My Nuclear Triad

I started writing about my git workflow and it turned into a general description of my digital work habits, so I thought I'd break this out into its own thing.

I tend to use a trio of systems for most of my work: A laptop, a desktop system, and a virtual private server instance. This is just the personal machines I tend to interact with regularly, there are usually other systems mixed up in there, but these three together cover most of the uses and considerations. Each brings unique strengths and weaknesses to my work, so I'll discuss them here in turn.

Desktop

The desktop system, when I'm at that location, is the easiest to just sit down to begin or resume working. It has a decent, stable, predictable, always-on network connection. It runs, or can run, the full range of tools, not just command-line or console tools but resource intensive things like multi-tab browsers or long-running IO-intensive or computationally intensive jobs. I mean, it's not a high-end compute cluster, but it does OK. The display is decent and reasonably well-placed, as are the keyboard and pointing device.

But, the network connection is fairly asymmetric--downloads to it are far faster and easier than uploads from it, and many of its features, like the ability to work with removable media, to use the ergonomic keyboard and mouse, and the big screen, are only available when I'm sitting at it. What I can do with it over the network is limited by the network security measures I put in place to prevent incursions and by the limits of my patience and willingness to turn it into a networked "server" and then to dedicate time and attention and anxiety to stay on top of those risks.

VPS

The VPS, like the desktop, has a predictably good network connection. It's the best of the three, that way, in fact, that's its signature role, to be the remote network-accessible system. It runs network services of various kinds and is the easiest to get to from either of the other two. What it doesn't have is resources. It has the least processing power, RAM, and storage of the three. It has no provision for supporting graphical interfaces beyond full-screen charaacter-addressed interfaces like those driven through use of an ncurses library.

I refuse to install X client software whenever avoidable (and I'm pretty capable of avoiding it) because of the disk space they take up, the greatly added complexity and attack surface they represent, and because I have other ways of working with this computer, and other computers to use for working through those kinds of interfaces. It's just not a good fit. And, the combination of limited resources and high exposure to networking means there is a lot of data that I just do not want to have on it. It's a flinty avoidance of transfer and storage costs (both monetarily and in terms of time) but also my unwillingness to trust the remote end to do the right thing in terms of privacy and constancy of service.

The trendy quick-buck mindset of cloud providers has shown amply that to embrace them is to embrace a never-ending series of web interface changes, API changes, and changes in what "everybody is doing it that way now" means. I've got a life to live and I don't give a a damn about what you're strutting on the Cat 5 walk in this season's round of single-company promotion and product announcement events disguised as industry trade shows.

Ahem.

Laptop

The laptop's obvious benefit is portability. Like the desktop, and in constrast to the VPS, it has pretty workable specifications in terms of display hardware, RAM, and storage. The ergonomics aren't quite as nice when viewed alone, but given that the laptop encourages moving around between tasks ("oh, why don't I go over to the library, the other office, the hackerspace, the coffee shop, that lunch place to work on the next thing?") it turns out to be less of a problem. Between very occasionally cell tethering and the usually available home, work, or coffeeshop/library wifi, outbound connectivity is OK.

But of the three systems, the laptop's connectivity is (relatively speaking) horrible. When suspended, it is all but inaccessible (wake-on-lan could in principle work, but waking it when it's still sitting in its carrying bag would be a disaster). This limited network exposure means that it also probably has the lowest ongoing exposure to network based threats, which encryption, backups, and security updates can help mitigate, as they do the threat also of physical loss or theft.

(So, the "nuclear triad" was the basis of US nuclear deterrence: Nuclear weapons could be delivered by three methods: Land-based intercontintental ballistic missiles (ICBMs), submarine-launched ballistic missiles (SBMs), and crewed bomber aircraft. First-strikes were deterred because any retaliatory strike would deliver Mutually Assured Destruction (MAD), assured in part by the implausibility of wiping out all three legs of the nuclear triad in a first strike. While I mean to invoke some sense of survivability, compared to this concept, my use of the term is gratuitously trivial.)

Pages