There's simply no other way to express this....

These numbers are for only three months, so for the full year multiply by four.

Again, the total "social insurance and retirement" tax grab is $274 billion.  Social Security is a 12.3% tax (up to the cap) and Medicare is 2.9% (no cap.)  The split is thus roughly-speaking ~19% Medicare, the rest (81%) Social Security.

If you want to get down into the detailed numbers they don't "quite" add there because there is both spending and tax revenue that gets bucketed in each from the various line items.  But it's not off by much; the "line item" (without the bucketing) comes up as 74/26 -- not materially different.

81% of $274 billion is $222 billion.  Social Security spent $251 billion.  That's a ~29 billion shortfall.  Not good but there are a lot of Treasuries held against that requirement, and by 2026 the budget impact as a percentage starts to fall because the boomers start to die, statistically speaking.  In other words Social Security had a ~12% shortfall over the first three months, indistinguishable from my last look (12% .vs. 13%.)  This is easily fixable on a forward basis without much economic pain.

Medicare, on the other hand, spent $153 billion but took in just $52 billion.  That's a shortfall of 66%; that is, two thirds of it is unfunded.  You would have to more than triple the Medicare Tax Rate in order to bring it to parity.

That's an "improvement" over the nearly 75% deficit in the first month but we are in fact talking about bleeding out in two minutes rather than three; the outcome does not change.

Add to that "Health" (Medicaid, mostly) and it's much worse; now you take in $52 billion but pay out nearly $300 billion.

Note that the deficit thus far is $319 billion.  If you were to get rid of the deficit between Medicare and Medicaid .vs. tax receipts you would almost close the deficit to zero.  If you also increased the FICA tax rate by 13% (to just under 7% for "each half"), increased the income cap where it stops being collected or some combination that wounds up in the same place as well the deficit would be effectively zero.

$319 billion over three months equals roughly $1,300 billion, or close to $1.3 trillion in deficit for the entire fiscal year.  The only good news is that April is usually a strongly positive month (as a result of taxes being due) but either way the deficit is almost-certain to be in the neighborhood of $1.1 trillion this year.

You cannot fix this with either taxation or cost-shifting. It is mathematically impossible to do so.

For example you'd have to nearly double the individual income tax rate on everyone, including the middle class; to close the gap by increasing the corporate tax rate you would have to raise it by more than an insane and utterly impossible 600%.  Any claim that we can solve this by making people pay "their fair share" is a flat-out lie.

You cannot get there by "cutting spending" on other than these programs either; if you cut all "other spending" to zero along with transportation and education you'd only cover 30% of the deficit.  Cutting military spending to zero (which is obviously impossible) wouldn't get there either.

There is only one way to solve this problem and that is to collapse Medicare and Health spending by 80%.  You can only resolve the problem by collapsing the medical and health insurance monopolies, forcing everyone to publish a price for everything and charge everyone the same price, where said price must be handed out before service is provided, along with telling everyone involved that for any and all conditions in which a lifestyle change will remove the need for treatment government will pay zero unless the person in question makes that change.

The trend is not improving and it is not "The Next Generation" that will have to deal with this.

This has to stop right damn now or it will blow up before we get through the next Presidential term -- and no, you cannot tax your way out of it either.  The people in Washington DC -- Congress and the President -- must be held personally and politically responsible for their refusal to deal with the only way to put a stop to it, which is to destroy the medical monopolists using existing, 100+ year old law, and to do it right damn now.

And if they refuse we the people must enforce our demand for them to do so.  They will refuse, I remind you, unless forced by the people -- and there are peaceful and lawful means to do exactly that (e.g. a general strike.)

Nothing less than the literal existence of this nation as a Constitutional Republic is at stake.

There have been recent measles outbreaks in the United States -- which have led many to claim that this is likely related to "anti-vax" sentiment and "personal exception" laws for vaccination.

(CNN)So far this year, Washington state is averaging more than one new measles case a day as officials try to help stop the disease's spread.

Since January 1, Clark County Public Health has confirmed 47 cases of measles. In King County, home of Seattle, at least one confirmed case was reported.

A vast majority of those who came down with measles -- 41 -- were not vaccinated against the disease, Clark County officials said. One patient did receive a vaccination against MMR (measles, mumps and rubella), but the health agency declined to provide more details on that case "to protect the patient's privacy."

