again, looking at it from a different angle, probably that is also a good thing. Consumer hardware is heading toward a bleak future where owning powerful, affordable machines becomes harder or maybe even impossible, as manufacturers abandon everyday users to chase vastly more profitable data centers, “AI” firms, and enterprise clients. RAM and SSD price spikes, Micron ’s exit from the consumer market, and the resulting Samsung / SK Hynix duopoly are early warning signs of a broader shift that will eventually affect CPUs, GPUs, and the entire PC ecosystem. With large manufacturers having sold out their entire production capacity to hyperscalers for the rest of the year while simultaneously cutting consumer production by double-digit percentages, consumers will have to take a back seat. Already today consumer hardware is overpriced, out of stock or even intentionally being delayed due to supply issues. In addition, manufacturers are pivoting towards consumer hardware subscriptions, where you never own the hardware and in the most dystopian trajectory, consumers might not buy any hardware at all, with the exception of low-end thin-clients that are merely interfaces , and will rent compute through cloud platforms, losing digital sovereignty in exchange for convenience. And despite all of this sounding like science fiction, there is already hard evidence proving that access to hardware can in fact be politically and economically revoked. Therefor I am urging you to maintain and upgrade wisely, and hold on to your existing hardware , because ownership may soon be a luxury rather than the norm.

0 views
マリウス 6 months ago

Updates 2025/Q4

This post includes personal updates and some open source project updates. As the year comes to a close, I’d like to begin this update by sharing a famous (and sadly now gone ) tweet . My goal is not only to remind those who have seen it before, but also to introduce it to those who haven’t, along with the thoughts it inevitably sparks. It’s a way to preserve this rare gem of social media for posterity. Below is the original post, with added speaker information for easier reading. Warning: This text is a bit long. If you’d rather skip ahead to the next part of the update, click/tap here . Someday aliens are going to land their saucers in a field somewhere in New Jersey and everything is going to go just fine right up until we try to explain our calendar to them. Humans: “yeah we divide our year into a number of sub units called ‘months’ made up a number of days, and they’re not all the same length” Aliens: “I guess that’s unavoidable, if your rotations-count per orbit is a prime number” Humans: “yeah, our’s isn’t prime” Aliens: “but surely you have most of these ‘months’ the same length and just make the last one shorter or longer?” Humans: “No… They’re different lengths following no logical pattern” Aliens: “what” Humans: “and we further subdivide the months into ‘weeks’, which is 7 days.” Aliens: “ahh, so each month is an integer multiple of weeks?” Humans: “that would make sense, but no. Only one is, sometimes” Aliens: “SOMETIMES?!” Humans: “yeah our orbit around the sun isn’t an integer number of days, so we have to change the number of days to in a year from time to time” Aliens: “oh yes, a similar thing happens on Epsilon Indi 7, where they have to add an extra day every 39 years to keep holidays on track” Humans: “yeah that’s how ours work! Although the ratio doesn’t work out cleanly, so we just do every 4 years, except every 100 years, except except every 400 years” Aliens: “oh, you number your years? What’s the epoch?” Humans: “uh, it’s supposed to be the birth of a religious leader, but they got the math wrong so it’s off by 4 years, if he existed at all.” Aliens: “if? You based your calendar off the birth date of someone you’re not sure exists?” Humans: “yeah. He’s written about in a famous book but historical records are spotty.” Aliens: “interesting. I didn’t realize your planet was one of the ones with a single universal religion, that usually only happens in partial or complete hive minds.” Humans: “uhh, we’re not.” Aliens: “You’re not?!” Humans: “yeah we have multiple religions.” Aliens: “oh but they all have a common ancestor, which agrees on the existence of that leader, right?” Humans: “uh, no. Two of the big ones do, but most of the others don’t believe in him” Aliens: “YOUR CALENDAR IS BASED ON A RELIGIOUS LEADER THAT NOT EVERYONE BELIEVES IN?” Humans: “well, on his birth. And yeah, we got it wrong by a couple years.” Aliens: “OK, fine. So, you have somewhat complicated rules about when you change the length of your years, and I’m scared to ask this, but… You definitely just add or subtract that extra day at the end, right?” Humans: “…. Nope.” Aliens: “At the start of the year? " Humans: “nah. The end of the second month” Aliens: “WHY WOULD IT BE THE SECOND MONTH?” Humans: “I’m not sure, really.” Aliens: “huh. So at this point I’m dreading asking this, but how do you measure time within each day?” Humans: “oh that’s much simpler. Each day is divided into hours, each hour has minutes, and each minute has seconds.” Aliens: “ok. And 10 of each?” Humans: “10 hours? No. There’s 24 hours, 60 minutes, 60 seconds” Aliens: “…. I thought you said you used a base-10 counting system” Humans: “we do! Mostly. But our time system came from some long gone civilization that liked base-60 like 5000 years ago” Aliens: “and you haven’t changed it since?” Humans: “No.” Aliens: “huh. Okay, so why 24? That’s not a divisor of 60” Humans: “oh because it’s actually 12!” Aliens: “what” Humans: “yeah each day is 24 hours but they are divided into two sets of 12.” Aliens: “and that’s 5 12s, right, I see the logic here, almost. So like, after hour 12, it becomes the second half, which is 1?” Humans: “No, after 11.” Aliens: “oh, you zero-index them! So it’s hours 0-11 in the first half, then 12-23 in the second half?” Humans: “No. 12 to 11 in the first half, and again in the second half” Aliens: “please explain that before my brain melts out my mouth” Humans: “the first hour is 12. Then the next one is 1, then it goes back up to 11, then 12 again” Aliens: “that is not how numbers work. And how do you tell first 12 apart from second 12?” Humans: “oh we don’t use numbers for that!” Aliens: “you don’t number the two halves of your day?” Humans: “nah, we call them AM and PM” Aliens: “WHAT DOES THAT MEAN” Humans: “I think it’s ante-meridian and post-meridian? But I’m not sure, I dont know much Latin” Aliens: “Latin?” Humans: “yeah it’s an ancient language from an old empire which controlled a lot of the world and we still use some of their terms” Aliens: “oh, and that was the civilization that liked base-60 and set up your time system?” Humans: “that would make sense, but… No, completely different one.” Aliens: “okay, and what do you do to if you want to measure very short times, shorter than a second?” Humans: “oh we use milliseconds and microseconds” Aliens: “ahh, those are a 60th of a second and then 60th of the other?” Humans: “No. Thousandths.” Aliens: “so you switch to base-10 at last, but only for subdivisions of the second?” Humans: “yeah.” Aliens: “but at thousands, ie, ten tens tens” Humans: “yeah. Technically we have deciseconds and centiseconds, which are 1/10 of a second, and 1/100 of a second, but no one really uses them. We just use milli.” Aliens: “that seems more like a base-1000 system than a base-10 system.” Humans: “it kinda is? We do a similar thing with measures of volume and distance and mass.” Aliens: “but you still call it base-10?” Humans: “yeah” Aliens: “so let me see if I get this right: Your years are divided in 10 months, each of which is some variable number of days, the SECOND of which varies based on a complex formula… and each day is divided into two halves of 12 hours, of 60 minutes, 60 seconds, 1000 milliseconds?” Humans: “12 months, actually.” Aliens: “right, because of the ancient civilization that liked base-60, and 12 is a divisor of 60.” Humans: “No, actually, that came from the civilization that used latin. Previously there were 10.” Aliens: “what” Humans: “yeah the Latin guys added two months part of the way through their rule, adding two more months. That’s why some are named after the wrong numbers” Aliens: “you just said two things I am having trouble understanding. 1. Your months are named, not numbered? 2. THE NAMES ARE WRONG?” Humans: “yep! Our 9th month is named after the number 7, and so on for 10, 11, and 12.” Aliens: “your 12th month is named… 10?” Humans: “yeah.” Aliens: “what are the other ones named after?!” Humans: “various things. Mainly Gods or rulers” Aliens: “oh, from that same religion that your epoch is from?” Humans: “uh… No. Different one.” Aliens: “so you have an epoch based on one religion, but name your months based on a different one?” Humans: “yeah! Just wait until you hear about days of the week.” Aliens: “WHAT” Humans: “so yeah we group days into 7-day periods-” Aliens: “which aren’t an even divisor of your months lengths or year lengths?” Humans: “right. Don’t interrupt” Aliens: “sorry” Humans: “but we name the days of the week, rather than numbering them. Funny story with that, actually: there’s disagreement about which day starts the week.” Aliens: “you have a period that repeats every 7 days and you don’t agree when it starts?” Humans: “yeah, it’s Monday or Sunday.” Aliens: “and those names come from…” Humans: “celestial bodies and gods! The sun and moon are Sunday and Monday, for example” Aliens: “but… I looked at your planet’s orbit parameters. Doesn’t the sun come up every day?” Humans: “yeah.” Aliens: “oh, do you have one of those odd orbits where your natural satellite is closer or eclipsed every 7 days, like Quagnar 4?” Humans: “no, the sun and moon are the same then as every other day, we just had to name them something.” Aliens: “and the other days, those are named after gods?” Humans: “yep!” Aliens: “from your largest religion, I imagine?” Humans: “nah. That one (and the second largest, actually) only has one god, and he doesn’t really have a name.” Aliens: “huh. So what religion are they from? The Latin one again?” Humans: “nah, they only named one of the God-days” Aliens: “only on… SO THE OTHER DAYS ARE FROM A DIFFERENT RELIGON ENTIRELY?” Humans: “Yep!” Aliens: “the third or forth biggest, I assume?” Humans: “nah, it’s one that… Kinda doesn’t exist anymore? It mostly died out like 800 years ago, though there are some modern small revivals, of course” Aliens: “so, let me get confirm I am understanding this correctly. Your days and hours and seconds and smaller are numbered, in a repeating pattern. But your years are numbered based on a religious epoch, despite it being only one religion amongst several.” Humans: “correct so far” Aliens: “and your months and days of the week are instead named, although some are named after numbers, and it’s the wrong numbers” Humans: “exactly” Aliens: “and the ones that aren’t numbers or rulers or celestial objects are named after gods, right?” Humans: “yup!” Aliens: “but the months and the days of the week are named after gods from different religons from the epoch religion, and indeed, each other?” Humans: “yeah! Except Saturday. That’s the same religion as the month religion” Aliens: “and the month/Saturday religion is also from the same culture who gave you the 12 months system, and the names for the two halves of the day, which are also named?” Humans: “right! Well, kinda.” Aliens: “please explain, slowly and carefully” Humans: “yeah so cultures before then had a 12 month system, because of the moon. But they had been using a 10 month system, before switching to 12 and giving them the modern names” Aliens: “the… Moon? Your celestial body?” Humans: “yeah, it completes an orbit about every 27 days, so which is about 12 times a year, so it is only natural to divide the year into 12 periods, which eventually got called months” Aliens: “ok, that makes sense. Wait, no. Your orbital period is approximately 365.25 days, right?” Humans: “yeah. That’s why we do 365 or 366 based on the formula” Aliens: “but that doesn’t work. 365 divided by 27 is ~13.5, not 12” Humans: “yeah I’m not sure why 12 was so common then. Maybe it goes back to the base 60 people?” Aliens: “okay so one final check before I file this report: Years are numbered based on a religious leader. Years always have 12 months, but the lengths of those months is not consistent between each other or between years.” Humans: “don’t forget the epoch we number our years from is wrong!” Aliens: “right, yes. And your months are named, some after a different religion, and some after numbers, but not the number the month is in the year.” Humans: “right. And when we change the month lengths, it’s the second one we change” Aliens: “how could I forget? After months you have a repeating ‘week’ of 7 days, which is named after gods from two religons, one of which is the month-naming one, and a nearly extinct one. And you don’t agree when the week starts.” Humans: “nope! My money is on Monday.” Aliens: “that’s the Monday that’s named after your moon, which supposedly influenced the commonality of the 12 months in a year cycle, despite it orbiting 13 times in a year?” Humans: “correct!” Aliens: “and as for your days, they split into two halves, named after a phrase you don’t really understand in the long dead language of the same culture that named the months and Saturday.” Humans: “Yep. I took some in college but all I remember is like, ‘boy’, ‘girl’, ‘stinky’, ‘cocksucker’” Aliens: “charming. And then each half is divided into 12 hours, but you start at 12, then go to 1, and up to 11” Humans: “all I can say is that it makes more sense on analog clocks.” Aliens: “i don’t know what that is and at this point I would prefer you not elaborate. So each of those hours is divided into 60 minutes and then 60 seconds, and this comes from an ancient civilization, but not the one that gave you the month names” Humans: “yep. Different guys. Different part of the world.” Aliens: “ok. And then after seconds, you switch to a ‘base-10’ system, but you only really use multiples of a thousand? Milliseconds and microseconds?” Humans: “right. And there’s smaller ones beyond that, but they all use thousands” Aliens: “right. Got it. All written down here. Now if you’ll excuse me, I just gotta go make sure I didn’t leave my interociter on, I’ll be right back.” The tall alien walks back into their saucer without a wave. The landing ramp closes. The ship gently lifts off as gangly landing legs retract. There’s a beat, then a sudden whooshing sound as air rushes back into the space that previously held the craft, now suddenly vacuum. NORAD alarms go off briefly as an object is detected leaving the earth’s atmosphere at a significant fraction of the speed of light. In the years to come, many technological advances are made from what was left behind, a small tablet shaped object made of some kind of artifical stone/neutrino composite material. The alien message left on screen is eventually translated to read “Untitled Document 1 has not been saved, are you sure you wish to quit? (yes) (no) (cancel)” Many years have passed, and we await the day the aliens return. They have not. As I mentioned in the previous update ( here ), my beloved 9barista coffee brewer started malfunctioning at the end of Q3, likely due to the age of the O-ring sealing the water chamber and