After two major outages in as many weeks — including the CrowdStrike crash — alarm bells are ringing about the world's overreliance on Microsoft. Andrew Chan...
I know it has nothing to do with macos. I agree it’s the QA piece. I heard upper managements theme was “two feet on the gas”. Also the CEO was the CTO of McAfee when they had a similar issue back in 2010 if I’m not mistaken. 🙃
Hopefully there are a bunch of programmers there right now standing in a circle around the desk of some manager and bombarding them with a continuous chant of “We told you so!” We knew in the 1990s not to trust stuff coming in off the Internet to be what it claims or reach its destination unmangled, and as I understand it, the software was blindly attempting to parse unverified threat definition files it had downloaded. Doing it all in ring 0 was just that extra crowning touch. This should have been caught before it even got to QA.
It has a little bit to do with the OS. Windows does not have the same sandboxing capability for modules that Linux provides. The fact that the sensor needs to run in ring 0 is a problem, and eBPF at least mitigates much of the issue in Linux. But I think you meant that CrowdStrike is by no means blameless, and I agree - they have a long history of shitty implementations, and rightly deserve to be the focus of our anger.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !canada@lemmy.ca
And if Crowdstrike had competent management who valued a proper QA department, the overall failure wouldn’t have happened at all.
This has nothing to do with OS. This is a result of corporate fuckery.
I know it has nothing to do with macos. I agree it’s the QA piece. I heard upper managements theme was “two feet on the gas”. Also the CEO was the CTO of McAfee when they had a similar issue back in 2010 if I’m not mistaken. 🙃
Hopefully there are a bunch of programmers there right now standing in a circle around the desk of some manager and bombarding them with a continuous chant of “We told you so!” We knew in the 1990s not to trust stuff coming in off the Internet to be what it claims or reach its destination unmangled, and as I understand it, the software was blindly attempting to parse unverified threat definition files it had downloaded. Doing it all in ring 0 was just that extra crowning touch. This should have been caught before it even got to QA.
It has a little bit to do with the OS. Windows does not have the same sandboxing capability for modules that Linux provides. The fact that the sensor needs to run in ring 0 is a problem, and eBPF at least mitigates much of the issue in Linux. But I think you meant that CrowdStrike is by no means blameless, and I agree - they have a long history of shitty implementations, and rightly deserve to be the focus of our anger.
https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/
IIRC those were the non-eBPF versions of the sensor.