Technophilia

Computers for Pros: Goodbye Mac, Hello ThinkPad

Back in February, I sold my 2017 MacBook Pro. For a couple of years, I had been grumbling about the direction Apple products have taken. I did have problems with the infamous butterfly keyboard. I actually liked the touch bar – except for its tendency to freeze at the exact moment I need to mute my sound quickly. And I couldn’t help noticing the many useful things that had disappeared from my older MacBooks:

  • MagSafe.
  • A battery charge level indicator
  • A light on the charging connector that changes color when the battery is charging or full
  • A long power cord instead of a brick that won’t fit every outlet
  • A common DisplayPort or HDMI output
  • An SD card reader
  • The ability for the owner to replace or upgrade the memory, storage, and battery.

I understand and appreciate the iterative design process, especially efforts to simplify products to their essence. But recently Apple seems to be obsessed with making everything thinner at the expense of almost anything else, including a lot of features people rely on all day at work.

Screenshot from Apple's support article for cleaning a MacBook Pro keyboard, including diagrams for holding the MacBook at ridiculous angles with elaborate patterns for spraying compressed air under the keys.

LOLnope.

I’m not talking about niche features. I’m talking about a reliable keyboard and a usable power cord in machines that easily cost two or three grand. The idea of sinking more money into one of those machines just seemed like buying a time bomb that would eventually interfere with my work.

At the same time, I picked up a new gig in an all-Windows shop. I used a company-issued laptop with Windows 10, and I was excited to try out the new Windows Subsystem for Linux for a real project. That experiment exceeded my expectations – it wasn’t just serviceable in an environment where I was required to use Windows, but it was a legitimate way out of my recent Mac woes. It’s always been my opinion that Windows 10 is great. But I want to talk about switching from MacBooks to a ThinkPad here, not about switching from macOS to Windows 10.

So about a month ago, I bought a Lenovo ThinkPad for all my consulting work. ThinkPads have their own cult following, but of a very different culture than Apple. Mac industrial design is mostly about a consumer market, but you’d never see a ThinkPad in a hip product placement on a top movie or TV show. They’re all-business, they don’t grab attention anywhere, and they like it that way. And the vast majority of ThinkPad customers aren’t enthusiasts; it’s mostly bulk corporate sales.

That corporate customer base makes ThinkPads a fundamentally different product from a Mac. But considering how many things the Mac has been sacrificing in the uncompromising pursuit of thinness, it has some big advantages to offer someone who likes their aging Mac a lot more than the new ones:

  • ThinkPad keyboards are the best keyboards available on a laptop. Its quality tactile feedback somehow enhances everything I do with it. We’re talking deep key travel, and lightly curved keys to fit the curve of my fingers. Page Up/Down keys right with the arrow keys. I struggle with being too long-winded in my writing, and this keyboard might be making it worse because I enjoy typing on it so much.
  • You can choose whether the Fn key turns your function keys into media keys, or your media keys into function keys. And there’s a user-customizable key as well.
  • ThinkPads ship with a very clean Windows build. They rolled all their OEM-specific controls into one application, and I think it doesn’t even run by default. No Lenovo-installed third party apps. (Windows 10 has some annoying default stuff, like Candy Crush Saga, that can be removed easily.)
  • Corporate IT departments want the ability to repair laptop components themselves instead of shipping them back to the factory, so ThinkPads have loads of parts that can be replaced or upgraded by the user inside. This is especially important for components like the battery, memory, or storage.
  • Those part upgrades also mean you can save a significant amount of money upgrading these machines yourself. Apple gets to charge ridiculous markups on storage and memory, and buyers have no choice because everything comes soldered onto the board.
  • You get several good and reasonably-priced warranty options at the time of purchase. You can choose the duration, as well as an option to have someone come to you for repairs instead of sending the machine to the factory.
  • I criticize Apple for sacrificing functionality in the pursuit of thinness, but I still value portability – just not to Apple’s extremes. ThinkPads offer some very portable MacBook Air competitors, and at the moment they’re far more powerful as well since it’s been a long time since the last MacBook Air refresh.
  • If you don’t want the most portable model available, you can get a laptop with interchangeable or extended batteries.
  • Miss non-reflective matte displays? Those are still an option on many ThinkPads, including mine. I can’t put a price on the ability to work from a picnic table outside next to my dog without tons of screen glare.
  • Also, Apple’s refusal to put touch sensors on the main display is silly and wrong. Windows machines that support multi-touch and graphics pen input are so good.

