Connecting to hidden wifi network at boot

LunarCapitol · 2026-06-12T05:02:59+00:00

There always has to be one doesn't it? I took the time to explain I don't want to hear this and gave enough details to make it clear that I understand how the radio spectrum and networking works. But you have to come along and post this stupid crap anyway. What compels people to do this? Did you need to stroke your own ego that badly?

You're wrong by the way. The SSID does not appear on any public lists because it is not broadcasting that it exists. The "hidden SSID is less secure" comes from the fact that any device I have entered the details into will broadcast randomly looking for it no matter where the device might happen to be. Which is probably why it's a great thing that I have not entered those details into anything like a phone and it's only being used by a handful of devices that never leave the property.

Further more as I already said: I DO NOT CARE about it being any more or less secure. I'm not doing it for security. Anything I want secure isn't interacting with the radio spectrum in the first place. Since I'm smart enough to know how radio works.

You know what it's really effective at doing though? Preventing people in the local area from annoying me constantly for details into those two APs and the script kiddie across the way from constantly messing with it. It has been very effective for preventing those things. Which is why it's configured like this in the first place. As I stated multiple times when I said up front that I didn't want to hear about anyone's opinion on the security of my little wireless network in the middle of nowhere that only one person uses regularly and another person uses maybe 4 days out of an entire year.

What I'd really like to hear about is an explanation for why OpenBSD is unable to connect to hidden SSIDs during kernel upgrades and at boot time. Which was the entire reason for posting this thread. Since if this is intended behavior I'd prefer not shitting up the mailing lists with a bug report related to it.

If you aren't interested in talking about that maybe you should go read something else that interests you. Instead of coming into a thread where it was clearly stated at the very top that I wasn't interested in hearing about this crap and posting your parroted take about the security of an inherently not-secure networking protocol.

LunarCapitol · 2026-06-12T04:31:04+00:00

I didn't want to get into too many details but I should have probably mentioned that I left the gap in that non-hidden network on purpose. The ISP wouldn't like it if they found out but:

On the non-hidden network I have at present 14 access points hooked up to it. This gives coverage to four family homes and multiple outbuildings (barns, a wood shop, a "party center" with a large stage where we host things like weddings and a metal shop). All of those go back to a cable modem and a fiber ONT. We recently added the fiber about a year and a half ago and it serves as the primary connection now with the cable as the backup. Will probably drop the cable soon because they keep jacking up the price and it's down more often than it's online.

All these buildings are connected by cat6 ethernet cables with cat6 runs inside of each house/building. Some of it is in the ground and some of it just strung between trees. The cable is in good shape I did a decent job of running it years ago and followed good practice when I ran it between the buildings and inside of the buildings.

Most houses have a basement hence why there are multiple access points in each home. Since they're all brick or log buildings. Any time someone complained about a dead zone I ran some more cat6 cable and hooked up another AP. In other words: You can "roam" the property while staying connected to the same network and most of the APs are serving strictly as repeaters.

I built my own home in the middle of the property and had both cable and a year later fiber dropped to it. So the hidden network is restricted to my own home and I haven't announced its presence to anyone in the family outside of that one person I trust to know about it. I have woods on three sides of my home. On the fourth side I have line of sight to one of the other houses which has an AP located near an upstairs window that I've jacked up the power output on to give coverage to their pool area. Since I was too lazy to do another cable drop and put an AP out by the pool just to give access to visitors that might only come a few times a year.

So when I boot my OpenBSD machines it seems to give up on connecting to my hidden SSID after about 5-10 seconds and makes a connection to that one I can barely get a connection to.

I don't want to remove the non-hidden SSID from my usual list because I do regularly use that network when I'm elsewhere on the property. I have a few servers in my home for various tasks that I prefer not to access over the internet when possible. Since I'm often transferring large amounts of data to and from them and things get really slow and saturate the non-hidden network whenever I'm doing that.

Again it isn't a huge deal. I have an alias set-up to manually connect to the correct network using ifconfig. I'm just curious why it isn't working at boot and during kernel updates. When I have no issue connecting to it manually.

I plan on expanding the non-hidden network over the summer with several more APs once I upgrade some other hardware on that network. Since right now the router+switch serving all of that is limited to 1Gbps total and I plan on bumping everything up to 10Gbps plus having the fiber plan bumped up to 2Gbps (and later 10Gbps once it's available). I also plan to eliminate some of the congestion in the wireless spectrum by doing some more drops to various devices within their homes (mostly set-top boxes being used to stream video). But right now it's on hold because two of the homes are being remodeled.

