Hi-- the retail chain I worked for was known for having large, trendy stores and the opening of those stores usually had a very large media event parties. The theft happened during the party by someone working for the catering company hired for the party (and thus access to the back office areas that night). So they were caught on the security cameras and our security department worked with the catering company to identify the culprit. Our security department basically threatened the thief with moving forward with a prosecution which was larger than it might have normally been for that kind of theft and the thief returned itā¦ it was a bit damaged, but worked. Personally, I donāt remember much of anything from that night (it was a very good party), but I remember the bit of panic overcoming my headache the next day when I got to work.
Always nice to hear when justice prevails.
Curious why the laptop was damaged thoughā¦ 
To answer your question about data on my home machines: there is none. All data remains on networks managed or approved by my employer. Example data I might need to develop or test locally is artificially generated. Iāve attended too many HIPAA trainings to flirt with being liable for data disclosures. (And honestly, New Orleans being what it is thereās no sense in pretending that the power isnāt going to go out for a week every so often. Relying on anything here would be foolish!)
Source code exists only on my work issued laptop which is managed by corporate IT. We have contractually agreed that their security measures are sufficient. With strong password enforcement, encrypted drives, and secure comms it probably is. It helps that weāre a fully remote workforce and IT has done a pretty good job of balancing security with ease of use. Being remote is the baseline.
Heard that. I ended up in Phuket because I know people there but am really happy with the choice. It is a tourist mecca but along with that comes a ton of things to do and people who can either speak English or gently help me with my nascent Thai. (Ironically north Phuket where Iām at is a whole lot less touristy than New Orleans.) The outlying provinces are equally beautiful and fortunately very easy to get to.
Been traveling about 40%-50% of the year for the past 20 years. Regarding security, reading this thread is making me paranoid. 
The main countries I travel between are Canada, US, and India. At some point I lost count, but Iām guessing Iāve probably been to between 10-20 countries. Iāve had friends who had to travel to China and as a matter of work policy they never brought their main laptop or phone. Once upon a time, I use to think about it a lot, but I havenāt for at least a decade. Iām just not that important. 
Iām more concerned about having things break while Iām remote. I have full and incremental backups of my laptop and Iāve only had to restore from scratch once. I keep a cloud and physical backup. My phone use is also fairly minimal.
I actually do have a pretty crazy homelab setup with DMZ and fairly complex vlan / vpn setup, but now I rarely use it or any cloud servers. 
Travel tips
- Travel light
- I have a 44L backpack with which I have spent 6 months on the road. Goes in as carry-on in all airlines Iāve tried. I use probably about 25L. You may think youāre going to need some item, but youāre not. The first time I went to Africa I had probably 60L of gear, including a mosquito net. Well, mosquito nets are super-cheap in Africa. Also, donāt waste so much time optimizing the exact perfect gear, you can always get it on the road. For instance, I just buy sweatpants, etc. if I need them when I land.
- I know I just said travel light and youāre not going to need it. Well, you never really know what type of accommodation you may end up with. So I always have a silk sleep sack with me. It has come in exceptionally handy a few times.
- Hitchhikerās guide to the galaxy recommended having a towel. I also whole-heartedly recommend getting a towel. I have a full-height wool shawl that I borrowed from a friend about a decade ago. Iāve used it as a blanket, an extra layer in the mornings/evenings, as a makeshift towel, mosquito coverup at night, etc. If I was going to optimize space, Iād probably get a smaller one or a fancy ultralight towel, but this one has sentimental value now.
- I really like this versatile piece of headwear. I use it as a tuque in cold times or cover it in water and use it as a semi-turban in summer-time. On planes it substitutes as a eye mask and on motorcycles it is a nice face covering.
- Get one of them foldable daypacks. If an airline forces you to check in your bag for whatever reason, you can grab your laptop / electronics / etc.
- Also, I hate multi-country adapters. They are bulky. They are heavy. And they are mostly useless.
- Phone
- When staying long-term, get a local sim. However, e-sims are awesome if you have a dual-sim phone. I use Roamless. Also, for the first time in my life, Iām also going to share a referral code https://roamless.onelink.me/OOq0/bc3oo1go
- I now use https://jmp.chat/ as it works on all my devices. This is what Google Fi and previously Google Voice used to do. If anyone wants to try jmp.chat, I have a bunch of invite codes that give a free month.
- Carry a battery pack with you. I prefer this one that doubles as a charger.
- General safety
- Have some emergency cash with you. I know the world is fully digital, etc., but you never know when youāll need it.
- Have emergency cards and ID completely separate from your everyday wallet.
