So… Europe? 160 ish?

The problem with SELinux/nftables/cgroups is that they don’t come with a centralised log aggregator, and they don’t do much blocking beyond the defaults for 99% of deployments.

You must not have heard of ®syslog.

Also, SELinux is a massive pain to set up (even compared to AppArmor), and setting it up correctly is even worse.

I beg to differ, I find SELinux easy to setup. But your mileage may vary, depending on one’s experience.

CrowdStrike does a lot of what SELinux does but it’s easier to configure, works on every operating system, and comes with tools to roll out configuration across an organisation. There’s nothing close to that in the open source world. Even if you set up something yourself, you’ll need to continuously tweak your setup not to get in the way of employees and to prevent alert fatigue from all of the false positives. Apparently, recent events show it doesn’t work on every OS… 😜

When talking about ease of use… Configuration is configuration. If you do not take the time to learn how to use your product, the product you know will always be better than the one you don’t. I’ve used Crowdstrike. I’ve battled them to get their kernel modules signing certificate to be signed by RedHat. I’ve battled them to have the possibility to have the auto update disabled. So no, I am not impressed by the quality of their product. I’ll bet any day a vanilla RHEL with the correct security related software and the latest updates outperforms and outclasses Crowdstrike.

I think a preconfigured solution like Security Onion combined with tons of group policy and Ansible can form an open source alternative, but that only monitors, whereas CrowdStrike also blocks. To block behaviour, you’ll need to write code for most platforms, and that’s just as likely to take down your org as an auto update from CrowdStrike. I can’t speak of MS products, as I have not managed them for 20 years, but all of this is not needed on a decent Linux distro.

You assume I would think you’re wrong. I do not.

Morally, assassination is despicable. But so is fascism.

I applaud you for taking the high road, while I just say Fuck ‘em all. Fascism should not be tolerated, even in a democracy.

It doesn’t require Hitler-level Evil. Just pragmatism.

What CrowdStrike is actually selling, is someone who actually looks at the system logs and who pushes a button when something pops up. Roughly.

There are better solutions on the market. Unfortunately CrowdStrike has the more aggressive sales team.

For those wondering, I’m referring to *nix based solutions like SElinux, appArmor, iptables, nftables, cgroups, … But you need to monitor your logs if you want to take appropriate action.

He did (at least) one good thing in life, and people feel the need to smear him…

As long as the OS was supported, updates were available.

But yes, I loaded a nice Fedora on it… 😉

Overpriced hardware comes with a boon: It lasts longer. I am by no means an apple fanboy, but when I discovered the 12 year old Mac of my dad still performed like mid-range PCs with Windows, I was quite surprised.

Still not buying their hardware though…

This is exactly the same question I asked 3 years ago when my brother died, and left all his tech stuff to his non-tech wife and kids.

Fortunately I was able to migrate whatever was important to cloud-based services.

But what will happen if this happens to me? I have no other siblings, and I made it a habit not consorting with techies: I don’t like nerds 😉, and I prefer to talk about other subjects in my spare time.

One of the reasons I used to self host a lot is privacy, and because I am an Open Source advocate. So I migrated everything important to commercial offerings which supported both, or at least the Privacy part.

I share a passwords through a password manager with my wife and kids, which gives them the keys to the kingdom. They can use my master password to unlock the doors. I also keep a paper with my most important passwords in a place my wife knows about, and can access without any proof of my death. Joint safes in the bank typically get sealed until the tax people have released the accounts.

Everything which I host myself now is disposable, and my wife knows she can turn it off without a second thought.

Yes, it is our entire airforce. Now send yours!

Ise kde, not gnome.

Joey, is that you?

Aside from the obvious (company providing all the necessary tools) why not using libreoffice and saving it as M$ excel?

Nope

Yes! Been using it for a long time now! Never had any (major) issues!

😱

So pure out curiosity… and science! how many liters of toothpaste did you consume over the last 3 days?

Surprise… Surprise… It’s a snap!

dnf upgrade And package-cleanup --cleandupes Should have fixed it.

You may also want to check up on regulations and laws of your country.

In Belgium, for instance, I am responsible for any and all attacks originating from my PC. If you were hacked and said hackers used your computer to stage an attack, the burden of proof is upon you. So instead of hiring very expensive people to trace the real source of an attack originating from your own PC, enabling a firewall just makes sense, besides making it harder on hackers…