My setup

I'm always interested in what tools others are using to get their work done. On this page, I want to share how I get my stuff done, at least the computing part of it. This is also inspired by The Setup and Richard Stallman's "How I do my computing".

Hardware

My laptop is a Thinkpad Edge E530. I was lucky to get it quite cheaply without Windows preinstalled. What I like about it is that it did not yet fail over the last couple of years. I replaced the crappy hard disk with a SSD to get some performance out of the otherwise not very powerful laptop. The screen is not that good, but the fact that it's a matte screen makes it quite usable in the sunlight. I removed the camera and microphone. This guide was quite helpful for that, although it's actually for replacing the screen. However, the same steps make it possible to access the camera and microphone module above the screen.

I built my own PC after I had finished school and I still use it today. The CPU is an Intel Core i7-860 and runs overclocked at 3.4 GHz which is still enough for my performance needs. The processor is perfectly cooled by a Scythe Mugen 2 Rev.B which is not only really huge but also very quiet. I added 8 GB of RAM and the motherboard is a MSI P55-GD65. I can't really say something positive about the motherboard as it made quite some issues over the years. The only bad purchase besides the motherboard was the GPU. I managed to buy a variant of the Nvidia GeForce GTS 250 from EVGA that has the fan always running at 100%. To keep the noise down, I replaced the fan with an Alpenföhn Klara. The power supply is from bequiet! and everything is kept inside a nice Aluminium case from Lian Li that also has a side panel window. The only issue is the sometimes oscillating and thus noisy side panel.

For personal data and services for family and friends, I use a HP ProLiant MicroServer N54L as a home server. It is equipped with two 1 TB disks. A TP-Link TL-WDR4300 serves as router with an Allnet ALL0333CJ as modem. This blog and other public stuff is hosted on a VPS which uses KVM. I'm planning to move from the VPS to another home server as soon as I have access to a fast internet connection that is separate from the one the MicroServer is connected to. I'd like to keep the two servers completely separate from each other so I can use them as backups for each other.

Furthermore, I own two Samsung Galaxy S III phones. One of them is my daily driver and I use the other one for development work on Replicant.

Software

Freedom/security aspects and the operating systems I use

I try to use as much free software as possible. Unfortunately, we are not yet at the point where we can buy almost any kind of hardware and use it exclusively with free software. My laptop and PC work fine with the free graphics drivers for Intel and Nvidia chips. On the operating system level, I don't depend on nonfree software in the case of the PC, home server and router. However, the laptop needs a nonfree firmware to make the Intel Wireless card work.

My PC, laptop and home server need proprietary hardware initialization software. There isn't a free BIOS replacement available yet. I'd like to use hardware that is supported by Libreboot or at least supported by Coreboot. The Libreboot website explains why it's important that free software boots up your system. It also sums up why security and privacy is only possible on Intel and AMD hardware that is several years old.

Unfortunately, my two phones also need proprietary initialization software. The bootloaders are not even replaceable because the hardware only runs bootloaders that are signed by the manufacturer. There is also a second nonfree operating system running on the modem and various chips need proprietary firmwares for which there are no free replacements yet. The Replicant website explains why these issues need our attention. The graphics chip and GPS even need proprietary drivers that run on the main CPU. I use a QSTARZ BT-Q818XT as external GPS receiver over Bluetooth. It is quite accurate, has a long battery life and works nicely with my updated BlueGPS app version. I don't use any proprietary drivers or other software that runs on the main CPU of the phone, but I use some proprietary firmware to get different functionality working.

The two servers, the PC and the laptop are running Debian Stable. I tried many different distributions, but I always came back to Debian. It has a huge community, focuses on free software and is stable and secure. The router is running Openwrt. Replicant 6.0 powers the phones.

I use various tools to make my desktops and servers more secure and to reduce the maintenance burden. For example, I make heavy use of AppArmor to confine critical or Internet-facing applications. Here are some of my customized profiles. My kernels are hardened with grsecurity including PaX.

Desktop

For some time, I switched between Xfce, KDE's Plasma Desktop and GNOME 3 as my desktop environment of choice. Quite some time ago, I settled with i3 which is not even a desktop environment but an awesome tiling window manager. It is very lightweight, fast and makes a completely keyboard-driven workflow possible. Here is my config file. LightDM is my favorite display manager and urxvt is my default terminal. /r/unixporn is a great source for nice-looking customizations for i3 and urxvt. I use Emacs for almost all text-related tasks. Redshift keeps eyestrain away when working later at night.

Of course, my photo and video editing workflow only involves free software, although some of my older photos were edited with nonfree software because I wasn't yet aware about free software at the time. Sometimes, I use a Wacom Bamboo tablet for editing photos, creating vector graphics or annotating documents in Xournal. qpdfview is my go-to PDF viewer because it makes it possible to open many PDF files in a tabbed view and it syncs nicely a PDF preview of my LaTeX documents.

My music is handled by MPD. It's a daemon that can be accessed by different interfaces. On the desktop, I use ncmpcpp. On the phone, I stream music from my PC with MPDroid. I like about MPD that it almost always plays my music without any hiccups, even when the machine is under full load including heavy disc IO.

youtube-dl in combination with mpv and MediathekView are used to access videos that are available on the Internet. My IRC setup consists of WeeChat and ZNC. pass stores all my passwords. The ugly but extremely handy Ding dictionary lookup program is my dictionary and thesaurus interface.

Self-hosting

In my experience, setting up email processing is the most difficult part of a self-hosted setup. On the servers, my mail is handled by Postfix, Dovecot, amavisd-new, SpamAssassin, Postgrey, Roundcube and ClamAV. Everything is glued together with MySQL.

On my home server, Tiny Tiny RSS aggregates all my various reading sources including news, blogs, comics and software updates. I also have an ownCloud instance running, but it's only used to share files with others. At some point, I will replace ownCloud with Coquelicot which is much easier to maintain and does everything that is needed for file sharing. I do my own file syncing with git-annex. Calendar and contacts are synced with Radicale. I also maintain an Etherpad instance for notes and to work together with others on documents. Prosody works best for me as a Jabber/XMPP server. Besides Tor, I tinker with I2P, especially with the file sharing part of it. BIND does my DNS, but shame on me: I still haven't had the time to set up DNSSEC and DANE. But I use Unbound as a recursive DNS resolver on my routers and on my laptop. In this way, I have at least DNSSEC validation support available.

Together with the services that are hosted here, I am able to self-host every service that I need and that involves my personal data.