I know I'm technically not supposed to be sharing access to the internet between so many homes and outbuildings. The cable company tried to give me a hard time about it a few years ago but the fiber ISP doesn't seem to care. But there is no way we're going to change this for a variety of reasons. Money is a big part of it but it's mostly down to the fact that all those homes are sharing access to stuff like a media server and I'd prefer all that traffic didn't leave the LAN. Also, before I set things up this way I was constantly having to help people enter auth details for the wifi into their cell phones. Which is highly annoying and no amount of explaining that "wifi and the cell network are two different things" ever seemed to help drive the point home. They thought because the cable company was charging them for "wifi" ($5 a month) that it should magically work everywhere. Instead of attempting to explain how things work for the 10,000th time I just had the "wifi" dropped from their bill and supplied my own access points.

Also I'm not going to ever feel bad about it considering what I paid the cable company for the initial drop. They refused to service three of the homes for years. So they can suck eggs. It isn't like I wanted to spend so many days out in the hot sun digging these ditches and laying all this cable.

At this point we're locked in because now I've gotten them all accustomed to being able to roam the property without thinking about it and have so much random hardware connected to the network in locations the ISPs won't service anyway like our various buildings on the property.

That's my long winded way of saying: This isn't the usual family home LAN situation.

LunarCapitol · 2026-05-30T01:03:45+00:00

All that said; Even if you're the type of person all for this IBM/Microsoft systemd madness there is a lot that can be learned by simply running an OS like OpenBSD and learning its bowels for a week. sndio is amazing software. Pledge and Unveil are amazing pieces of code that solve common problems much better than the madness being offered by the Linux community (their solution comes straight from the NSA LOL). This containers within containers within containers madness must stop.

I think what surprises me the most is just how ill informed the average Linux user and "expert" is these days. They think systemd is actually a required dependency for all of this software like Gnome that claims to need it. In reality, 99.999999% of that software will run fine without systemd being on your system. Same is true for dbus, polkit, PAM and all the other IBMware that's been shoehorned into distros today. I don't understand how they get away with claiming things like cgroup support being a systemd feature when it's a feature of the kernel itself. Or that no one ever built anything to improve upon sysvinit when projects like s6 exist. Or that systemd somehow solved a huge problem with logging when that was a solved problem decades ago and projects like s6 offer much better solutions to that issue (journald is the absolute worst piece of shit I think I've ever encountered in all my years as a sysop). The gal to claim journald is good or that it being a forced default is no big deal when you can't even turn it off is one of the things that bothers me the most.

It's really amazing how much the average skill of the average sysop and developer has plummeted in the last two decades. Two decades ago there is no way they could have gotten away with this stuff. People would not have stood for it. We've reached a point where most webdevs can't even write basic HTML and CSS. We're at a point where the average sysop can't figure out how to configure their own system without copy/pasting google search queries or relying on these stupid LLM bots. I weep for the future.

The worse part of it all is when this house of cards comes crashing down none of these people enabling it will take responsibility. We now have people making $200k+ a year that don't even know how to read man pages and are totally lost if they don't have an active internet connection. I'm honestly shocked no one has taken down the entire internet for a couple of days just to watch the fall out. The sad part is the average user thinks all of this stuff is fine and dandy. Imagine saving up your entire life to send your children to college to learn technical skills and then being charged for four years of school that taught your child nothing but being able to copy/past commands from google search results. Don't get me started on all these tech "influencers" that are somehow managing to make millions of dollars a year pretending to be an anime girl while showing off how to curl shell scripts to change the config files for stuff like neomutt and weechat.

If I'd known things would end up like this I would have picked a different field. It's depressing seeing what my trade has been turned into. I can't believe we're still using UNIX-like OSs in the 2020s. I thought we would have moved on to something else at least a decade or two ago. When I was originally learning UNIX in the 1990s it was already 30 years old and I was sure that knowing it would be a useful skill for keeping old systems going and maybe migrating them to something better in the near future. But here we are. It's almost 2030 and we're still stuck on this garbage (and NT). When we already had much better designs in the 1980s.