the descaling process I performed. However, I was able to fix the machine using the official 9barista repair kit and have been using it daily ever since. In recent months, though, I’ve almost entirely switched to decaf coffee in an effort to reduce some recurring headaches I’ve been dealing with for a while. It doesn’t seem to be the constant consumption of caffeine causing the issue; rather, the headaches mostly appeared whenever I skipped a cup, making it seem more like a caffeine withdrawal effect. Although I continued to experience headaches in Q4, those were likely linked to being sick rather than coffee, see below . That said, both the frequency and intensity of the headaches have noticeably decreased. Toward the end of Q4, I also began experimenting with additions to my coffee, specifically Lion’s Mane , a well-known component of traditional Chinese medicine that’s often advertised as an alternative to caffeine. It’s believed to enhance focus without the jitters or cold sweats that usually come with high caffeine consumption. In mid-October, I unfortunately got hit with a heavy dose of COVID-19 , which knocked me out for three weeks and has had (once again) a lasting impact on my overall health. Since I was mostly bedbound during that time, I spent some of it exchanging COVID anecdotes with the friendly folks in the community channel . I was surprised to find that many people there had similar negative experiences, particularly in relation to post-vaccine infections. My first encounter with COVID was back in 2020, and for me, it turned out to be little more than a bad flu, with two days of fever and some headaches. I didn’t lose my sense of smell or taste, nor did I experience any long-term effects. In fact, the most troubling part of the whole COVID experience for me back then wasn’t the sickness itself, but the fear of being picked up by local authorities for having an elevated body temperature. This was especially concerning because I was still traveling the world at the time, enjoying the eerie quiet of empty airports and cities. Due to increasing social pressure, especially from governments imposing heavy travel restrictions, I was eventually pushed into getting vaccinated shortly after that. Unfortunately, my body didn’t handle the two doses very well. I experienced extreme muscle pain and a general sense of being under the weather . While those side effects faded after a few days, in the months that followed, I felt more tired and inflamed than usual, with recurring flu-like symptoms and headaches. At some point, COVID hit me again, but this time it was really bad. I ended up battling a fever around 40°C/104°F for over a week, and I was completely knocked out for almost two months. On top of that, I began experiencing cardiovascular symptoms, which persisted for months and even years afterward. The adverse effects I’d never experienced before didn’t just show up with subsequent COVID infections, but also with regular flu. There was one point when a strain of Influenza B hit me so hard that I had to visit the emergency room, which is something I’d never done before, even though I’d never received the annual flu vaccine. To this day, it feels like ever since I got the Pfizer shots (for which I had to sign a liability waiver), my health has been in a constant decline, especially whenever influenza or COVID strikes. No matter how healthy my diet or activity level, it doesn’t seem to make much of a difference. In fact, the ongoing inflammation and regular flu-like symptoms have made it especially hard to push myself during a workout or a run. At some point, I started digging deeper into the issue, with regular bloodwork and visits to specialists, particularly cardiologists. Unfortunately, as is often the case, no medical expert has been able to diagnose the underlying issue(s) or propose meaningful solutions. Society seems quick to ridicule those who seek to improve their health through unconventional methods, yet most people fail to recognize the globally poor state of healthcare, which leaves people stranded, regardless of how much private money they’re willing to spend to solve their problems. Long story short, will I continue to get the battletested shots for Hepatitis , Tetanus , and other dangers humanity faces? Definitely. But will I be significantly more skeptical of vaccines that didn’t undergo year-long trials and were fast-tracked by every government on Earth to curb an allegedly man-made virus that escaped a biological research facility, all while creating shareholder value ? You bet! Note: This is a complex topic, and everyone has their own personal experience. For many, the COVID shots seem to have had no negative side effects. For some, however, they did. This doesn’t mean that COVID doesn’t exist, nor that lizard overlords used it as an excuse to inject us with nanobots . Medicine certainly has its flaws, and financial interests were prioritized over absolute safety, something that’s happened in other areas as well over the past few years (e.g., Boeing ). If, however, you think there’s a pLaNdEmIc or some intentional, eViL gEnEtIc ExPeRiMeNt at