Something like https://graphite.com/ to create stacked PRs that are reviewable probably would have helped. Can be replicated with local LLMs or remote AI providers with locally configured agentic workflows. Never used graphite personally, but I’ve seen some open source maintainers use it to split up large PRs.

Like, from Yellow Dog Linux? Was my first Linux distro as a kid (grew up with an Apple computer). Red Hat based so checks out. TIL.

neovim user (inside zellij) and same. More of a full blown IDE than an editor.

Also for the keybind memory impaired like myself:

• https://github.com/folke/which-key.nvim
• native which-key in emacs

Totally agree with your overall point.

That said, I have to come to the defense of my terminal UI (TUI) comrades with some anecdotal experience.

I’ve got all the same tools in Neovim as my VSCode/Cursor colleagues, with a deeper understanding of how it all works under the hood.

They have no idea what an LSP is. They just know the marketing buzzword “IntelliSense.” As we build out our AI toolchains, it doesn’t even occur to them that an agent can talk to an LSP to improve code generation because all they know are VSCode extensions. I had to pick and evaluate my MCP servers from day one as opposed to just accepting the defaults, and the quality of my results shows it. The same can be done in GUI editors, but since you’re never forced to configure these things yourself, the exposure is just lower. I’ve had to run numerous trainings explaining that MCPs are traditionally meant to be run locally, because folks haven’t built the mental model that comes with wiring it all up yourself.

Again, totally agree with your overall point. This is more of a PSA for any aspiring engineers: TUIs are still alive and well.

Firefox Nightly + arkenfox userjs + uBlock Origin + Bitwarden as my daily driver.

Been a couple years since I checked up on arkenfox still being good. I get flagged as a bot all the time and constantly get popups about WebGL (GPU fingerprinting) so I assume its working as intended for my threat model.

Tails when I really care.

Mullvad VPN as my regular VPN with ProtonVPN for torrents.

GrapheneOS / NixOS as my OS.

Proton Visionary for most cloud services except passwords and I don’t really use Proton Drive. I do use ProtonPass for unique emails to every provider.

Kagi for searches / AI.

Etesync for contacts because Proton didn’t sync with the OS last I checked.

Backblaze B2 for cloud storage with my own encryption via rclone (Round Sync on GrapheneOS)

Keypass for a few things like my XMR wallets and master passwords I don’t even trust in Bitwarden.

https://jmp.chat/ for my mobile provider.

Pihole with encrypted DNS to Quad9.

https://onlykey.io/ for the second half of my sensitive passwords (Bitwarden, LUKS, Keypass, OS login). First half memorized.

Its a lot. I burned myself out a couple years ago keeping up with optimizing privacy and this setup has served me well for 2 years without really changing anything. The cloud services are grey areas in terms of privacy but the few ads that leak through uBlock have zero relevance to anything about me.

1. Not sure on this one.

2. The auditor is to make sure you are installing an authentic version of graphene. That it is not a modified version that has been tampered with (e.g., backdoors).

3. Automatically enables MAC randomization. This can help with being tracked on public networks. Fingerprinting techniques have gotten better though with deep packet inspection and even measuring radio characteristics. I’ve seen demos of two brand new and identical models of iPhones being distinctly picked out due to variances in the radios during manufacturing.

Doesn’t help with advertisers tracking behavior based on IP. VPNs help with “blending-in” by putting multiple users behind the same IP. Provider matters here. Needs to be a VPN provider that won’t just sell your data or cave to law enforcement. Mullvad is my preference. Paid with crypto. RAM only logs. That said, use Tor or I2P for anything you don’t want subpoenaed.

For additional tips:

• Can’t remember if its on by default, but auto-reboot to put data at rest (encrypted and not in RAM). This is for a state-actor threat level, and less about advertisers.
• I prefer pin codes to unlock my device and don’t use biometrics. Graphene has a feature to randomize the pin pad every time to protect against a recording of the pin be entered. Specifically where the numbers aren’t picked up on the video but the pattern your hand makes can be seen. Again, more of a state-actor threat level.

That’s one of the things I appreciate in a language/framework. Drives me nuts getting an exception from a dependency of a dependency of a dependency.

Even better if its baked into the type system and I can’t run my code without handling it.