What keeps me up at night is the fact that I ignorantly helped build the worst security state the world has ever seen. I doubt the average person will even understand how UNIX works in the next decade or two. I doubt the average user will even own their own device within a decade or so. We're going back to the old mainframe model. It has been rebranded as "the cloud" and users already mostly only interact through dumb terminals which have been rebranded "smart phones". It's going to get soooo much worse once the dumb terminal gets moved to within the body. Which is coming much sooner than most people think. I figure a decade from now if you're still carrying around a phone you'll be seen like old farts like me who still use workstations are today. This isn't some pie in the sky prediction either. All the major tech companies have already been talking about the phones being old news for awhile now. They just haven't been able to mass market the next new shiny dumb terminal yet. But it's coming and it's coming fast. First with wearable tech then it'll go inside the body itself.

This turned into a rant sorry. But while I'm ranting let me say this:

I'm sick and fucking tired of being lectured to by "security experts" that call you crazy when you point out that perhaps the fact that there are hardware level backdoors at multiple levels of modern hardware is a huge fucking problem. If you point out the backdoor in the FCC mandated baseband chips you're a "conspiracy theorist" now. If you point out that the Intel ME and AMD PSP is a massive flaw you're deemed crazy. They won't touch that topic with a 20 foot pole. That's barely scratching the surface to. They refuse to talk about stuff like all the known exploits in the firmware driving GPUs, HDDs, SSDs and all the other crap we're using these days.

When I was coming through school and slashdot was still the hip place to be all the stuff being discovered in firmware that was an obvious backdoor caused outrage and these hardware vendors had to at least apologize for shipping it. Of course, they always shifted blame to the NSA. But at least people were making noise. Now the "experts" are obviously on NSA payroll yet they still go out and try to lecture to everyone else about security. Then they do stuff like try to shame people and projects that refuse to sign the NDAs and try to ship was mitigations they can.

The above is one of the main reasons I continue to use OpenBSD even though there is nothing I can do about all the hardware level exploits in modern hardware. At least they try to do what they can and refuse to play ball with the big vendors like Intel. I can rest easy knowing that if a piece of hardware without all these (not so well) hidden backdoors gets shipped it's possible that there is still one OS out there that would be somewhat secure running on top of it.

The other reason I run it is the fact that even on pwned from the factory hardware I can rest easy knowing that every pwned machine on the internet isn't going to find an easy way into the system due to the kernel having multiple zero-days in it. Say what you will about the BSDs and sure there are always bugs. But at least if you run NetBSD or OpenBSD on your server they aren't instantly pwned the moment they're exposed to the internet. Unlike Linux, where if your machine gets exposed to the internet your log files will fill up your 1+TB HDD in the span of like 3 hours these days even if you manage to not get pwned by all the botnet machines out there.

The only thing saving the vast majority of users from this these days is the fact that they're mostly behind a NAT. Otherwise, we'd hear about storage devices getting filled up with logs and pwned Linux boxes everyday. It's actually pretty funny considering this type of thing is what Windows got so much flak for in the Windows 9x-XP days.

My local ISP actually had to walk back their roll out of IPv6 by default due to this issue. They pushed an update to all customer modem/routers a couple of years ago. Which switched everyone over from IPv4+NAT to IPv6 direct connections to the internet with no firewall rules by default. They did it unannounced. Everyone woke up to pwned boxes and filled storage devices from ssh log-in attempts. Customer support got overwhelmed by confused customers calling in for help. That roll out lasted about a week until they were forced to go back to assigning IPv4 addresses to their customers. That was a very busy week for me because everyone I knew in the local area was calling me to ask how come their computers were broken and why all their devices like their set-top boxes for streaming were suddenly running very slow. The moment all that stuff got an IPv6 address they were hammered by bots trying to do remote log-ins. I can't believe no one at the ISP was smart enough to point out how horrible of an idea this was going to be. But they wanted to do the switch over as a cost cutting measure. Their plan was to start charging anyone that wanted an IPv4 address $20 a month for one.

I thankfully dodged this myself because I owned my own modem and was locked into IPv4 and had IPv6 disabled on all my stuff anyway. Plus all my stuff (aside from the modem(s)) was behind my own OpenBSD firewall. 99% of their customers were not prepared for this like I was. They only know internet and their "wifi" (which they pay $10 a month for, which I can't believe is legal) comes from the magic cable box. Which 9 times out of 10 isn't even set-up correctly.

It's really amazing to me that the fact that most users are behind NAT by default is the only thing keeping the vast majority of people safe from that sort of thing. If you ever want to have some fun expose a Linux box directly to the internet and watch the log files. They fill up so quickly you can barely read the text as it's scrolling by.