Measles is a nasty disease.  It is not simply "a rash, a fever, and then it's over" sort of thing.  In a small but significant percentage of the people who get it the infection spreads to the brain or causes a secondary pneumonia condition to arise; both can permanently injure or kill.

The MMR vaccine is allegedly about 97% effective in providing immunity if you get both doses (one at about 12 months, and the second between 4 and 6 years of age.)  The problem is that we admit into this country a huge number of individuals who have no vaccinations in this series and sometimes none at all, nor do we track them.  They're illegal invaders.

"Herd immunity" is often claimed as the reason to require everyone be vaccinated.  But that claim is bullshit; herd immunity is the phenomena that drops the transmission efficiency of a given disease below 1.0.  Measles is extraordinarily contagious, however -- a single person who has it and is contagious that comes in contact with 1,000 non-antibody carriers (either through previous exposure or vaccine) will likely infect an utterly enormous percentage of those exposed.  While it is true that in vaccinated populations transmission will eventually die out due to herd immunity those who have vaccine failure -- and a single-digit percentage of those vaccinated are not protected -- are still nearly-certain to contract the disease if they are exposed.

The bottom line issue here is that illegal immigration is a monstrous vector problem and one we can put a near-100% stop to by stopping all invasion of this nation by those who are not vaccinated.

Again, while a wall or other hard border barrier will not stop all persons from coming into the country illegally it will stop more than 90% of them immediately.  That's the record other nations with border walls have -- including Israel.

If you decide for whatever reason not to vaccinate your kid(s) then your kids are the ones primarily at risk.  But those who did take the vaccine and have it fail for reasons entirely beyond their control, simply because it doesn't always work, should not be exposed to the risk of serious disease and even death simply because some jackwad politicians and businesspeople want political favors and cheap under-the-table illegal labor.

Those who advocate for illegal immigration and protection of any who cross illegally and are already here ought to be charged as accessories before the fact with manslaughter should any US Citizen die as a result of such an infection and be hung at the national mall in fulfillment of their sentence.

Those who sell their souls to the Devil have little to complain about when he shows up without a jar of KY to go with what he intends to do to you.

Arjun Sud was standing outside his son Oliver’s Door Sunday when he heard that voice. He burst in. The voice stopped. He and his wife chalked it up to baby monitor interference. But once downstairs, they heard the voice again.

It was an unseen intruder talking to them through their Nest security camera, using obscenities including the ‘N’ word.

“Asking me, you know, why I’m looking at him because he saw obviously that I was looking back and continuing to taunt me,” he said.

“It was terrifying,” Sud’s wife Jessica said.

Sud says once his shock subsided he composed himself enough to record part of the ominous exchange.

Sud believes the hacker also turned their upstairs thermostat to 90 degrees. He noticed that potential danger to their baby the same night.

“And then they messed with our thermostat,” Jessica said. “Who does that?”

Uh, you are the idiot that connected your house to a "cloud" -- that is, a computer owned by someone else.

It's not like you didn't know in advance that these companies make their money using your data to screw you in one form or another -- even if it's just 'selling advertising.'

Of course the companies always claim it's the customer's fault -- they didn't use a good password, they didn't use 2-factor authentication, etc.  This ignores the reality of the situation, which is both simpler and more-complex.

The simple side is this: These firms make their money off selling data they accumulate on you.  Security is not their first thought or they wouldn't connect such things as your thermostat to the "cloud" at all; they'd design them to be very secure and talk only to your specific devices such as your phone.

But then they wouldn't be able to use that data themselves.

You can bet they intend to -- and are.  Just read this:

We should recognize this pattern: Tech that seems like an obvious good can develop darker dimensions as capabilities improve and data shifts into new hands. A terms-of-service update, a face-recognition upgrade or a hack could turn your doorbell into a privacy invasion you didn’t see coming.

Last month, Ring got caught allowing its team in Ukraine to view and annotate certain user videos; the company says it only looks at publicly shared videos and those from Ring owners who provide consent. Just last week, a California family’s Nest camera let a hacker take over and broadcast fake audio warnings about a missile attack, not to mention peer in on them, when they used a weak password.

Why do you think these folks all design their software and "products" to have a business model that costs them money on an ongoing, perpetual basis?  Computers are not free and neither is storage.  What possible purpose does imposing a cost model on themselves on a perpetual forward basis for said "cloud connections" have unless they are going to use it to screw you in some form or fashion?

