Windows has this thing called digital signing with certificates that Linux users like to pretend doesn't exist or in the case of yesterday's Wireguard / VeraCrypt discussion, think it's an evil capitalist scheme to control the world.

Digital signing on Windows predates Mac developer certificates by years but arguably wasn't widely used outside of security-paranoid organizations.

Before someone says Linux offers GPG signing it's mostly useless without a central PKI. Developers offer the public key for download on the same server as the software. If someone uploaded compromised software, surely they would replace the key with their own.

Linux package managers (the normal way to install software) use signed packages.

I don't know how easy/hard it would be to compromise that.

> Before someone says Linux offers GPG signing it's mostly useless without a central PKI

One could also argue that GPG signing is useful exactly because it doesn't rely on a central PKI.

It's as useful as self-signed certificates.

> Windows has this thing called digital signing with certificates that Linux users like to pretend doesn't exist

...or, much more likely, any potential benefits are not worth the negatives.

If you want ZFS use Solaris not an ersatz system that imported OpenZFS code.

Because they are hunting for vulnerable devices and the requests' existence are unique to an application. Like a VoIP appliance for example.

They usually request something deep like /foo/bar/login.html as part of their reconnaissance.

I'm up to 4 pages of filter rules after the massive IP blacklist.

These assholes are also scanning every address on the IPv4 internet and hoovering up the content.

To answer your first question: No, that's the OS's job. But some clever rules could be setup for filtering invalid requests depending on your web server.

Summarily ruined yet again by massive British sockets requiring removing 25% of the volume.

Brits build their homes around the sockets, not the other way around.