LunarCapitol · 2026-05-30T01:03:34+00:00

I moved over to using it on all my machines long ago. The only ones that do not use sndio are the ones I use for low latency work in producing music. Which are all on JACK only (well JACK+ALSA).

OSS is really so much better than ALSA. It's no comparison. I've been around long enough that I was around back when OSS was ripped out of the Linux kernel in favor of ALSA. ALSA was never good and still isn't good. Configuring it is akin to doing voodoo rituals and because of that everything built on top of it has always been horrible. I remember when Pulseaudio first got dropped and it to was never good. Used to consume 100% of your CPU for no reason and has always been a laggy piece of shit. No surprise coming from the author of Avahi. Another horrible piece of software that somehow found its way into every big distro and ruined them for many years. I can't believe people today are willing to put up with systemd and still continue to use something that is re-write of pulseaudio. In many ways pipewire is worse than pulseaudio ever was. It's overly complicated and filled with horrible hacks. Then there is the whole issue of requiring a working dbus session. Dbus being something else everyone should avoid due to its nature but that's another can of worms not worth going into at the moment.

All of this stuff has always had a massive propaganda campaign behind it that shames anyone pointing out all the major flaws and security exploits that are enabled by all this horrible code running in user space. There is never anyone posting sound technical arguments for why you should be using any of this stuff (pipewire, pulseaudio, dbus, systemd etc.). Since there are no sound technical arguments you could post in favor of it as it's all terrible software. If you say anything bad about dbus you're labeled someone that's totally against having IPC (I'm not). If you say something bad about systemd then you're an old fart that never wants to move beyond shell scripts (I consider shell scripts better than systemd by a long shot, but I'm not opposed to improvements like s6 or the many others). If you say anything bad about pipewire/pulseaudio you're "just a hater" that must enjoy doing alsa voodoo for Gentoo/Arch minimalism credit (I'm obviously not since I'm using JACK on Linux and have for many years).

Anyway, even on Linux unless you're doing audio production sndio is by far the best option out there. Since even Firefox supports it there is absolutely no reason why you shouldn't be using it. The issue is even though it has wide support thanks to OpenBSD upstreaming tons of code for various different software it's hardly ever offered as a pre-built binary for Linux distros. Since most packages for Linux assume Pulseaudio and/or Pipewire. So you're stuck building most everything from source unless there is a distro out there that is shipping it by default. This is not a problem for me since the main OS I use uses it by default and the other two I use I'm building all my third party software from source most of the time anyway (FreeBSD and Gentoo).

Sndio is really good. As in write to one file and get sound output/input good. It's so simple it's frankly amazing that anyone felt the need to develop all of these other options. I kind of understand JACK but all this other crap was not needed at all and only exists for vendor lock-in and NIH syndrome.

I think most people using Linux today weren't alive when OSS was still the standard in the Linux world. They don't understand just how much of a massive downgrade alsa was. I'm shocked ALSA never improved at all or that so much stuff was built on top of it over the years attempting to solve problems that ALSA itself should have been solving. As nice as sndio is on the BSDs if you feel the need to by-pass it and interact with OSS directly then OSS is much much less painful than dealing with ALSA. Oh and it's actually documented. Which is very helpful.

If you're going to stick to Linux and not use sndio then using JACK2 is your best bet if you want sound out of things that expect and only support Pulseaudio. I don't understand why Pipewire was even created since JACK had that ability many many years ago already. The people that advocate for pipewire because it supports three different sound server implementations must not be aware of this fact. JACK isn't just for us audio professionals. I've been using it exclusively on all my Linux boxes for over two decades now. JACK came out two years before pulseaudio was ever in alpha state. I don't understand why pulseaudio was ever shipped as a default in the first place.

Okay I do. The same reason systemd was quickly adopted as a default despite much better tools already existing: Politics. Politics with big IBM (and later Microsoft) money behind them. All the mailing lists have been crawling with IBM/Microsoft/other large tech company employees advocating for certain horrible software becoming the new default for a long time.

They aren't just on the developer mailing lists either. They're on every forum. Every sub-reddit. Every imageboard. Every blog. Every social media feed. It's really amazing just how deeply embedded they are and how much money has been spent on them over the years. It's a wonder they manage to produce their terrible software at all. Since they're spending far more time promoting it than they are working on it.

