Skip Navigation

better tools thread

this is in part because it's for (yet another) post I'm working on, but I figured I'd pop some things here and see if others have contributions too. the post will be completed (and include examples, usecases, etc), but, yeah.

I've always taken a fairly strong interest in the tooling I use, for QoL and dtrt reasons usually (but also sometimes tool capability). conversely, I also have things I absolutely loathe using

  1. wireguard. a far better vpn software and protocol than most others (and I have slung tunnels with many a vpn protocol). been using this a few years already, even before the ios app beta came around. good shit, take a look if you haven't before
  2. smallstep cli. it's one of two pieces of Go software I actually like. smallstep is trying to build its own ecosystem of CA tools and solutions (and that's usable in its own right, albeit by default focused to containershit), but the cli is great for what you typically want with certificate handling. compare step certificate inspect file and step certificate inspect --insecure https://totallyreal.froztbyte.net/ to the bullshit you need with openssl. check it out
  3. restic. the other of the two Go-softwares I like. I posted about it here previously
  4. rust cli things! oh damn there's so many, I'm going to put them on their own list below
  5. zsh, extremely lazily configured, with my own little module and scoping system and no oh-my-zsh. fish has been a thing I've seen people be happy about but I'm just an extremely lazy computerer so zsh it stays. zsh's complexity is extremely nonzero and it definitely has sharp edges, but it does work well. sunk cost, I guess. bonus round: race your zsh, check your times:
% hyperfine -m 50 'zsh -i -c echo'
Benchmark 1: zsh -i -c echo
  Time (mean ± σ):      69.1 ms ±   2.8 ms    [User: 35.1 ms, System: 28.6 ms]
  Range (min … max):    67.0 ms …  86.2 ms    50 runs
  1. magic-wormhole. this is a really, really neat little bit of software for just fucking sending files to someone. wormhole send filename one side, wormhole receive the-code-it-gives the other side, bam! it uses SPAKE2 (disclaimer: I did help review that post, it's still good) for session-tied keying, and it's just generally good software
  2. [macos specifically] alfred. I gotta say, I barely use this to its full potential, and even so it is a great bit of assistive stuff. more capable than spotlight, has a variety of extensibility, and generally snappy as hell.
  3. [macos specifically] choosy. I use this to control link-routing and link-opening on my workstation to a fairly wide degree (because a lot of other software irks me, and does the wrong thing by default). this will be a fuller post on its own, too
  4. [macos specifically] little snitch. application-level per-connection highly granular-capable firewalling. with profiles. their site does a decent explanation of it. the first few days of setup tends to be Quite Involved with how many rules you need to add (and you'll probably be surprised at just how many things try to make various kinds of metrics etc connections), but well worth it. one of the ways to make modern software less intolerable. (honorary extra mention: obdev makes a number of handy pieces of mac software, check their site out)
  5. [macos specifically] soundsource. highly capable per-application per-sink audio control software. with the ability to pop in VSTs and AUs at multiple points. extremely helpful for a lot of things (such as perma-muting discord, which never shuts up, even in system dnd mode)

rust tools:

  1. b3sum. file checksum thing, but using blake3. fast!. worth checking out. probably still niche, might catch on eventually
  2. hyperfine. does what it says on the tin. see example use above.
  3. dust. like du, but better, and way faster. oh dear god it is so much faster. I deal with a lot of pets, and this thing is one of the invaluables in dealing with those.
  4. ripgrep. the one on this list that people are most likely to know. grep, but better, and faster.
  5. fd. again, find but better and faster.
  6. tokei. sloccount but not shit. handy for if you quickly want to assess a codebase/repo.
  7. bottom. down the evolutionary chain from top and htop, has more feature modes and a number of neat interactive view functions/helpers

honorary mentions (things I know of but don't use that much):

