Running a law firm on Linux - a year or so in

About a year ago, I wrote about my experience of running a law firm on Linux, three months in.

It was, to be sure, early days. Now I've had the chance to get used to it a bit more, here are some follow-on thoughts.


This works for me, and my (English law) practice. It might not work for you and yours. I'm not advocating that you switch, but rather just writing about my own experiences.

A brief overview of my setup

I am using Debian 11, with GNOME, using Wayland, running on an Intel NUC (when I'm at my desk), and on a Microsoft SurfaceBook 2 (when I'm not). I prefer the SurfaceBook 2, and the linux-surface project is superb, but the machine doesn't play nicely (for me) with two 4K monitors.

With a few exceptions (below), my day-to-day software is now FOSS.

Some people have asked what software I use. It's not very interesting, but here we go:

Client-side stuff

  • Email (MUA): Evolution, with OpenPGP
    • Drafting email before I paste it into Evolution: gedit, or vim
    • Some clients (like me) prefer quoted, in-line replies
    • Pretty much anyone using Outlook does not, so they get top replies
  • Document production: LibreOffice's Writer
  • Presentations: reveal.js
  • PDFs: evince for most reading (but not for digitally signed PDFs; see below); Xournal++ for marking up PDFs (and I love Xournal++, especially with the Surface's pen)
  • Browser: Brave (having moved from Firefox)
  • Disk encryption: LUKS
  • Client-side encryption of files before syncing them with Nextcloud: Cryptomator
  • SIP client: Blink
  • Password manager: Bitwarden
  • Markdown editor (for blogposts; I do presentations in vim or gedit): Apostrophe

Server-side stuff

I've been using most of this for years, long before I switched to Debian on the desktop, but, since it all runs on Linux, I'm including it here anyway.

It's quite amazing just how much work-related stuff I (and, presumably loads of others) do from within a browser.

  • Email (MTA): postfix / dovecot
  • File synchronisation: Nextcloud
  • Video conferencing: jitsi, which runs remarkably surprisingly well on a Raspberry Pi
    • I'm happy to use other systems, including Teams and Zoom, in-browser, if someone else sets up the meeting, using Brave as the browser. I don't bother with the dedicated clients, as the services all work just fine in the browser
  • Invoicing and tracking payments: InvoicePlane, just for sending out PDF invoices. Clients don't interact with it
  • Time tracking: Kimai
  • "Case management" / "Matter management": EspoCRM, with some renamed field names, and some custom fields, but not very heavily customised
  • Secure file transfer:
    • And, in a handful of cases, OnionShare, which is client-side
  • VPN: WireGuard, using trailofbit's algo ansible scripts
  • Vulnerability scanning: greenbone/OpenVAS
  • Password manager: Bitwarden
  • Website: it is a static site (mostly) built via mkdocs, hosted on apache2. It's basic, but it seems to do the job
  • Knowledge management, and managing our law firm's (numerous) policies and procedures: dokuwiki with the Markdown plugin
    • Increasingly, I blog (as legal updates) some of the things I'd otherwise have put on our wiki
  • DNS: unbound, with Pi-Hole in front of it, and doh-server for DoH
  • SIP server: FireBrick FB2900, and its in-built SIP server, coupled with Linux-based scripts for call recording. (I've been meaning to extend these to PGP-encrypt emailed call recordings, but I've yet to do so.)

Not at all Linux-related, but I still love my standing desk. I feel so much better at the end of the day than I did when sitting down for most of the day. I've recently added a treadmill so that, when I'm working but not on calls, I can plod away slowly too - my theory is that any exercise is better than the basically nothing that I was getting beforehand.

What has worked well

Pretty much (but not quite) everything!

In some ways, this is a pretty tough blogpost to write, because there's relatively little to write about.

It has - for the most part - "just worked".

As in, day to day, I don't think "I'm using Linux!". I just boot my computer and get on with my work. Email, writing advice and preparing contracts, exchanging files, video calls, phone calls, and so on. The day-to-day legal work.

(And this is good, as it has been a busy, and successful, year for me, work-wise!)

The same is true for the admin side of running a law firm, which isn't massively different from running any other business.

Even my Bluetooth earbuds work :)

Working with others

Working with others - the vast majority of whom are not using Linux - has gone well.

Indeed, aside from those who know because they have at least a bit of an interest, or who read this blog, the fact I am doing this is invisible to clients and other people with whom I work.

Which is good, because why should they care, let alone have to put up with things not quite working or work around anything?!

LibreOffice / Office interoperability

I had wondered if I would need to switch to Word for some documents but, so far, no.

I don't know how many "Word documents" I've worked on in the last year - low hundreds, at a guess - but there has been no problem.

