Linux Challenge: Extreme Edition -- Creating a secure desktop for a working journalist atop FreeBSD

I've been using linux (and BSD, windows, OSX) for years. They work for what I need them to do, and I've formulated an environment that works well for me. Linux and FSF-Only environments are a lot like Veganism: no one cares, and the people participating are overwhelmingly pale, obnoxious dullards with a special brand of smugness that permeates them to their cores. I'm obnoxious, and pale six months of the year, but I try to leave the other things at the door. So: in a purely-spontaneous-and-not-motivated-by-forum-badges display of curiosity, I decided to get out of my comfort zone and try something new, in the spirit of the challenge.

a little over 22 months ago, I started to get bored of linux for productivity. My personal setup works well enough, but I'm not using my work machine for any intense computation or programming (I have a deep learning and ML rig for that) and it seemed to me that an opportunity had arisen -- an opportunity to do something I just hadn't gotten to for entirely too long.

I was going to build a secure BSD machine for my day-to-day work.

I had three main requirements:

  • does word processing and web browsing, manages email/RSS
  • is secure enough to comfortably communicate with sources
  • won't shit the bed on me or lose my data

I'll admit the going was rough at first, security and data retention were the easiest parts by a mile, but the UX on ghostBSD was horrendous at the time, OpenBSD felt like using a decade old system, and TrueOS didn't exist in the workable form it does today. I settled on a heavily customized installation of FreeBSD, and wrote an automated installer in case I ever had to use the nuclear option. Eventually I had a system that was passable as a daily driver, but it wasn't all cream puffs and rainbow enemas.

I was lucky Wi-fi worked at all (things are different now, mind you) but I could only interface with it via command line. Learning init, and purging all of what I now consider bad habits took far longer than I care to speculate on, and getting the GUI to work as intended was a chore. I learned a lot, but for a working journalist, it was time I probably could have used making a lot more money.

I've come back from this experience to tell you that things are different. Things are, in fact, much better.

A while back, I gave TrueOS a try, and it blew me away. It felt like installing any user-friendly linux distro or commercial operating system. It has an easy, stable WiFi GUI, setting up encrypted volumes on install is a breeze, the pkg audit command will immediately let you know if you have any vulnerable installed packages, and lumina is a joy to use and light as a feather.

Failed upgrade? no problem, just activate the previous boot environment and seamlessly roll back. Problems? there's an active and committed community of people that aren't all rackspace-dwelling sysadmins with RTFM tattooed on their knuckles. Don't like systemd? I'm not sure that you can even run systemd on the OS anyway!

Sure, setting up a secure system based on freebsd isn't that hard nowadays, but there's one out there that has a top-notch UX, and it's made the past few months run as well or better than any linux distro could out of the box.

As I come up on the second anniversary of making the switch, I thought it'd be nice to share the experience here. It's in the same spirit of trying something new, and while it isn't linux that I switched to, It think it fits the theme of the thread rather well.

Hope this finds someone well, or at least mildly entertains a few of you out there.