Comment by klodolph

Ah, I can see what you’re getting at. There is actually a system which is a better fit for me, which is the Mac. I can still run the software I want on it, and even though the security model isn’t tight enough, it’s improving.

Linux is also doable, but there’s extra work involved with setting up separate user accounts for running specific pieces of software, configuring namespaces for those processes, that sort of thing. But this is backwards. I’d rather start with a secure default state and have to configure exceptions. Back in the day I could get that from SELinux strict policies but it seems like those have fallen by the wayside.