Even a document with hundreds of tracked changes and comments, and multiple contributors across multiple organisations - an unusual situation for me, anyway - was fine.

(Admittedly, it took me a while how to deal with LibreOffice Writer's tracked changes function and comments, but that was simply user error.)

Giving back to FOSS

As of December 2021, we aim to donate every month to Free / open source projects from which we have benefited. Before then, it was sporadic.

It's been a bit of a struggle, as it entails working out what I use, finding a way to give to the project, and doing so, but, so far, I've found something most months.

I'd love it if this were easier, for small / micro organisations.

Time spent being a sysadmin

More, I expect, than if I just used Someone Else's Computer, but not enough to bother me. I have a standard deployment image for servers, so spinning up another server is light touch, and I automate updates and security scanning as much as I can.

I get automated email reports for both on-device scanning and remote scanning, as well as updates which I need to apply manually.

Of course, if something breaks or fails, that's on me. But, so far, my finger-in-the-air feel is that I've spent less time maintaining our systems than I spent on the phone to IT trying to get just my own laptop working / my laptop out of action / being handed in for OS upgrades / when I was employed.

Perhaps I should keep a better log of the time I spend doing sysadmin type stuff?

What have I changed?

From Surface 6 to SurfaceBook 2

I started using a Microsoft Surface 6. And I was blown away by how well Linux works on the Microsoft Surface - it's just superb (apart from the camera, which is work in progress...).

But the Surface 6's fine-if-you-are-using-a-table keyboard annoyed me when I was out and about, so I picked up another office's rejected almost-pristine 13" SurfaceBook 2 for about £350. An absolute bargain, and it's a real pleasure to use.

(Annoyingly, I haven't found a magnetic privacy screen for it, unlike the ones available for the Surface 6.)

When I'm at my desk, I'm using an Intel NUC, also running Debian, as one of the downsides of the SurfaceBook 2 (or, perhaps, the Microsoft official dock; I'm not sure exactly where the problem lies) is very inconsistent support for two 4K screens.

reveal.js for presentations

My pandoc and beamer based approach worked. But, without more tinkering with LaTeX than I wanted to do, its output was pretty basic. By which I mean more "basic" than "pretty".

I loved the experience of writing slides in Markdown, so I was keen to find an alternative, and I did: reveal.js.

With css for theming, creating something which fits the rest of our (minimal) branding was easy. (I would like to make the css for quotations a bit prettier though.)

I am a massive fan.

And I can easily upload presentations to our webserver, so people can play them, rather than just downloading a PDF.

(If you care, here's an example.)

What it did show me, though, is that Firefox's JavaScript performance was not good enough. Transitions were slow and jerky, but running the same presentation in Brave was seamless. So Brave it is...

My phone is no longer an iPhone

While I've moved away from an iPhone, my hopes of using a Linux phone - specifically, the PinePhone Pro - just haven't materialised. That remains a tinkering device for me. Perhaps one day? Perhaps not. But it's definitely not there (for me) yet.

So I now have a Pixel 6, running GrapheneOS, and that's been fine so far. I'm not wowed by it, but I don't tend to get wowed by phones any more. But it "just works", and that's valuable.

The scanner is no longer connected to a macOS machine

A year ago, I was running a macOS machine because my scanner, a ScanSnap ix500, worked well with it, and I saw no reason to change it.

Now, that's no longer the case, because it's no longer working at all.

The macOS machine threw a hissy fit and refused to boot but, since I haven't used the scanner in about 10 months, and I haven't missed it, it is not high up on my list of priorities.

I will, some day, revive it, and I'll probably hook it up to a Raspberry Pi, with ocrmypdf to do automatic OCR, and then shove the file onto a shared drive. That way, I can get an aged macOS (virtual) machine off the network.

Changed / new software

Not much, really.

I switched password managers to Bitwarden, and that's worked well. I prefer the cross-device syncing to what I had with 1Password. I also like the YubiKey MFA support. A very reasonable price too.

I've been impressed with espanso, as a text expander. I used aText on macOS, and espanso has been a great replacement. Configuring it is a bit trickier - yaml, rather than a GUI - but I'd be lost without it.

Admittedly more on the server side, greenbone / OpenVAS, for vulnerability scanning, has been great, and pick up a few bits and pieces which I hadn't noticed myself, and then helps me stay on top of things in addition to other hardening / automatic patching bits. Setting it up was a bit of a pig, but it has been stable for a few months now.

What hasn't worked (well)

evince (PDF viewer) and digitally signed PDFs

The version of PDF viewer evince available in Debian 11 does not support digitally signed PDFs (e.g. PDFs signed by DocuSign).