play, there’s no need at all to launch your XLibre Xserver to reach out to me with fUrThEr iNfO oN tHiS tOpIc . Thank you. You might have noticed that the main menu at the top of this website has grown, now including a now page , as well as a link to Codeberg, but more on that in a second . The now page is exactly what the name suggests: a now page . Given the failure of social media, I’ve pretty much given up on maintaining a public profile for posting status updates. Up until the end of 2021, I was still actively maintaining a Mastodon account alongside a TUI client , but that eventually fell apart for multiple reasons. After that, I used Nostr for a while, but eventually gave it up too. These days, I’m somewhat active on Bluesky , though my account isn’t publicly available. I don’t have high hopes for Bluesky either, and I’ll probably delete my account there one day, at the latest when Bluesky inevitably becomes enshittified . The now page , however, is here to stay. It will continue to feature short, tweet -like updates about all sorts of things. If you’re interested, feel free to check it every once in a while. I might even activate a dedicated RSS feed for it at some point. For the past few months I’ve been silently moving most private project repositories away from GitHub towards privately hosted instances of Forgejo – a terrible name, btw – as well as many of my public GitHub projects to Codeberg . One reason to do so is… well, let me just quote Andrew Kelley here, who probably put it best: […] the engineering excellence that created GitHub’s success is no longer driving it. Priorities and the engineering culture have rotted, leaving users inflicted with some kind of bloated, buggy JavaScript framework in the name of progress. Stuff that used to be snappy is now sluggish and often entirely broken. Most importantly, Actions has inexcusable bugs while being completely neglected . After the CEO of GitHub said to “embrace AI or get out” , it seems the lackeys at Microsoft took the hint, because GitHub Actions started “vibe-scheduling”; choosing jobs to run seemingly at random. Combined with other bugs and inability to manually intervene, this causes our CI system to get so backed up that not even master branch commits get checked. However, unlike most people who decided to migrate from GitHub to Codeberg, I won’t be deleting my repositories on GitHub just yet. Instead, I’ve updated all my local clones to point toward Codeberg, and I’ve enabled synchronized pushes from Codeberg to GitHub, as I plan to continue using GitHub’s workflows. “But why?!” you might ask. The reason is simple: Because I’m happy to waste Microsoft’s resources on automated tests and build actions. While I could use Codeberg’s Woodpecker CI or even set up my own, I’m more than content to keep using GitHub’s CPU cycles for free to build my silly little projects , while hosting the primary source code repositories on Codeberg. Since there doesn’t seem to be a way to disable Pull Requests on GitHub for my respective projects, I’ve added pull request templates that warn against opening PRs there. I’ve also disabled the Issues tab and updated the short descriptions to link to Codeberg. Additionally, my overview page on GitHub now links to Codeberg, with the GitHub repositories listed explicitly as GitHub mirrors . At the end of October I encountered an issue with ungoogled-chromium on my Gentoo laptop that prevented it from compiling successfully. Upon further investigation I learned that, quote: Using the system libc++ is no longer supported This change was driven by the Chromium project and affected my, along with many others’, Gentoo installation, due to the use of system libraries instead of the in-tree ones provided by Chromium. As mentioned here , this is a security concern, as users will need to trust the Chromium-provided libraries over those from their distribution. In case you’ve ever wondered why anyone in 2025 would still compile from source when tHe PeRfOrMaNcE bEnEfItS aRe NeGlIgIbLe , this is one of the key reasons why compiling from source still makes sense and, in fact, is more important than ever. The same projects that have historically taken a controversial stance on sensible default settings are now the ones seemingly rejecting security-critical system components in favor of their own. Tl;dr: If you’re using Chromium or a Chromium-based browser (other than ungoogled-chromium on Gentoo through PF4Public ’s repository), it’s highly likely that your browser is not using your system maintainer’s libraries, but rather Chromium’s in-tree ones with whatever versions and features the Chromium developers deem necessary and sensible. In what to this day remains a mystery the keyboard switch of my key has decided that it rejects its existence and seemingly removed one of its legs, presumably in an effort to escape and start a new live. I had documented the whole incident on Keebtalk for anyone who’s equally as puzzled by this as I am. I invested quite some time in pursuing my open source projects in the past quarter, hence there are a few updates to share. At the beginning of November I released