It's not necessary for anything more than a licensing check or similar, and that contains nothing of value to a hacker provided the payment information for said license is secured properly (or not even present on that system, which it doesn't have to be.)  There's simply no reason at all to have that data and a back-channel to connect to your house in the "cloud" in terms of access for you; your phone or laptop can simply connect directly back to your house via a secured, SSL-enabled connection and if it was designed that way the only place the data would be is in your house and on your phone.

Instead these "cloud folks" try to sell you "convenience" that isn't really any more convenient at all!

HomeDaemon-MCP provides you remote access to everything in your home that you wish to look at and control along with alarms and similar in real time without any "cloud" involvement.  Yet if you want real-time video from your camera(s), you can see it.  If you want to grab a segment to your phone (directly, not to a cloud computer) you can do that on command.  If you want to adjust your thermostat, you can.  See when someone was last in a room, sure.

But nobody has that data except you, because it's not stored anywhere except on the little credit-card size computer in your house and is only transmitted to your device(s), such as your phone, when they are connected -- and nowhere else.  No cloud, no company mining your data looking for patterns it can sell things to you based on and nobody spying on you either.

I just closed on my late mother's estate (house.)  Her place was built almost-literally on a swamp (along with many others in the neighborhood) and had a full basement, which means a sump pump that had better not, ever, quit working.  Then there's the usual issues when you're not there all the time -- especially in the winter, where loss of heating (e.g. something as simple as a burned-out igniter in the furnace) means frozen pipes and a god-awful amount of damage.

HomeDaemon-MCP took care of all of that, in addition to my home here in Florida.  The sump pump was checked with a plug module that reported power usage.  It thus became trivially simple to know how often it was cycling, for starters.  In addition setting alarm points for the pump being on for too long (a sump pump should never actually run for more than a few seconds per cycle) or excessive power consumption (indicating either a blocked -- like frozen -- outlet or a locked rotor, that is, a failed pump) raised immediate and very loud alarms on my phone.  Finally, a water sensor probe down the volute above the normal level was there -- just in case everything else looked ok but the water wasn't actually being pumped.

Then in the main living space a CO/Fire detector that also talked to the system was put up (battery powered), covering that possibility, and finally a thermostat.  The latter not only made for a big reduction in power consumption when nobody was there but also allowed for trivial monitoring for the situation where it's winter and the furnace breaks, in that too-low temperature would cause an immediate alarm too.

Icing on the cake was the ability to have and look at 24x7 video feeds if desired, and knowing when motion was last detected, so if someone broke a window, well, that was covered too.

I've been living there about half the time since September; the same issue of course arises for anyone else who has a vacation or second home -- or if you just go to work 8 hours a day.  You're not there all the time and it's nice to know that all is well -- and be immediately told if it isn't.

No cloud, no bullcrap, nobody gets in except me -- and notification is effectively immediate (60 seconds or less) if something happens.  In addition should I want to let someone in (e.g. a Realtor) I can -- remotely, with the push of a button, and know if/when someone does come in, even using a key.

Want to disrupt this space?  The marketing material writes itself with stories like this cited one above, of which there are plenty already and will be more.

Email me -- contact info is to the right.

I've had my Lenovo X220 for a long time.  Time has moved on and yet until this last year I saw no compelling reason to spend money again.  The X220 works great and the "improvements" have been small in number but large in price -- and thus not worth it, in my view.

This last year the X1 Carbon Gen 6 units showed up.  The previous models were nothing special -- but the "6" was nice.  The problem was that "nice" came with a screamingly-stupid price tag, so I passed.  But now you can get the X1 Carbon Gen 6 models in a good configuration (i7, 16Gb RAM and a 500Gb SSD) at a nice price -- refurbished, but still with a decent amount of remaining factory warranty.

