So, @tinker expressed dismay at something that I see a -lot- of: small business IT people choosing to log directly into their domain controller to do administrative things, including managing their SIEM - which is sometimes hosted as a VM running on a machine where the DC is the bare metal OS.
The reasons for this are a little bit complex in how they interlock, but here's how it boils down:
@munin @tinker Any thoughts to getting small business insurance, banks, etc., to take role in this? Those are forces which can role unanticipated costs into anticipated (and visible) costs, and press for best practices.
Great war story and methds. Plays into a lot of what I'm thinking about #GreshamsLaw, #UnanticipatedConsequences, #HygieneFactors, and #DelayedInformation realisation.
The tools that insurance and banks generally bring to bear on this are compliance audits - which drive SIEM sales, sure, but don't really help the underlying issues here.
The ultimate problem here is that the prime mover in the market - Microsoft - is very difficult for people to set up without specific training and experience; it is expensive to get that training and experience...
@munin @tinker I'd argue that the problem is actually the inverse.
With Microsoft, without any training or experience, you can set something up that /appears/ to work.
You could try to set up a Samba domain controller with LDAP, but ... if you don't know what you're doing, it /won't/ work at all.
Since Microsoft gets you off the ground, you roll with that, but you've also just holed with it, since you in fact /didn't/ know what the fuck you were doing.
@dredmorbius @tinker Either way, really. Some go one way; some go another.
What I'd -like- is for MS to cut out the "be everything to everyone" and fork off multiple companies that agree on open interoperational standards but focus on different markets: consumer, smallbiz, largebiz, enterprise.
Also, stop making gratuitous, breaking changes without clear reasons why.
Munin, Keeper of Lore
Doc Edward Morbius ❌