But not everything carries over perfectly for someone used to Apple products:

  • MacBook Pros have every ThinkPad beat on display quality. Most ThinkPads have multiple display options, because the display is one of the easiest places for an IT department to cut costs on a bulk order. So there are some truly dismal display options on the low end. The high end options can be very good. The best ones have 100% Adobe sRGB coverage and would be suitable for professional graphics work (especially in tandem with a Wacom pen) but they still don’t push quite as much brightness as a MacBook Pro can. (I think the Microsoft Surface line has better displays on average, but at the high end everyone has great options.)
  • Apple’s thinness crusade does give them a solid advantage in the “powerful and portable” category. Almost all the portable ThinkPads use Intel U-series chips (these are the same class as what’s in the MacBook Air). They have vastly improved compared to the generation of U chips currently offered in the Air, but they still are better for everyday workloads than they are for long renders or compiles. The one exception to this is the just-released ThinkPad Carbon X1 Extreme, which can compete head-to-head with a 15″ MacBook Pro. But they don’t have a 13″ MBP equivalent.
  • You have to order online, and Lenovo’s pricing system is notoriously inconsistent. It feels more like buying a car – if you paid sticker price, you’re a sucker. (For the record? I’m a sucker.) There are ways to find third parties who, in exchange for contact details to spam endlessly, will give you a Lenovo corporate discount code. And the discounts are significant. Sometimes they have big holiday sales as well. But ugh, what a hassle.

So it’s been a month now. I had cold feet when the device was coming, and was prepared to ship it back and buy a MacBook Pro and a silicone keyboard cover. But I’m so happy with it. In some ways, I think my preferences might be more suited to a ThinkPad in the first place – I get a similar kind of joy from other belongings that are built with durability in mind, like my Toyota truck or my Levi’s jeans. The unibody MacBook used to be a great fit on that list, but the ThinkPad has been quietly getting better and better at this for 26 years now.

I know some people would be better served by a different choice. Windows 10 won’t fit everyone’s needs as well as it does mine (especially for multimedia work). I also have a high opinion of the Microsoft Surface line in terms of the overall package, which looks a little more like Apple’s in general. And heck, a lot of my gripes about current Macs can be worked around with an external keyboard. Lenovo even offers the ThinkPad keyboard in an external bluetooth model 😉

Specs for my ThinkPad T480

CPU: Quad-core Intel Core i7-8650U (8th-gen Kaby Lake R, 15W, 1.9GHz base / 4.3GHz turbo)
GPUs: 2GB Nvidia MX150 discrete; Intel UHD 620 integrated
Memory: 32GB DDR4-2400
Display: 14.0″ WQHD (2560 x 1440) IPS anti-glare (non-touch)
Storage: 1TB SATA SSD (I used one I bought earlier this year)
Biometrics: Touch fingerprint reader, IR face login
Dimensions: 13.25″ x 9.15″ x .078″ / 336.6 x 232.5 x 19.95 (mm)
Ports, oh so many ports: Gigabit Ethernet, HDMI, SDXC, 2x USB 3.0 type-A, 1x USB type-C (full capabilities), 1x Thunderbolt 3 (full capabilities), 1/8″ headphone/headset

Resources for everyday folks on internet privacy and security

I’ve had several friends from non-computing fields ask me for advice about tools for better privacy and security online. Some of this is in reaction to recently repealed FCC privacy rules that prevented Internet Service Providers (ISPs) from selling their customers’ private browsing information. Some of it is concern about an increasingly invasive surveillance state, and breaches by hacking groups with state funding.