Incidentally, Lenovo has a rather nice "companion" app that allows you to (among other things) set the charge controller's maximum charge point on these machines (!!!)  Setting it to 80% will cost you 20% of your runtime but it will double or better the battery's cycle life.  In addition if you're connected to wall power and in the "no-charge window" (e.g. 75%-80%) the system will take its power from the A/C line but not charge, so the battery does not cycle in that state at all.  Setting this is not a Windows thing either -- it programs the charge controller hardware so once set it is persistent even if you boot something other than Windows or the computer is plugged in but off.  I like that a lot -- this ought to be mandatory on any sort of battery-powered mobile device (e.g. a phone), especially if the battery is not user-replaceable.  You know damn well Apple, Samsung and the rest will never do that however since it's part of how they sell both computers and phones -- build them so the battery pukes in about a year and guess what -- you're back in their store!  Oh Tim Crook you piece of crap jackass, why isn't this capability standard on all your MacBooks since you're allegedly the "innovation leader"?

In any event these machines can go 6+ hours of moderate use even with the charge point restriction in place, so you're not giving up much and with this set leaving the unit connected to power does nothing to battery cycle life, unlike virtually every other machine on the market.  Incidentally, the new Coffee Lake processors (Intel Gen 8) are damn fast on a comparative basis.  This is the first "innovation" in laptop CPUs that has been worth spending money on in five+ years, so if you're wondering if it matters -- it does.  In addition these units have Samsung nVME SSDs in them which are blistering fast, plus a Thunderbolt 3 port that can drive external video cards if you wish.  I've seen no reason to "upgrade" from my X220 until now; it's still perfectly functional too, by the way.....

If you want my short list of complaints with "modern" laptops it's the port problem.  Specifically, small and light means compromises when it comes to interior space and thus ports.  Full-size SD slots (for example) consume interior space which is at a premium, so they're disappearing.  Worse, on many machines so are USB Type A connections, which is IMHO utterly unconscionable.  Yes, I know Type C is both smaller and comes with USB-PD, which is superior but there are literally a billion USB-connected devices out there that come with and require a Type "A" plug -- or some sort of adapter -- to use.  Those devices aren't going away for a very long time, and as such having at least one (and preferably two) Type "A" port is IMHO required. Dell has screwed the pooch in this regard with their latest "ultrabook" models; Lenovo has only partially done so (there's no full-size SD slot, but there are two Type A ports.) 

One big advantage of USB-PD connections found on newer devices is that we're moving closer to true interchangeability when it comes to power in the mobile world.  Specifically, I can use the laptop's charger to charge my phone, I can use my phone USB-PD charger (provided it can do 20V output) to charge the laptop (slower, but it should work), my car's USB-PD charger can charge the laptop (I no longer need an inverter) as well my phone and I can use the laptop battery to charge the phone as well.  The latter means that if I need to I can plug the car into the laptop and the phone into the laptop as well on the second USB-C port and both will charge.  This allows me to get rid of multiple things I used to have to carry, or continue to carry them and gain redundancy -- and that's a good thing.

One of the things I find insanely annoying -- and insecure -- is anything Microslug.  Sadly I, like a lot of other people, cannot get away from it in that there's just too much software that I use on a regular basis but is either Apple or Microsoft only.  I prefer a FreeBSD desktop for a lot of things, never mind that I want to do some code development on it when traveling, which of course means I want the code environment I write in 90+% of the time on my laptop.

So if you're inclined the same way I am when it comes to operating systems here's how to dual-boot it -- yes, with UEFI (the "new way of the world.")  Oh, and to do so with full-disk encryption for both environments.  I consider full disk encryption essential on a portable machine because they're much more likely to be lost or stolen than a desktop.  Full disk encryption obviously won't stop someone from stealing the computer but it will make sure if someone does steal it they can't get to any of the data on it.

First, shut off secure boot in the BIOS settings.  That's a Microsoft-signature thing. It does provide (some) security on the boot process, provided you trust Microsoft. I do not, so therefore..... yep.  Note that if you have Bitlocker turned on (and you should if you've been using the machine) the restore process below will result in a non-encrypted Windows installation.  That's fine; you can re-enable it later (and should.)

Next, use Macrium Reflect (the free edition is fine) to make room for a FreeBSD partition.  The best way to do this is to back up the machine (make damn sure you create "boot media" and test it!), then RESTORE all the partitions using that boot media back to the machine's internal disk and, when restoring, resize the system ("Windows") partition to leave an appropriate amount of free space.  100Gb is quite a lot of storage for a user-style FreeBSD system, unlike most WinBlows machines that are flat-out bloated pigs -- which means that pigheaded Winblows and nice FreeBSD will handily fit on a 500Gb nVME SSD and even a 250Gb disk is more than enough (although you may wish to downsize the FreeBSD side to ~60Gb in that event, which is still going to leave you an insane amount of room on that side.)

