On Friday, July 19, 2024, a single piece of software ground a good chunk of the planet to a screeching halt when someone at CrowdStrike deployed a system driver file filled with zeroes. Threat and state level actors can only dream of having backdoor, kernel level access to the OS of the hundreds of thousands, if not millions, of machines that CrowdStrike Falcon has been installed on. If you are a top level IT manager and use Microsoft Defender, SentinelOne, Huntress, or other Enterprise Endpoint Detection & Response (EDR) remote management solutions, you are probably patting yourself on the back and thinking to yourself, "Whew! We just dodged a bullet!" No. You are still someone who doesn't actually understand the fundamentals of system and network security. True system and network security isn't dependent upon a single piece of magical software that solves all of your problems. It is a combination of first hardening of the mind to trust nothing and trust
The European Union is, once again, attempting to dictate global policy way outside their jurisdiction. I run uBlock Origin and Ghostery (you should too!), which already deals with the things GDPR was largely concerned with. The GDPR made the average web browsing experience worse, not better. The Digital Services Act (DSA) expands upon GDPR in a way that supposedly targets very large companies but, digging into it, it actually appears to affect businesses of all sizes. Let's say you run a small business and you have a website. That website has a domain (DNS) that is issued by a registrar (e.g. GoDaddy, NameCheap, etc.) and is hosted on a third party service (e.g. a VPS provider like AWS, DigitalOcean, OVH, etc. or a shared hosting provider like 1&1, GoDaddy, etc.) and then speeds up global content delivery of static assets via a CDN (e.g. CloudFlare). If you are a website developer/admin, all of this sounds perfectly normal and completely innocuous to you. Now let's