- Keep digital copies of your ID.
- Front-pockets only for wallets and phones. Phones in certain places are targets if youāre carrying them around and not paying attention.
- Also, there are so many different types of scams if you look like a tourist. A friend of mine just got scammed in NYC by a guy who gave him a āgold necklaceā for money because he needed gas.
- Health
- I carry a mini-medkit with me now with antibiotics, diahrea medication, allergy meds, painkillers, etc. Fits in an altoid container.
- Have a workout routine that you can do while traveling. Otherwise, when you come back after a long time, it will suck. I usually have to lose 10+ pounds after traveling. Iāve recently started doing burpees while travelling https://busydadtraining.com/ .
- Sleep is important. Melatonin and earplugs are your friends.
Probably should make a blog post or something, Iām sure thereās tons of stuff Iām forgetting.
re: VPNs. I can recommend setting up your own private VPN server with Outline (created by Google I believe). You create an account with some VPS provider. eg. Digital Ocean. Download Outline Manager. Link to your VPS account. Then it is essentially a one click process where it will create a VPS and install VPN software on it for you.
The benefit with this is you get your own IP address that isnāt ātaintedā. A lot of other VPN IP addresses are blacklisted (eg. Proton) and you will frequently need to disable your VPN to use some websites.
You do have a fixed IP address with this approach. So you are trackable to an extent. So I normally delete and recreate my VPS every now and then to get a new IP address.
Remembering this happened all the way back ~1998ā¦ laptops of this generation still used PCMCIA cards including for networkingā¦ and WiFi was just first emerging so wasnāt really a thing in most corporate networks. I was still plugged into the store network via a PCMCIA network adapterā¦ we assume the thief was trying to be quick and in the process just yanked the network card out rather than figure out any of the release mechanisms.
In my case i do work with a lot of travel (close to home but still in the are of 300 km around my current city). I donāt like to have my development kit installed on my local machine and since not required i keep it as clean as possible. However i do have a clone with all production requirements on a remote vps. This way i keep the same OS and settings the same as the production host. Remotely connecting to it via VPN so that is the only exposure on my machine (should anyone actually is able to take over it). So i keep it in the cloud. This way i can access it from anywhere and it will be the same environment as stage and production. And since i like vscode the only bit is that i have to eventually install it on the dev machine so i can use a tablet if i have to code but havenāt got to that requirement so far.
Iāve heard the outskirts are really nice and a nice balance for many, especially those who still want to go into the city every now and again.
Were you affected by the recent earthquake at all? Hope youāre ok!
Ah nice! You and @sbuttgereit could start a podcast about it 
Sorry! 
Awesome, thank you so much for sharing! Itās really handy having it all in one post!!
You really should! I am sure lots of people would be interested in hearing all about your adventures and any tips youāve picked up along the way. You could probably get away with using something like Hugo on a free hosting tier, though I think there are some inexpensive cloud hosts that include a domain name as part of the costs should you want to use something like Wordpress (which is actually pretty good now).
Great thing about a blog is you can use it to post guides you use frequently yourself or for when not at your computer (or in the process of changing/upgrading computers) - two such posts I use fairly frequently are:
- Clean macOS install ā the easy way ā (via @AstonJ)
- How to set-up a Ruby and Elixir dev environment on macOS ā (via @AstonJ)
Nice! Thanks for sharing - I hadnāt heard of Outline.
Sounds a bit like what @jdumont was doing with his iPad - using a thin client with a remote environment?
Not really the same. I am using vscode over ssh connecting to a remote VM which has all the production packages and config. So more of DevOps perspective rather a dev point of view. So when i have to run the code is not a container but the real VM which i will use in stage and production. I donāt like to have containers and stuff that will do half the job and afterwards i will have to do loads of config post-deployment. All that said i have all work in the ācloudā directly and can connect to it from anywhere (after just few configs on the client ofcourse).
Hell yeah! Havenāt had a home in 5 years. Spent most of that time climbing, paragliding (if anyone is into the same super keen to chat), and living in South and Central America and a bit in Europe. Have met so many amazing people, wouldnāt trade it for anything.
Security practices, nothing out of the ordinary, but some parts of the world you have to assume your stuff might get stolen at any moment. Secure backups of important data and also hardware authenticators and OTP codes in case the crap hits the fan. Also have a shitload of payment cards and only carry 1 or 2 on you.
Also on the visas, Iāve never even bothered with them. Most places Iāve been itās possible to stay for 6 months per year with no questions asked. Depends on where you plan to go though.