  1. mrh. not doing as much consulting as I used to, using it less. quickly checks all git(?) repos in a path for uncommitted changes
  2. fzf. still haven't really gotten to integrating it into my usage
  3. just. need to get to using it more.
  4. jql. I ... tend to avoid jq? my "this should be in a program. with safety rails." reflex often kicks in when I see jq things. haven't really explored this
  5. rtx. their tagline is "a better asdf". I like the idea of it because asdf is a miserable little pile of shell scripts and fuck that, but I still haven't really gotten to using it in anger myself. I have my own wrapper methods for keeping pyenv/nvm/etc out of my shell unless needed
  6. pomsky. previously rulex. regex creation tool and language. been using it a little bit. not enough to comment in detail yet
28

You're viewing a single thread.

28 comments
  • These recommendations are lovely and I will try most or at least some of them, at least the ones relevant to my use cases.

    I adore wireguard and I use it for couple of personal and small org things. I would hate to set it up for a double-digit number of people. OpenVPN and IPsec are a pain in the ass and not just once, but in some use cases I would absolutely prefer them to wireguard.

    Zsh is my main shell and I love it. Sometimes it breaks in bizarre ways through odd interactions between plugins. Sometimes I just spawn a different terminal with a more primitive shell because zsh's tab completion shits itself attempting to list a dirtily dropped remote filesystem.

    I don't particularly like language-specific package managers. It's not too bad to install rust packages through cargo instead of apt when I'm writing rust, but if I just want to put a thing on a Debian box, why do I have to give a shit if it's implementes in C, Python, Rust, JS or Fortran? Fully a case of sysadmin brain over programmer one.

    I risk playing the heel because I believe these tools, lovely as they are, have weaknesses that can sometimes be addressed and sometimes constitute inherent tradeoffs that need to be considered. This is not synonymous with discounting them or considering them inferior to other, possibly older solutions.

    For a more positive contribution I will second ag as a grep/ripgrep alternative, though I will refrain from comparing it to rg itself.

    And for a more old school recommendation, awk has been invaluable in my career and I would heartily recommend any unixist to learn it a little further than { print $n }.'

    • re vpns: yeah ipsec is just human-hazardous. even few technical people get it correct. never mind the mistakes with cipher choices and inter-vendor/-kit fuckups. something that might be worth you knowing about: pritunl has wireguard support, and they generally make an okay product for wrapping ovpn et al. wireguard distribution also improved a lot in recent years, in the form of being able to load tunnel configs from files (and even QR codes, in mobile apps). if you've only learned your wg from the early "edit a config" or "wg-quick" era, might be worth a review

      re zsh completion: do you mean completion on e.g. filenames in something like a directory that was linked over sshfs/nfs/etc? admittedly I don't use remote filesystems much in my workflow (in part because I think it's fundamentally broken, likely to lead to such issues, and thus avoid it in my control loop), so I'm unlikely to hit that pain point in a lot of cases

      lang-specific managers: yeah, I know where you're coming from. I'm on both sides of that fence. languages are generally at most equipped to progress their own tooling as fast as they can manage (and even then not so fast, e.g. npm still being dogshit at dependency solving, instead of just learning from the other kids), so I do understand the why of lesser integration. but it irks my inner sysadmin/automationist just as much as you, because holy shit are some of those things badly thought through. the amount of implicit "oh I'm just gonna drop 19 envvars everywhere, and some undocumented magic files" involved in a lot of these things is... 🤬. I would like if languages would work with distro tooling teams, to see how they can end up making some of that smoother. python (and them interfacing with the debian lang teams) is notorious here. ah well. at least rust and clojure don't suck that much

      (aside: still getting to know the nix thing. being on an m1 makes it a bit spicy)

      ag: get that metal out of your blood, it's bad for you~ :D but yeah, I will say that ag was what I used for a few years before I found out about ripgrep

      awk: the sheer amount of heavy lifting I do with cut, tr, awk, etc over the years has definitely amounted to sizable amounts of compute hours saved. solid recommendation

28 comments