I do recommend Gentoo (haven't tried Funtoo) for the academically inclined. It's a beast to maintain, but you'll soon find yourself at ease with configuring and compiling your own kernel, configuring your packages and even making some yourself.
It isn't as hard as people make it out to be - if you gradually push your boundaries. In particular, it's good if you already use Arch.
Nobody ever learned from the solarwinds attack. If a massive amount of your infrastructure is backed by some obscure software, bad actors will either try to insert a backdoor or find a zero-day exploit. If people are going to neglect what just happened, crowdstrike will fall heals up, faster than solarwinds did.
I don't think that rust would have prevented this one, since this isn't a compile time error (for the code loader).The address dereferencing would have been inside an unsafe block. What was missing was a validity check of the CI build artifacts and payload check on the client side.
I do however, think that the 'fingers-crossed' approach to memory safety in C and C++ must stop. Rust is a great fit for this use case.
Why are sensitive or critical hospital systems loaded with bossware? That itself is a breach of medical safety regulations and medical privacy. If such bossware fails for whatever reason - even sabotage, it's on the leach class. Prosecute them for murder.
Crowdstrike exists for Linux too. In fact, it apparently crashed RHEL and Debian a few months back. That didn't get so much attention.
Falcon seems to be a cross between an antivirus and an intrusion detection system (IDS). There are many antiviruses on Linux, but only one FOSS AV is popular - ClamAV. As for IDS, snort is an example.
But in the true sense, Falcon is much more than just an AV and IDS. It's a way to detect breaches and report it back to CrowdStrike's threat detection and analysis teams. I don't think there exists a proper alternative even in the commercial sector.
In that case, it's time for the average workers to sabotage the bossware. Let the leech class solve the problem they create.
Google has discovered that FOSS software under their full control is better than pure proprietary software for monopoly abuse and rent seeking. With FOSS software, they enjoy the automatic popularity that they otherwise would have had to market very hard for. At the same time, none of Google's free software is truly free. Google devs regularly neglect and reject overwhelming user requirements (jpegxl in chrome is probably the best example of this) and choose designs that clearly favor the company monetarily. It isn't even practical for normal people to fork their projects.
Google often uses their 'FOSS' projects to twist open standards or the market to their advantage. Android and Chrome are very significant players in this regard. Using Chrome, Google even managed to make the W3C standard too complicated for others to make alternative browsers easily. Google has similar ambitions in the multimedia market. They want to replace the monopolistic media formats with quasi-monopolistic formats like webp and av1 instead of truly open ones like jpegxl.
It's still possible on almost any distro with pyenv or asdf-vm.
Nice idea!
In addition, we could have an allowlist for honest bots (like search crawlers).
I wish there was something more interesting to do there.
You are not expected to remember a v6 address - or even v4 for that matter. They are designed for machines. DNS is designed for humans.
I wonder what happened to Tails - the one that started it all.