For a really long time (Since Slackware Linux 8), Linux has been my daily driver both personally and professionally. I ran Linux on my workstation and laptop for work, studies and productivity up until 2017 and dual-booting with windows after that. I have been using quite a variaty of distros over the years, ending up with Fedora/CentOS as my favorites. Since 2017, I have gradually been switching to Apple and Microsoft as my main driver for productivity and work. This blog-post is about why this happened and 5 reasons why I ended up with Apple and not Windows as my workhorse when I got a new laptop recently.
For professional use, I have been using linux as my main workhorse for both desktop and server workloads and will continue to do so on servers. On the desktop side I have switched to a more mainstream desktop operating systems as my daily driver. So what has changed?
In 2016 Gjøvik University College where I worked got merged with Norwegian University of Science and Technology (NTNU). In the IT-department where I work now there are 200+ employees distributed over many physical locations in Norway. This provides a whole set of problems regarding collaboration. In my job as the head of SOC, I have to keep in touch with a lot of different people both inside and outside of the university and IT-department. NTNU has like many other universities and companies standardised on Microsoft Office 365, Skype and Zoom and I must admit that the linux experience has not been great, even though you can get by with a web-browser for some tasks. Collaboration is the main reason why I gradually shifted towards a more mainstream desktop OS.
Working with security analytics, detection and incident response I often need to some extent to do research and development, security engineering, security analytics and digital forensics related tasks which can be resource intensive. As a security professional in a large poly-technical university, where students and staff use all major (and minor) versions of almost all desktop operating systems, you have to be comfortable and up to date with how systems are developing over time and being able to detect, respond and do forensics on common desktop and server systems in use like Windows, macOS and Linux. This means that I have to have all these systems at my disposal. To manage this, I used to have a ThinkPad X1 Carbon 6th (Windows 10), an dual core MacBook Pro 13" (2017) and a Xeon based Dell Precision workstation (CentOS 7) at the office. Because I mostly did the heavy lifting on my workstation and office related tasks on laptops, the MBP13 and X1C was underpowered in regards to security analysis and forensic tasks. Meaning that I had to remote back to my workstation for some tasks when I was on the road which was time consuming.
Consolidating workstations and laptops into one
When my workstation was done for and ready to be switched out recently, I felt the need to consolidate around the balance of mobility and power. I decided that analytical workloads that cannot run on a high-end laptop should probably run on the vSphere cluster instead of a workstation anyway. This is when I decided to replace my workstation with a laptop. The main reason for this is mobility off course, because I want to be able to do get work done anywhere and anytime regardless of it being a online meetings in a project, confirming a vulnerability in a virtual machine or searching for hashes in a disk image. Since I am most productive doing analytics, development and engineering tasks when I am working in a Unix/Linux envionment, this was an important factor for my choice. Linux was out of the question because if all the overhead regarding collaboration, so the choice was between a decent Windows 10 laptop like Lenovo ThinkPad X1 Extreme, ThinkPad P1, Dell XPS 15 and a MacBook Pro 16". The choice landed on the Apple MacBook Pro 16" running macOS Catalina.
5 reasons why I chose macOS:
- macOS is a certified Unix-03 operating system with a familiar POSIX-compliant environment with decent terminal emulators available (iTerm), has a strong security and privacy model and has a quite alright and fuctional graphical user interface (when you get used to it). A lot of the software I use/need are only supported on *nix like environments and can be a hazzle to get working properly on Windows.
- macOS run most of the office and productivity tools that I need. It has acceptable support for the Microsoft Office 365 and can open AIP protected documents and it supports Dropbox, Box and OneDrive.
- macOS can run both Docker and VMware Fusion Pro on the same machine and supports all major OS including macOS to run as VMs without a problem.
- Brew (Package manager) can install most software packages I need by terminal in a famliliar way like yum/dnf/apt on Linux systems, making it easier to set up a development and analysis environment.
- Apple provides good quality hardware (Especially with the new keyboard) and really good power to mobility ratio with the MacBook Pro 16. The integrations with other Apple devices in the ecosystem has increased my productivity and workflow and I really like using sidecar between the Mac and iPad as a second monitor when I´m travelling.
Some of the reasons above is also available on Windows 10, so by looking at them isolated was not a good reason to exclude the Windows 10 on a ThinkPad choise. Thats why I included 5 reasons why I did not chose Windows below.
5 reasons why I did not chose Windows 10:
- It is not possible to run both Microsoft Hyper-V and VMware workstation (or any other desktop virtualisation) together on the same machine. I need VMware Workstation for many advanced tasks like research, labs and analysis of unknown binaries. I tried to implement my workflows into Hyper-V, but it was just not an productive user experience.
- Windows Subsystem for Linux (WSL) is great and I love it, but it has some performace and compability isses, especially when it comes to more advanced networking, development and analytical tasks that I prefer doing in a linux terminal (WSL 2 resolves this, but it requires Hyper-V installed, hence reason 1).
- The PGP encryption software and integrations available for Windows 10 (Outlook) are unstable at best and I feel that it never really worked as exptected. I need to be able to send and receive encrypted email in both S/MIME and PGP. I could off course use Thunderbird with Enigmail, but then yet another application for email and calendar. Also I have experienced problems with thunderbird email and calendar sync with exchange in the past.
- Docker for Windows need Hyper-V and cannot be installed on the same machine as VMware Workstation. Docker is quite neet for temporary running applications like CyberChef for converting data into different formats locally. The docker problem could be solved with a VM in VMware workstation, but reason 1 and 2 still applies.
- Sofware that require Windows is easily available for me from Windows Remote Desktop services, remote applications and software that require macOS isnt.