Zeit v1.0.0 , a full rewrite of my command line time tracking tool. In case you missed it, I summed up everything in a dedicated post and have also published a dedicated project website that will soon act as more than just a landingpage. With 📨🚕 (MSG.TAXI) continuing to grow and evolve, Overpush has received a few important updates improving its stability with long-running XMPP connections. One thing that made me very happy throughout the debugging phase was the fact that despite stability of Overpush not being perfect , no messages ever got lost whatsoever and were always successfully delivered the moment the service would be able to reach the target platforms (specifically XMPP in this case). :-) If you haven’t yet tried Overpush yourself, I encourage you to sign up on 📨🚕 and give it a go. If you find the service useful you’ll be able to easily spin up your own Overpush instance further down the line and won’t have to depend on any closed-source proprietary platfrom. As those of you idling in the community channel might know, I’ve been actively working on an internet forum software for some time now . What kick-started my efforts was the desire to set up a support and discussion forum for 📨🚕 , among other things, but I was dissatisfied with the existing options. I was looking for an internet forum that… The first thing that came to mind was phpBB , which has been around for decades and appears to be one of the few options that (unlike Discourse and Lemmy ) doesn’t require users to have JavaScript enabled. Sadly, phpBB is a monster . It has too many features, takes a lot of time to properly install and configure, and, more importantly, when looking at its runtime dependencies and extensions, it requires some recurring effort to keep it safe and sound. Don’t get me wrong, unlike Discourse , which is frankly terrible, phpBB is a solid piece of software. However, for my use cases, I wanted something more lightweight that is easy to set up and run. None of the existing solutions, with maybe one or two exceptions like DFeed , came close to what I was looking for. And those that seemed like a good fit sadly lacked some functionalities, which would have required me to extend them in ways that would significantly alter core functionality. These changes would have likely not been merged upstream, meaning I’d probably end up maintaining my own fork anyway. The bulletin board I’m working on is built in Go, as a single executable binary (without CGO ) for all major platforms ( Linux , * BSD , (maybe) Plan 9 , macOS , and (maybe) Windows ) that doesn’t require a runtime (like Erlang / Elixir , PHP , Ruby , Python , or worse, Node.js ) or even assets (e.g., HTML/CSS files) anywhere in . It renders modern HTML on the server-side and doesn’t require any user-side JavaScript to be enabled. The forum will support only PostgreSQL (single- and multi-node setups), require a Redis/Valkey instance or cluster, and use S3-compatible storage for user content (e.g., profile pictures, file uploads, etc.). The platform will allow sign-ups via email and XMPP addresses, supporting notifications and replies through both services. But don’t worry: OAuth authentication via popular providers will also be available. Additionally, the forum will feature a dedicated REST API that, unlike Lemmy ’s or Discourse ’s APIs, will be much easier to work with. One mid-term goal is to integrate this API into Neon Modem Overdrive , which will become its official TUI client. Short story long: I’ve been working on this project for a little while now and expect to release a first live demo around February ‘26. While many basic features are already implemented, there are still details I’d like to perfect before publishing the first version. I’ll set up a live online demo for people to try out first, and only after fine-tuning the code based on feedback will I wrap up the actual source release. The forum will be open-source and available under the SEGV license. If this sounds interesting to you and you’d like to participate in development or testing, reach out to me ! With that said, I sincerely hope you’re enjoying a wonderful holiday season and gearing up for a great new year! As we wrap up 2025, I’ll be taking a well-deserved break from posting here on the site. The start of 2026 is shaping up to be quite hectic, and I’m looking forward to diving into some exciting projects, especially focusing on the ▓▓▓▓▓▓▓▓▓▓▓ bulletin board system I’m building. I hope this season brings you moments of joy, relaxation, and time well spent with those who matter most. May the new year be filled with new opportunities, exciting adventures, and personal growth. I look forward to reconnecting with all of you next year ! Stay safe, take care of yourselves, and I’ll see you in 2026! Can use an existing database to authenticate users and/or… Supports simple email/username signups. Ideally supports notifications and replies via email. Is lightweight and doesn’t require a ton of runtime dependencies. Does not require users to have JavaScript enabled . Does not overwhelm me with administrative features. Is somewhat easily themeable.

0 views