Clever Third-Party Software

This is a curated collection of third-party software that embodies the principles of skeptical engineering: boring, reliable, and clever in execution rather than marketing.

Criteria

Software listed here must:

  • Solve a real problem without creating new ones
  • Prioritize stability over novelty
  • Respect user autonomy and data ownership
  • Work reliably across updates and platforms

The List

Networking & Infrastructure

tinc VPN Mesh VPN that automatically discovers routes and maintains connections even when peers change addresses. No central server, no configuration hell. Works through NAT. Has been boring and reliable since 1998.

WireGuard Modern VPN protocol with minimal attack surface. 4,000 lines of code vs OpenVPN's 100,000+. Fast, secure, auditable. Merged into the Linux kernel. Boring in the best way.

Arti Tor implementation in Rust by the Tor Project. Memory-safe, embeddable, designed to replace the C implementation. Brings modern language safety to anonymous networking without changing the protocol.

Mosh (Mobile Shell) SSH replacement designed for intermittent connectivity. Survives network changes, roaming, suspend/resume. UDP-based with local echo for instant feedback on high-latency connections. No dropped sessions when your IP changes.

Documentation & Writing

Pandoc Universal document converter. Markdown to PDF, LaTeX to docx, HTML to epub—handles 40+ formats. Command-line tool that does one thing exceptionally well. The standard for programmatic document generation.

Zim Wiki Desktop wiki for personal knowledge management. Plain text storage in a folder hierarchy. No database, no lock-in. Fast, local-first, version-controllable with git.

Asciinema Terminal session recorder that saves output as text, not video. Searchable, copy-pasteable, tiny file size. Self-hostable. The right tool for documenting command-line workflows.

Graphics & Design

Inkscape Vector graphics editor. Stable SVG format, no subscription, no cloud. Professional features without the lock-in. Works the same on Linux, macOS, Windows.

File Transfer

Magic Wormhole Secure file transfer with human-readable codes. No accounts, no servers to trust with your data. End-to-end encrypted. Type the code, send the file. That's it.

Programming Languages & Tools

Vim Text editor that's been stable for 30 years. Modal editing that rewards investment. Works over SSH, in terminals, everywhere. Your configuration follows you. No telemetry, no forced updates.

Racket Language-oriented programming language. Build your own DSLs with proper tooling. Excellent documentation, thoughtful design. Makes hard things possible without making easy things hard.

Hy Lisp that compiles to Python AST. Full Python interop with Lisp's macro power. Write cleaner code for data pipelines and DSLs. No runtime penalty.

Textual TUI (Text User Interface) framework for Python. Build sophisticated terminal applications with layouts, widgets, and reactive programming. Rich terminal output without leaving the command line. Makes complex CLIs maintainable.

Security & Trust

Monkeysphere Uses OpenPGP web of trust for SSH authentication. Decentralized identity verification. Clever use of existing infrastructure. Solves the "trust on first use" problem without central authorities.

Age Modern file encryption tool designed to replace GPG for simple use cases. Small, auditable codebase. Does one thing well without the complexity creep.

Restic Backup program with deduplication and encryption. Works with local storage or cloud backends. Verifiable backups you can actually trust. Fast, efficient, reliable.

Database & Storage

SQLite Serverless, self-contained database engine. Single file, zero configuration. Most deployed database in the world. Works on phones, browsers, embedded systems, everywhere.

Datasette Instant web interface for SQLite databases. Publish data as an API or explorable website. JSON export, full-text search, extensible with plugins. Turn a database file into a data publication tool.

System Administration

tmux Terminal multiplexer with persistent sessions. Survives disconnects, organizes workflows. Simple, stable, indispensable for remote work. Been doing the same job well since 2007.

Ansible Configuration management over SSH. Agentless—no special infrastructure required. YAML-based playbooks that are readable and version-controllable. Orchestration without the complexity tax.

Data Processing

jq Command-line JSON processor. Query, transform, filter structured data with a terse but powerful language. The sed/awk for the JSON era. Composable, scriptable, essential.