What a pain.

I looked at switching it out for a later version and, while it looks possible, it didn't look easy.

So, so far, I have gone for the easy option of just opening the file in Brave instead.

In fact, PDFs in general

Indeed, dealing with PDFs overall, other than just reading and writing on them, is stronger on macOS than it is on Linux, unless I'm missing something.

I miss PDFPen Pro, from my Mac.

I can do what I need to do through a combination of different bits of software on Linux - notably, pdftk - but this isn't ideal.

Screen sharing on video calls with Wayland

I can share browser tabs, and thus PDF documents opened in a browser tab, but I have yet to get screen sharing working, for sharing any window (such as LibreOffice).

This is probably the biggest nuisance; almost enough for me to switch back to X11. It hasn't been quite enough of a problem, but it is right on the margin, so perhaps I should just get on and do it. (I'm not sure I'd notice much of a difference, really.)

Batch converting email from Outlook for a document review

I needed to convert a couple of hundred email exported from Outlook in .msg format into PDF, so I could review them.

I couldn't readily find a solution for Linux and, while I could probably have written a simple bash script with msgconvert and then something else (unknown) to get the resulting files into PDF, it was far easier for me to use MailRaider Pro on my Mac.

I'd still like to solve this on Linux, but it hasn't made it to the top of my todo list.

Other than asking the developer of MailRaider Pro if he plans a Linux port... (Maybe, perhaps, one day.)

I haven't managed to get my fallback IPSec VPN working

I use WireGuard for our main VPN, setup on a Raspberry Pi running Ubuntu and algo, and that has been great. But, ideally, I'd have IPSec as a fallback, and I haven't managed to get that working yet.

Admittedly, I haven't spent too much time on it, but I have found it decidedly trickier than it was for macOS.

Receiving attachments on GPG-encrypted email from a ProtonMail sender

This one was just weird, and rather limited.

I could send attachments via GPG-encrypted email to someone using ProtonMail, but, when they sent me email with attachments, I received the email, but without any obvious attachment.

I don't know what was going wrong or whose end it was to blame, although I had the problem whether I viewed the email using Evolution, or using our mailserver's web interface, and the person at the other end wasn't bothered enough to want to debug it, so we just used our file transfer tool instead.

So what next?

Other than perhaps fixing some of the gremlins above, I've no particular plans. On the whole, it works. Well.

Really well.

I'll keep my eye out for opportunities to improve things, and if that means moving away from Linux one day, so be it. I'm not wedded to it. But, for now, that's not on the cards.

And if you'd told me, 20 years ago when I first used Linux, that I'd be running my own business on it, I don't think I'd have believed you.

Answers to questions I've been asked about this

Have you lost out on any work due to not using proprietary software?

Not that I know of, no.

I mean, I guess it is possible, and no-one told me?

How much non open source cannot be shed and why?

Very little:

  • our accountant's chosen platform, FreeAgent (which I actually quite like). I don't store client-identifiable information on it; just invoice numbers and values, and my expenses.
  • MailRaider Pro very occasionally, for converting Outlook email files to PDF.
  • Pages, on macOS, for converting stuff I've previously and foolishly saved in .pages format. Basically, a form of tech debt.
  • The router I use, a FireBrick 2900, which also acts as our SIP server, is not open source. But it works really well (and is made by friends, and I like it) so I am not in a rush to move.

What do you use for e-signatures?

I don't.

Dealing with governments' digital platforms

I don't.

I deal with government officials and regulators a lot, but just use email, or Teams.

How do you interop with the courts

I don't. Litigation isn't part of my practice.

(Although I'm not sure it would be too tricky anyway; as far as I know, for English courts, one just files normal PDFs. But I don't do it, so I don't know for sure.)

How do you interop with other lawyers

Email, usually with .docx or .odt documents.

Teams calls (in-browser, in Brave).

Phone calls (SIP, via either Linphone on my phone, or Blink on my computer.)

What do you do for backups / security?

This really needs a post to itself, as I do quite a lot, and it is constantly evolving.

What is your touch enabled tablet/ mobile/ paperless experience?

Really positive. Really positive. Nextcloud, for keeping everything in sync, is amazing, and Xournal++ is quite superb for scribbling on / marking up PDFs.

In terms of client-work, I didn't receive a single piece of paper last year - in fact, I think I've received one letter in the last six-almost-seven years - so I don't have a particular workflow for converting paper stuff to digital files.

Have you seen peer firms adopting better tech practices as a result of their interactions with you?

Nope! And, chances are, they've no idea what I've chosen to do, nor do they really have any reason to care.

As far as I'm concerned, it should be invisible to outsiders, unless they read my blog.