So I gave up. Using a secure OS is simply not usable for someone who does not have the time or interest to become a secure OS geek. I am much more of a lay-critter; the operating system is a tool, one of many in the box, which is supposed to catalyze my investment in good hardware and help me be productive.
I need an OS which lets me synchronize certain bits of data across my devices – contacts, calendars, photos… the digital detritus of modern life. Stuff that I keep in my cloud, hosted on my own metal tyvm even though it really should not matter to the OS.
I also need to be able to use certain specific pieces of software, software which subscribe to extremely high standards of openness, security, and privacy. You would think these would be the kinds of software any privacy-oriented OS would have mainlined into their repos, but in fact neither of my top choices for secure OS supported them. Not quite perfectly true – Tor Browser was available in part of Qubes.
After nearly 12 weeks of a variety of walls, hurdles, and a ton of #phail, I am giving up and in a single afternoon have managed to get LMDE set up beyond the point of the others. And I have a small suite of USB-based installations which, with one thing or another, support all of my non-integrated tasks, at the cost of needing to reboot into a separate OS each time I need to shift tasks.
Which is not how I want to work. I want to smoothly shift between work spaces, focusing on small clusters of inter-related tasks involving differing softwares, files, and communications. This one may require web browsing, word processor, and simple graphics manipulation; that one needs an IDE, VMs, a VPN, and a database engine. And a handful of other areas of endeavor which are interwoven with e-mail, secure messaging, phone/video calls, and the occasional hour of mindless solitaire games.
Being too compartmentalized means work grinds to a halt, especially when essential tools simply do not exist, or have such crude work-arounds they might as well not exist. And having a system which sanctimoniously avoids blackbox blobs but is so unstable it falls apart weekly is super-frustrating. So I am back to a tried and true but insanely unprivate OS, at least for now. Early task (on Linux‽) was to kill Adobe Flash, much to my shock and dismay. (When I said “add unfree media codecs” I was thinking mpeg, dvd, and blu-ray, not flash!)
No doubt I will soon be whingeing about having to shift OS yet again.