There never will be a 1 for 1 replacement because the two systems have different approaches. Why would you want a direct replacement when you could have something better?
GPOs are a windows thing and don't apply to other systems. The generic equivalent is configuration management, for which there are many solutions. Linux updates are much easier than windows updates, and many linux systems now use immutable and atomic updates by default, which further reduces risk.
For directory, openLDAP just does LDAP. DNS is done with Kea or Unbound.
Fundamentally the issue is a lack of familiarity. The only way to become familiar with a system is... to use it.
Chrootkit is the sort of thing you run on your affected drive from a system you believe isn't affected.
EDR is pretty much just logging and remote access. The rest is fluff. Yes, you need a "host agent" for operational and regulatory reasons, but there's more flexibility than you think in what you can deploy for that. And none of the vendors use the best technical solution.
It's true the desktop security model sucks, but there's progress in improving it. Wayland, containerization, immutability.
Flicking that switch would be pretty much a one time deal. Not likely.
What would happen instead, and has happened in the past, is Microsoft (or juniper, etc) leaving a remote vulnerability unpatched while certain groups use that exploit. It's much more deniable. So deniable, that it's impossible to say for certain that it was intentional.
It's more practical to audit FOSS systems for bugs than a Microsoft solution, and the tools for doing so are open source and getting even better every day. Like you said, sharing the burden helps with cost: It also helps with the trust issue. Going one step further, formally verified software solutions are possible (and exist!). Good luck getting that from Microsoft, they ship a calculator that needs updates and internet access to run.
What would make it illegal to do this? Generally anything which hasn't been invented yet is legal, it's rare (but not impossible) for something to be banned before it exists.
9. Does FDA require IRB review and approval of off-label use of a legally marketed device?
...(unrelated for this conversation)...
Yes, when the off-label use of a legally marketed device is part of a research study collecting safety and effectiveness data involving human subjects, IRB review and approval is required (21 CFR 812.2(a)). For additional information on the off-label use of devices, see the FDA Information Sheet guidance, “ ‘Off-label’ and Investigational Use of Marketed Drugs, Biologics and Medical Devices.”
Part of the issue with merit pay is if it's tied to simple metrics like grades, those metrics will get inflated without raising the things those metrics were meant to measure.
but grades that are external to the school could be used as the metric - something the school cannot tamper with themselves. Grades like "international baccalaureate assessments" or some sort of university entrance exams.
Am I the only one who read this and thought, "doesn't everyone self host a NAT gateway?"
Mine's in the living room, it says TP Link.
More seriously, NAT is fun and all but it can introduce unexpected behaviors that wouldn't exist in a firewall that doesn't do translation. Less is more.
What's impractical about everyone having a domain name? It surely isn't due to lack of domain names, because foo.bar.baz.bim.bim.bap.com is a valid domain name.
It is true that full data sovereignty isn't something most people are interested in, but this is more about a cooperative model for data ownership and access. Having your data identifier be JackDaniels@yahoo.com isn't particularly different from it being jackdaniels.is.technically.bourbon.com. In both cases another organization owns some of the path to your identifier and could potentially lock you out of it. In both cases, verizon is near the top of that list (.com).
As far as the domain name system being centralized, I'm not sure I agree. DNS is like a feudal system with hundreds of kings (top level domains) who all work together with one pope (ICANN), and various lords and ladies occupying positions under those kings. If ICANN goes completely bonkers the kings can get a new pope, some of them are literally sovereign because they are nation states. Just for fun, some of those states are ruled by literal kings, too. There are experiments to run a TLD by Decentralized Autonomous Organization (DAO), but I think for the most part nobody really cares because the current system happens to work pretty OK. If you have an idea for a more decentralized way to organize a namespace that doesn't involve your grandmother typing in a massive UUID or onion address, and doesn't result in someone being able to domain squat literally everything; I would love to hear about it.
Ownership is probably the wrong word since the legal grant is term limited contract for exclusive use under terms of service. Selling subdomain usage grants (also under contract and TOS) feels quite similar.
Top level domains can change pricing, terms, or cease operation. Freenom is a great case study, as they previously operated TLDs. At the edges, a well-operated subdomain service could offer stronger ownership-like behavior than a top level domain.
GPOs are a windows thing and don't apply to other systems. The generic equivalent is configuration management, for which there are many solutions. Linux updates are much easier than windows updates, and many linux systems now use immutable and atomic updates by default, which further reduces risk.
For directory, openLDAP just does LDAP. DNS is done with Kea or Unbound.
Fundamentally the issue is a lack of familiarity. The only way to become familiar with a system is... to use it.
reply