CAUTION: Do not be tempted to use a partition resizer to do this instead of using Macrium to take a full backup and restore. Several of the below steps have no "are you sure" option or safeties to prevent data destruction; the commands below assume you know what you're doing and take effect instantly.  If you screw up during any of those steps and don't have a backup everything on the machine may be destroyed and it can be rendered unbootable, including any built-in recovery partition.  Without recovery media or a backup and boot media for it you're in big trouble if that happens. Doing it right means knowing you have a good backup and can restore it before you begin, which is exactly what you just did and proved.

Now go here https://www.rodsbooks.com/refind/ to download his EFI boot manager, then install it.  UEFI machines are supposed to provide a decent set of boot management options but damn near none actually do; this bit of code overcomes that problem.  The pages look sort of scary in terms of the amount of material present; they're not.  You need the "zip" file which contains all the pieces necessary.  Grab the package and read the Windows installation instructions; it's very simple to install this from the Windows command prompt.  You only want the "x64" version (there are three; delete the other two before you copy it over.)  To test the installation reboot; the system should show you a boot menu, but the only "real" bootable option will be Windows.  If you screw up typing something what will probably happen is that Windows will start instead of you getting the menu -- go back and check your work if that happens.  You're now set up to choose multiple operating systems painlessly every time you boot the machine.

Download FreeBSD-12 (the x64 version) from https://freebsd.org in the memory stick format and use your favorite tool (e.g. "dd" or win32diskimager) to copy it to a USB key or other similar thing (an SD card in a reader works just fine too.)  Note: You want FreeBSD 12.  You can use 11.x if you wish, but the nice integrated encrypted storage option I'm describing here might not work; I'm not sure if the encryption-aware EFI loader was MFC'd back to 11.x.  You can still set up for encrypted disk storage without that but it's a lot more of a pain in the ass to do than what I'm describing here and makes maintenance using FreeBSD's internal tools more-complicated unless you're quite careful. Use 12; it's both more-secure in that there is no "exposed" non-encrypted boot partition and easy to set up by comparison.

FreeBSD's installer should, in theory, be able to handle a "multi-boot" environment with reasonable facility but doesn't and the only option it offers for automatic setup with encrypted storage uses ZFS on the entirety of one or more disks.  That's reasonable on a dedicated machine with multiple drives but not for a laptop or other computer with one disk and a dual-boot requirement -- so you get to do the disk setup by hand.

Now boot the stick with FreeBSD-12 on it.  On the Lenovo hit ENTER on initial start when prompted and then select F12 to change the "default" boot order and select the USB stick from the drop-down menu.  Start the installer but when you get to the disk layout (there will be four choices; one of which is UFS and one of which is ZFS) select manual (it'll warn you that you have to be an "expert.")

You'll get a "#" (root) prompt.

Now type "gpart show | more" and look.  You should see something like "nvd0" at the top -- which is your SSD.  There should be a large unallocated space (marked " - free - ") of the size you left.  Note it, and that it will not have an index number.

If there is no free space of the size you left YOU ARE LOOKING AT THE WRONG DISK.

Type:

# gpart add -t freebsd-ufs -l freebsd-root -a 4k nvd0 (assuming your disk is named "nvd0" in the above)

This will tell the system to add a partition for FreeBSD to the disk named, consume all remaining available space in that nice large block and put a label on it of "freebsd-root."  This is probably what you want; the label is optional but will help you avoid mistakes while putting the system together.

Now look again at "gpart show | more"; you should see the freebsd-ufs partition you created.  Remember the index number next to it.  If it's "6" then the disk partition is in /dev/nvd0p6.  The numbers may not (probably will not, if you resized from a backup) be in order.  That's ok.

Warning: If you do any of the following to the wrong partition you will destroy whatever is in it.  There are no warnings or safeties on any of these commands; you're acting as "root", and it is assumed "root" knows what he's doing.  That backup you made as the first step will come in real handy if you screw up here so don't do anything stupid to wherever you put the backup -- like erase or destroy it!

BEFORE you press RETURN in any of the below steps look -- TWICE -- at what you just typed or be prepared to use that backup you made and start over!