I’ve been looking to improve my own digital security as well, and have found most of the resources out there to be hard to digest and turn into an action plan that doesn’t start with years of learning. So I’m putting my short notes on what I think matters most here, as well as some links for those who want to learn more. This is by no means a definitive or infallible guide, and if you have specific concerns, you should get individualized advice on this stuff.

Contents:

The 3 Major Web Security Technologies and What They Protect

  1. HTTPS is a secure way to connect to a remote website without anyone being able to read what gets sent or received. More and more websites are supporting or defaulting to HTTPS these days. (This is what we said “look for the lock icon in the address bar!” about in the ’90s.) Importantly, HTTPS does not prevent your ISP or Big Brother from knowing what site you’re visiting. And it doesn’t keep you anonymous from the servers running the site you’re visiting – anyone with their server or access logs knows about your visit, and if they get hacked or subpoenaed, you have exposure to threats here. But HTTPS is great! You should avoid ever using a login or password on sites that don’t use HTTPS (Ask sites without HTTPS why they aren’t protecting their users!) If you use the Chrome or Firefox browsers on your PC or Mac, I recommend installing the HTTPS Everywhere browser extension, which tries to use HTTPS connections to sites whenever possible. (Be advised that every once in a while, HTTPS Everywhere can cause issues if a site has not set up HTTPS properly. The extension can be disabled on a site-by-site basis in these instances.)
  2. A VPN (virtual private network) will encrypt your entire internet connection between your device and the VPN’s server. (Your apps are covered too! However, some services, especially from financial institutions and outgoing mail servers, are often blocked over VPN.) This makes for good protection against unsecured public Wi-Fi networks, snooping ISPs, network censorship, and can route around corporate or government surveillance before the VPN server (but only if you’re connecting to a server beyond those surveillance tools). But on the VPN server side, your traffic still comes out unprotected. Think of it like a secure pipeline or signal repeater to access the Internet from the VPN server’s location, instead of your own. Trust is important here – a VPN provider is just as capable of bad actions as your local ISP. (In fact, the majority of free VPNs are super malicious. I currently do not recommend any free-to-the-public VPN. Even that cool one you heard about from a trusted brand.) It’s also important to know what information the VPN provider is logging about you.
  3. Tor is a tool which tries to fully anonymize your identity and browsing information from everyone. (HTTPS and VPNs protect part of your browsing information during part of a browsing session.) It requires you to use their modified version of the Firefox browser, and disables functionality present in other browsers that can be used to reveal your identity or communications. They also have some important warnings which need to be heeded to keep you protected.

Choosing a VPN service

This is a complicated and personal decision. I suggest keeping the following in mind:

  • Who do you want to shield your internet data from? Your neighbors at the café? The tech staff at your work or school? Your ISP? Your government or one you’re visiting?
  • What devices do you want to protect? If you just connect your PC to a VPN, your phone is still exposed. Some VPNs have a limit on how many devices can connect at once.
  • What kind of logging do you care about the VPN doing? Some log everything. Some log as little as possible.
  • Do you need something that’s easy to use? Sometimes the best VPN on paper turns out to be difficult to set up or use.

I used two different guides to VPNs in my research:

  • PCMag.com reviewed several VPN services on their quality of service and ease of use, but paid almost no attention to the privacy or logging side of things.
  • That One Privacy Site has a detailed guide to many VPN services which focuses on their quantitative specs (with a strong emphasis on their security against government surveillance), and has very little about their usability or quality.

I decided that I want to use a VPN to protect my browsing information from corporations who would like to sell it for their own purposes, possibly to my detriment. I will use other technologies to add security for more sensitive situations.

I chose to use Private Internet Access on my iOS, macOS, and Windows devices. They claim to log very little about what their customers access, allow a good number of devices connected at once, have a lot of available servers, and are a great deal at $40/year. Installation was very easy, and it automatically connects to their VPN whenever I turn any device on. On my mobile devices, it seamlessly handles any transitions between cellular and wi-fi networks, and maintains a permanent connection. Everything works very well.