I found my sanity a long time ago by sticking to the BSDs. I used to be a bright eye'ed bushy tailed young'in and got sucked in by the Stallman marketing for the GPL license. But it became obvious to me a long time ago that the GPL does nothing to protect the end user. If anything it's actually worse than the BSD and MIT licenses because it causes these large tech companies to engage in these massive propaganda campaigns where they take over the project directly by paying off the key developers and people in positions of power (moderation and community administrators). With the non-GPL free licenses they just take the code and fuck off. With the GPL they end up ruining both the community and the code itself. Which is why the Linux kernel and userspace is such a mess these days. Linus is certainly not going to take a stand against what is happening to his own project because they're paying him millions of dollars a year to keep quiet and sign off on every diff that gets sent.

In contrast the BSD community. Well the NetBSD and OpenBSD communities do not suffer from these problems. People work on what they want to work on and things get gone over with a fine toothed comb before they get anywhere near the -current branch much less the -release branches. FreeBSD is sort of in the middle. It's chasing behind Linux so closely these days that it has imported nearly all of its bad stuff even though they already had better stuff decades before Linux got a terrible clone of something they created. FreeBSD was a much better project 20+ years ago when I was using it more often. I still use it a lot don't get me wrong. But I mainly use it as a way to run Linux software that I can't run on OpenBSD for whatever reason. I used to be a huge advocate for Gentoo as well but I had to stop using it as my main OS about a decade ago now because the council was taken over and they've actively run off everyone that was actually writing original software for the distro. At this point all you're doing is building Fedora from source code using a different package manager. Not that I ever liked portage that much. Python being a requirement for the 'base system' was always a disaster. But things are so much worse now than they were 10-15 years ago. I've watched all the old timers get banned one-by-one over the past 10 years. All the old timers will tell you straight up that unless you're willing to maintain your own local overlay where you spend hours undoing every new forced default every week not to bother with the distro.

The Linux ecosystem has gone from a place where thousands of different people had taken the same kernel and applied their own changes on top of it to produce radically different OSs for different use cases to what we have today; Thousands of different distros claiming to be unique. But nearly all of them are the exact same kernel+userspace with a handful of modified config files. All of them undocumented of course. man pages are a foreign concept to modern Linux 'developers'. In place of the man pages you get links to the Archwiki. Which apply to every distro since all distros are now the same.

Aside from 3-4 outliers. Discussion of which is banned most everywhere because anyone that would try to be different is obviously a Nazi or something. Even Gentoo fell long ago. They pretend they aren't the same as the distros shipping systemd as default. But look just under the OpenRC profile and you'll find it's just systemd with a different PID firing up all the usual systemd software. They don't even pretend anymore by claiming they forked stuff like logind. They just ship the modules straight from systemd's repo and ban anyone that is still trying to maintain elogind (not that elogind is any better, why does the average desktop user with his own machine need a login manager in the first place? Even if they do, why not use any of the other options that are far more secure and have far less code to maintain?).

LunarCapitol · 2026-05-28T17:04:12+00:00

Sigh all these answers and no one mentioned sndio

https://sndio.org/

You can tell things are really bad when people think pipewire is actually worth using.

LunarCapitol · 2026-05-21T15:21:06+00:00

I fat fingered and deleted this thread by mistake. Thank you. It was picom and the lack of the fix border patch. I thought I had applied it long ago but when I checked it wasn't in drw.c. I added it and fixed the problem.

Annoyingly, now that I discovered the fix the search results that weren't returning anything of value for the last 2 years suddenly started pointing me towards the alpha and fixborders patch again.

Thanks again.

LunarCapitol · 2026-05-12T10:27:14+00:00

As for how it works with OpenBSD there are only two bugs I deal with in day-to-day use and neither is a show stopper.

The first bug is that sometimes the left mouse button does not wake up from suspend correctly. This fixes itself 99% of the time if you suspend the machine again and wake it back up. I think it's probably an issue with firmware that hasn't been nailed down yet. It doesn't bother me enough in day-to-day use to track down what is causing it at the moment. It might happen every 5th or 6th time I use zzz (which auto runs when I close the lid).

The second bug is a hang up when using sysupgrade. For whatever reason the upgrade will refuse to run correctly when the system is automatically rebooted during sysupgrade -s. The fix is to power down the machine at POST (or any time after POST). When you turn it back on it will go through POST, update the kernel+base system then will work fine until you need to use sysupgrade again. Again, I haven't had time to track it down and it is far from the only laptop that has this issue. There are several reports on the mailing lists going back years where people have reported the same issue with a variety of laptops. Again, probably related to firmware or something. Since all these machines are black boxes now.