# geli init -b -g -l 256 -s 4096 /dev/gpt/freebsd-root  (note that "-l" switch is the letter "l" -- not a numeral one)

This initializes encryption on this partition.  "-b" and "-g" tell the system you are going to boot from it, and that the boot system should ask you for the password.  "-s 4096" sets the block size; 4096 is a good choice with a decent split between performance and XTS fuzzing (security), and matches most SSD page sizes which is important on SSDs.  "-l 256" says to use 256-bit AES instead of 128 and is optional.  There's debate over whether 128 or 256 is more-secure; 256 is a bit slower, but not much.  Note that you cannot change either the sector size or AES length once the partition is initialized without erasing everything in the partition you are encrypting.  Unlike Bitlocker on Windows there is no "encrypt in-place" option.

You will be asked for a password.  Use a strong password and do not forget it.  There is no way to recover anything on that partition if you lose it.  Ever.  Period.  There is no recovery key ala Bitlocker; you either have the password (the system does allow you to set a second one but that's beyond the scope of this document) or there's nothing you can do to get the data back.

When that command completes type:

# geli attach /dev/gpt/freebsd-root

And enter the password when prompted.  If it's correct you'll see a couple of lines announcing the filesystem is attached and another root prompt.  If the password is wrong it will tell you; repeat the command and put in the right one.  If you accidentally put in the wrong device name the password will obviously not work since it's not the correct part of the disk.

Now type:

# newfs -t -J -U -L rootfs /dev/gpt/freebsd-root.eli

Note: The ".eli" name on the end denotes the encrypted partition you just attached.  This initializes the filesystem itself; you are telling the system you are on an SSD and want it to use "TRIM" ("-t"), you want Journaling and Soft Updates (both good for performance and data security / reboot speed) and you also want a label called "rootfs".  The last switch isn't really necessary -- but it's good practice.

Now you have to mount that filesystem where the installer wants it so it can put the operating system on there for you:

# mount /dev/gpt/freebsd-root.eli /mnt

And then create two files necessary for the system to boot when you're done -- an /etc/fstab file to tell the system where the filesystem is you created and a loader.conf file so the system knows where to find the root filesystem and to load the encryption driver during the boot process:

In /tmp/bsdinstall_etc/fstab put:

/dev/nvd0p6.eli / ufs rw 1 1

And in /tmp/bsdinstall_boot/loader.conf place:

geom_eli_load="YES"
vfs.root.mountfrom="ufs:nvd0p6.eli"

"vi" is a good choice to do that, assuming you know how to use that editor.  "echo" will work too (one line at a time.)  So will "ee" (Easy Editor.)

(nvd0p6.eli may be different depending on what you saw above -- if unsure look again with "gpart show | more" and look for the index number of the partition.  Note there is no "/dev" prefix and that ".eli" on the end must be present; that's the attached encrypted copy.  Without it the system won't boot as it will try to read the unencrypted device and will see garbage.)

Now you need to mount the existing EFI partition on the drive and copy in the FreeBSD loader. The UEFI boot manager you installed earlier will be able to find it automatically, but to do so you must place the FreeBSD loader that knows how to scan for and read encrypted disk partitions in the correct place. The following commands will do that (the "#" is the root prompt), assuming "nvd0p1" is your EFI boot partition on the disk:

# mkdir /tmp/mount
# mount -t msdos /dev/nvd0p1 /tmp/mount
# mkdir /tmp/mount/EFI/FreeBSD
# cp /boot/loader.efi /tmp/mount/EFI/FreeBSD/bootx64.efi
# umount /tmp/mount
# rmdir /tmp/mount

Now you can type "exit" at the "#" prompt and you will be back in the installer with all the "bits" in the right place for it to put the system on the disk for you.  Do the other usual things in the installer, including setting up networking and similar.

When you're done let the installer run and finish.  When it goes through the normal process and you reboot you should get a boot manager screen with TWO usable options (there will be others as well); one of them should be FreeBSD's "Beastie Head", and selecting that option should immediately prompt you for a password, which is required to unlock and boot the partition you have just set up.

Congratulations; you can then set up X11 if you'd like (e.g. gnome, etc); be aware that the Carbon Gen 6 wants the "scfb" driver declared for X11 to work which is a bit annoying; a file called "driver-scfb.conf" goes in /usr/local/etc/X11/xorg.conf.d once you have xorg loaded and should contain the following to tell it to probe that driver:

Section "Device"
    Identifier "Card0"
    Driver "scfb"
EndSection

Without that Xorg's auto-configuration will not find the Intel graphics and X11 will refuse to start.