My biggest caveat for Private Internet Access: they’re under United States jurisdiction, and they aren’t very transparent about who runs or owns the business. (Their corporate address is a coworking space just next to Union Station in Denver, so points for a Colorado business, perhaps?) I would probably advise something else for activists or people more concerned about a snooping government than a snooping ISP.

Let’s talk about your e-mail and messaging apps.

All email is inherently insecure. Treat it like a postcard that could be read by anyone between the writer and intended recipient. Don’t use it for sensitive information about you or anyone else. Unless you want to learn how to do PGP-encrypted email. (You don’t want to learn how to do PGP-encrypted email.)

SMS messaging and most internet messaging apps are also particularly vulnerable. Don’t talk about anything that could be damaging to yourself or any vulnerable third parties over them. Even if you think you’re having a private conversation. But I do recommend using Signal for private, encrypted messaging and calls. (Install: iOSAndroidChrome) Others have said WhatsApp (owned by Facebook) is secure, but since the UK Snooper’s Charter became law, we can no longer be sure of this.

Other things you should be doing

  • It’s long past time to actually start using different, strong passwords for every account you have. No excuses! You will get burned if you don’t. And possibly embarrassed publicly. You can check to see where your login information has already been compromised at “Have I Been Pwned?”
  • Use a password manager to generate and store all those different passwords you have. The two I can vouch for are LastPass (which I use, and like for their features and pricing, though sometimes they have some usability and design issues) and 1Password (which also works well and has better design but costs more). Nowadays these managers can be unlocked on your phone with a fingerprint, which makes them faster than remembering any password. Seriously, come on in. The water’s fine. I don’t remember any of my passwords any more.
  • Enable two-factor authentication on any service that supports it. This protects you in case someone does get a hold of your password. Here’s more on how 2FA works, and here’s a list of who supports 2FA with links to each provider’s own 2FA instructions.
  • Worried about other Internet companies like Facebook, Google, and Amazon tracking you? I recommend the following:
    • Change your default search engine to DuckDuckGo, which works very well and doesn’t track you. This is an available search engine in iOS as well.
    • There is a browser extension for Firefox and Chrome called Privacy Badger that is meant to block tracking stuff outright. I don’t use it but it sounds great.
    • Only allow cookies from the actual site you’re visiting (block third party cookies that usually are for ads):
      • Safari 10.1 (macOS): Preferences > Privacy > Cookies and website data: “Allow from current website only”
      • Firefox 52: Preferences/Settings  > Privacy > History > Use custom settings for history > Accept cookies from sites > Accept third-party cookies: Never
      • Chrome 57 desktop: Preferences/Settings > Show advanced settings > Privacy > Content settings > Block third-party cookies and site data
      • iOS 10: Settings > Safari > Block Cookies > Allow from Current Website Only
      • Chrome 57 Android: Settings > Site Settings > Cookies > Block third-party cookies

Educational resources

The best place to learn more about this stuff for yourself is the Electronic Frontier Foundation’s Surveillance Self-Defense Guide. I particularly recommend “An Introduction to Threat Modeling,” which covers the kind of different security risks to keep in mind before you set about a plan to improve your operational security.

Video: Parachuting into Drupal Crazy

This week I spoke at the DBUG Drupal meetup in Denver about an unglamorous but very important thing that comes up for any technologist: turning around applications that have, for one reason or another, left their users unhappy.

I also had no idea that DBUG meets in a TV studio and is broadcast live on public access TV and the web. Thankfully, my doctor has me on some really good blood pressure meds.

My talk covers some of the strategic, technical, and personal things that people can do to fall back in love with their Drupal applications again. (The non-technical aspects are really applicable to any software.)

(I start my talk at the 19 minute mark.)

I want to thank DBUG for inviting me, and Aten Design Group and Denver Open Media for their sponsorship and work to make this event happen.

Slides are at http://zeke.ws/DrupalParachuting .

Millennials, Begone!

This year, all the uninspired rants against my generation got a bit too much to handle:

I just cooked up a Chrome extension called “Millennials, Begone!” to make every invocation of “millennials” say what it really means:

Pesky Whipper-Snappers.

You can go install it from the Chrome Web Store, or grab the source at GitHub.