This reminds me of a place where neither VISA nor MASTERCARD was accepted. So I would advise at least 1 VISA and 1 MASTERCARD, plus a fair amount of cash divided into several pockets to limit the risk of losing everything.
Did anyone try to create bank accounts in the country they were visiting? I assume they need some paperwork proving your are a resident and not a tourist, but maybe Iām wrong.?
Yeah thatās a good tip about spreading them out across different networks and card issuers.
Iāve had times where the only cards I had were from issuers that wouldnāt send cards internationally. Here I am, conducting a scavenger hunt for fee-free ATMs every few days to get cash, hoping that the 1 card I have left wonāt stop working.
Had to buy a replacement laptop in Argentina with a literal suitcase full of cash at the height of the inflation crisis. It was like walking into a car dealership to pay with $1 bills.
I have very bad connection at home with huge packet loss, so itās not an option to run my own. But even with a good connection I wouldnāt want to deal with the setup. Youād need a relay server too, unless you pay for a static IP.
The big reason for me to never rely on a home server/storage setup is that you canāt protect it against fires, water damage, lightning, or structural failures*. You always need a cloud based solution where they specifically shard your data across AZs to protect against these. Your data isnāt safer at home, itās safer in the cloud. Now if some bad people really want it, they can always just get it xkcd: Security
So I gave up and accepted iCloud for password manager, photos and documents, and S3 for the rest.
If I were afraid of the state Iād don my tinfoilhat and do other things, but a $5 wrench is would be very persuasive.
*unless you donāt live in an apartment, and puts a server in your outhouse basement, and your chicken coop, and your friends house.
Why not both? Thatās what I do. I have scripts that backup my stuff to my home server and to several cloud providers (all in parallel) ā deduplicated, compressed and encrypted ā while checking the checksum of each file as it goes.
I mean, my flat canāt burn down at the same time as several cloud providers deleting my storage at the same hour.
Exactly. Also I wouldnāt be so sure the cloud is a fireproof solution (cf. https://www.datacenterdynamics.com/en/opinions/ovhclouds-data-center-fire-one-year-on-what-do-we-know/)
BTW you said earlier that you are using syncthing. Iāve been using it for many years but never bothered with encryption. I guess it should be possible to sync the same data between different nodes, having some encrypted and some not, no? I have the need to add one node but encrypted now.
Oh, I only use syncthing in my LAN for now, and later will use it when I install an overlay network solution (most likely Tailscale with Headscale at this point, after evaluating for a while). And will rely on WireGuard (the underlying VPN-like network stack) for encryption.
I was referring to my backup solution encrypting stuff, even double-encryption: first I use borg for backup and tell it to encrypt its backup repository and secondly I tell rclone ā the CLI program I use to distribute data to cloud providers ā to also apply encryption. The result is a garbled mess for any attacker (hopefully).
So IMO just delegate encryption to your transport layer i.e. WireGuard in my future case.
Yeah, I would never use random cloud providers.
From AWS on their availability zones in general:
If an application is partitioned across AZs, companies are better isolated and protected from issues such as power outages, lightning strikes, tornadoes, earthquakes, and more. AZs are physically separated by a meaningful distance, many kilometers, from any other AZ, although all are within 100 km (60 miles) of each other.
and S3 specifically:
Amazon S3 provides the most durable storage in the cloud. Based on its unique architecture, S3 is designed to exceed 99.999999999% (11 nines) data durability. Additionally, S3 stores data redundantly across a minimum of 3 Availability Zones by default, providing built-in resilience against widespread disaster. Customers can store data in a single AZ to minimize storage cost or latency, in multiple AZs for resilience against the permanent loss of an entire data center, or in multiple AWS Regions to meet geographic resilience requirements.
11 nines. That means that even with one billion objects, you would likely go a hundred years without losing a single one!
Iām not gonna improve on that with an SSD in my closet.
A very expensive and unpractical solution. What would be the benefit of this VS a mini pc running on linux, does apple offer some kind of special protocol between their devices?
Why do you feel it is very expensive and unpractical?
Isnāt the whole point of getting a mini tower the fact that you donāt have dangling devices all around? Also if you care at all about your data, it might be a smart idea to have your data replicated to a second drive, so 1 more usb ssd? I also suppose that will not be straightforward as I think that macos wonāt offer an inbuilt option for replication.
IMO if you are using your notebook as the main driver, then getting a NAS for storing your data is a much better and most probably much cheaper solution, you can install there proper high capacity server-grade HDDs/SSDs, it offers replication options out of the box and connecting your devices to it should be trivial even if your home internet provider doesnāt allow inbound connections with something like cloudflare tunnels.