Now reboot into Windows and turn Bitlocker back on.  Unlike with X220 where I had to do some rather arcane things with the Group Policy Editor to make that work (Bitlocker would otherwise throw up as soon as I booted FreeBSD) so long as you have loaded the UEFI boot manager and the FreeBSD loader into the EFI partition before you do this it should be fine with you switching back and forth between operating systems -- it is on my machine.  Expect it to raise hell if you tamper with anything in that EFI partition after Bitlocker has initialized, but once you've set everything up there is no reason to screw with that area of the disk again, and in fact if someone does it's probably good for the system to raise a stink about it.  Do be aware that if you use Gnome by default it will try to mount all the partitions it can find when you sign in and will complain a lot if you have the Windows partition encrypted (as expected); the best option there is to turn the automount feature in Gnome off.  Be aware that without policy editing Bitlocker is only as secure as your physical machine and the login passwords on it; TPM-2.0 machines will boot a Bitlocker disk without a PIN entry so if your login password is crap or you use the fingerprint sensor the Windows partition is not secure against someone who can guess or spoof either and the very real possibility exists that Microsoft has a way in to such a booted machine via some Redmond-placed back door.

Finally, delete any existing Macrium Reflect backup XML profiles you used for Windows and re-create them.  Attempting to use the old ones from before you resized the partitions will not work since you've changed the partition layout; they will appear to run initially but error out during the process.  Make a final, new base backup for your Windows side and make sure it verifies, then use the FreeBSD tools of your choice to do so for the Unix side so you're protected there as well.

The only "gotcha" I've noticed is that 802.11ac WiFi isn't recognized but I believe this is still a FreeBSD limitation as of 12-RELEASE.  I don't have an external Thunderbolt dock so I have no idea if an external video card will come up, assuming appropriate entries in the x11 configuration files.

Enjoy!

Note: The options I specify above in setting up the encryption environment make the basic assumption that the purpose of encryption is to protect against a thief getting access to your data.  If your assumption is that you're trying to protect against a determined adversary with nearly-unlimited resource (e.g. a government, a police force, etc) then you have plenty of work to do before choosing those options -- never mind that Bitlocker on Windows is likely not secure against such an adversary at all.

Yes, we need a wall.  Why?  Because bad people sneak in without one.

They do with one too, but it's harder and thus there are fewer attempts, and even fewer successes.  That's good, not bad.

You have to want more illegal invaders to refuse physical barriers.  Just as locking your car or house does not make it impossible to steal from either, it increases the difficulty and thus makes it less-likely.  $5 billion in the context of the federal budget is just over one tenth of one percent of spending.  Any gain in security is worth that amount of money.

But if you want to stop the insanity generally you have to force Congress to keep the promise it made when Reagan gave amnesty to illegals: You must stop the handouts.

Reagan was promised wide-scale immigration reform to end the enticement to come illegally, on a permanent basis, in return for amnesty for illegals already here.  He gave Congress the amnesty.  He never got the elimination of the enticements and it was the Democrats that didn't give it to him.

This is the same political party refusing now and it does not matter that most of those reps and senators are no longer serving; the party itself is the same.

Trump therefore should demand, before any further negotiation, that the past promise be fulfilled.

It's not that hard to do:

• 100% E-Verify, under criminal felony penalty for failures to do so and business seizure for a second offense.  No exceptions.  This is trivially enforceable; employers already have to file 941s to report withholding taxes.  Add one field for each employee that must contain the E-Verify control number on each report.  Change the law so that non-reporting or false reporting on a 941 is a felony criminal offense with a statutory penalty of $5,000 per employee, per month not reported or falsified and that all directors, officers and employees involved in producing said false report are subject to a year in prison, consecutively, for each employee not reported.   This instantly ends employment capability for illegal invaders.
  
  
• No welfare or other government program of any kind that is in whole or part funded by the Federal Government (specifically: Medicare, Medicaid, Section 8, Food Stamps, WIC, S-CHIP, Education, etc) may be provided to any household unless all residing there are verified US Citizens or permanent residents.  Require prosecution for lies on said forms verifying eligibility and require that any such lie is a felony.
  