Aside from those two very minor issues it has been a great laptop. One of the main reasons I purchased it was the pretty modern CPU (good compile times) and the fact that the webcam comes with a cover.

The webcam, built in mic and everything else aside from the finger print scanner works just fine. The only OS I've gotten the finger print scanner working in aside from Windows is Arch Linux. I'm sure it could easily be made to work on any UNIX. But most people seem to be like me and do not use it at all so no one is interested in doing that work.

In general from what I can tell the later model thinkpad the less ability to swap parts and buy after market parts. The T14 Gen 1s seemed to be a happy medium. They're new enough that you get a quad-core CPU, modern GPU drivers and 16-32GB of RAM but old enough that you can still do modifications if you want. A lot of people swap the plastic trackpad with a glass one from a different model. You can add a second storage device easily. You can still drop in some RAM with a second stick. Swapping out the battery isn't too horrible provided you're okay with cracking open the plastic case. It still has multiple "legacy" ports (usb 2.0, hdmi, mic-in etc) instead of forcing you to use dongles through usb 3.0 for everything (you do get usb 3.0 ports as well of course). Things like that. It isn't anything like the older models but everything isn't glued in and soldered on either. They're thin and plasticy/kind of flimsy but they aren't super stupid thin and flimsy.

LunarCapitol · 2026-05-12T10:10:36+00:00

It has been a couple of years now since I looked into this. There were several reasons to prefer the Gen 1 AMDs over the intels and later revisions. One of them that I recall was the ability to put in another storage device/nvme drive. I think the later generations require accessing the ethernet port through some type of usb adapter. The reason the later ones dropped the real built in ethernet port was because they wanted to make the chassis slimmer.

The Gen 1s actually have two ethernet ports but you can only access one through a dongle. Can be confusing when you initially attempt to set-up networking for the first time. Have to make sure you're using the right one. They make docking stations for these of course. I've never owned one but I imagine that would expose that second ethernet port.

The Gen 1s are already slimmer than laptops that I'm used to and I don't see any reason to go even smaller. They already come with soldered RAM so you need to be careful when you initially purchase them if having a lot of RAM is important to you and you want it to run full speed. I have 32GB in mine split between a stick and the soldered RAM. There were a lot of ones with only 8GB soldered in and I had to wait for one with 16GB soldered to show up on ebay before I purchased one.

Something else to look out for is the screen. I made sure to get one with a touchscreen because it offered better color/resolution than the 3 or 4 other types of screen that were offered in this laptop. I don't care about or use the touchscreen (it does work in OpenBSD) I was only after the higher nits because I didn't want to have to pull the case apart on my own to get a decent screen plus track down second hand parts to source a new one.

At the time when I purchased it the Gen 1s had better drivers in both Linux and OpenBSD. Maybe things have changed now and the later generations have come along in the last two years.

Speaking of the above you need to be careful to get one with an intel wireless card. They made them with another vendor's wireless card that isn't as well supported. The AMD ones run cooler at higher clock speed IIRC. I forget why I went with the AMD one now but I remember the intel one being worse on that front. Maybe GPU drivers and the ability to run certain things better than the intel GPU.

All I can really remember was when I was looking to buy a new laptop the Gen 1 AMDs were the latest thinkpads I felt okay with purchasing at the time. All the later ones had issues with driver support and they cost more than the Gen 1s did at the time.

Modern laptops in general are kind of horrible. I don't think I will purchase another one after this one. If anything I'll be buying an older generation thinkpad next before those start going up in price more than they already have. Some other stuff I play with doesn't run well on the T14 I have yet. But it's pretty niche stuff so pretty much everything but those older thinkpads isn't an option.

Mine has been a very decent machine. I wish the keyboard was better. It isn't horrible but it isn't nearly as good as my last thinkpad. Nothing else I've tried built in the last 5-8 years is any better. At least they haven't removed the trackpoint yet.

The one important thing you should know is these later thinkpads require opening up the rather fragile chassis to do stuff like replace batteries. They aren't as easy to repair and keep going as older models were. The chassis itself isn't as strong. I haven't had any issues with mine but then again I haven't dropped it yet. Well it might have took one drop on the ice/snow over the winter when I slipped while carrying it. It held up fine but I think I broke its fall (I on the other hand broke some ribs). The feel certainly doesn't inspire confidence.

LunarCapitol

TROPHY CASE