  
• No medical treatment without proof of payment is required of any facility except as pure charity care to any person who is not a lawful permanent resident or citizen.  All such care amounts, if provided without payment, must be publicly disclosed no less often than quarterly in aggregate along with the total amount of actual collected payments for services by all medical facilities (in other words if they're going to try to make you pay for it under the table they have to disclose it.)
  
  
• No remittances may be sent out out of the country without positive identification and proof of lawful residency or citizenship from the person doing the sending.  Period.
  
  
• No birthright citizenship.  Come here and crap out a baby, it's a citizen of whatever nation you are but isn't an American citizen.  You must be a citizen to confer citizenship at birth.  Period.
  
  
• Unlawful entry must be defined as a criminal felony and permanent bar to future entry for any reason.  If you wish to claim asylum, come to the border and lawfully request it.  If you wish to visit, come to the border and lawfully request entry.  If you cheat from this day forward no matter how or why you are permanently barred from ever entering the United States.
  
  
• Those nations which border ours must be held responsible for any person who is on their soil and makes an attempt at unlawful entry, or who is turned away or deferred during an asylum request until their case is heard.  If you are our neighbor and call yourself "friend" and "trading partner" then start acting like one.  If someone illegally enters from your nation you have a responsibility to take them back when we catch them.  If someone comes into your nation with the purpose of requesting asylum in our nation and you allow them to do that's fine, but that person's safety and place to live is on you until their claim is adjudicated.  What you do from there and whether you let the people in to make said claims in the first place is your business.  Any nation that refuses, even once, to take back an illegal invader caught after unlawful entry from their nation, or a person with a deferred or refused asylum request that presents at our shared border has all trade and border crossing closed until it accepts back the person or persons it allowed to attempt to invade our nation from their land.

For those already here who, the claim is, we should "take care of" (e.g. Dreamers, etc)

• If you came here as a child and are now an adult you must have graduated High School and demonstrate proficiency at a minimum standardized testing level in all applicable subject matter, including the English language, to qualify for further deferment.  While there are some "Dreamers" who are college students or even graduates at this point virtually all covered by this program are now adults.  ROUGHLY HALF have failed to graduate High School, demonstrate functional literacy in English or both.  These are not "Dreamers", they are public charges and must not be given anything beyond the theft they've already accumulated.  That one in ten -- or one in 100 -- is a high-achieving college graduate or student does not in any way extend to those who are either slugs or thugs.
  
  
• If you came here as a child and still are one you must complete your education and become proficient in English. Drop out or get kicked out and you both lose your eligibility and are immediately deported.
  
  
• You must have an executed Affidavit of Responsibility as for any other legal immigrant by an existing citizen who is responsible for you.  In other words you must have a citizen sponsor who both can and will take financial responsibility to prevent you from being a public charge.  This is required of legal immigrants and it damn well needs to be required here too.
  
  
• You must not have a criminal record of any sort more-serious than a routine traffic violation.  Any conviction for an offense against the public peace including robbery, DUI, drug dealing, shoplifting and of course more-serious criminal activity, whether by conviction or plea, is an automatic disqualifying event, without exception.
  
  
• You must document that you have either received all of your support from your sponsor or have lawfully worked and paid taxes in full.  This includes educational, medical and other government-funded expenses; if you received public education you or your sponsor must repay the fully-laden per-pupil cost of same.  If you received medical care under Medicaid or similar you must reimburse the full amount spent on your care by the government.  If you worked under the table you must demonstrate that you personally paid all the taxes otherwise due including both halves of FICA.  If you haven't done so up until now as a result of intentional conduct (e.g. working for cash under the table) you may be excused from criminal liability for your intentional conduct but you must report and pay all such tax arrears anyway, including interest and penalties as with any other intentional underpayment and you must begin to do so immediately and on an agreed payment plan without exception, or your sponsor must do so, until it is all paid off.
  
  
• Assuming the above is met you may have a provisional green card however you still go to the back of the line and are subject to all of the above until your turn comes up in our normal, legal immigration proceeding.  Once your turn does come up you may have full permanent residency and ultimately apply for naturalization as may any other lawful permanent resident.

That's the minimum opening requirement.

If we do not shut off the welfare state for illegal invaders we will never solve the problem.

Leave the government shut down until this is passed first.