Aside from not being Trump (which is a great trait), I know next to nothing about Harris. I know she’s a former prosecutor, and might be able to identify her if she showed up at my door
What else should I know about her (and should I be hopeful of her pushing any meaningful progressive policies)?
Basically, crowdstrike wrote bad code that run as a driver, windows doesn’t like bad code in their drivers. Kernel level code is generally expected to run properly. crowdstrike’s kernel level code was really bad. Embarrassingly bad.
If the host creates a playlist and everyone can add their favorite song to the playlist, the host won’t be blamed if you add “erika”. People rightfully think you are an ignorant weirdo or a bad person, not the host.
Except that the playlists are super complex and there is no way to make sure. Like building an engine and having to make sure that no 3rd party accessory will break it. Like the parented “sand injector”.
The problem with CrowdStrike’s solution is that they got csagent.sys driver signed by WHQL, and the driver will download p-code from the internet and execute it. This allows them to push out changes without waiting for Microsoft approval.
The biggest problem occurs when you don’t sanitize your inputs and someone accidentally uploads a blank file padded with zeroes. The driver dereferences a null value, and crashes your system. Hard.
I don’t want to argue with you and I admit that my phrasing wasn’t ideal but I assumed that it was obvious that i was talking about everything that would be executed on the machine. Apparently it wasn’t.
Crowdstrike released bad code into prod without giving it some hours of testing in local machines or whatever. Incredible fuckup, inimaginable. But, let’s not take blame out of Microsoft, if a driver is faulty the system should be resilient enough no to crap the bed on login. At least enough for IT to be able to remotely access the system and fix it. The manual work the IT world has had to do because it’s lost remote access to workstations is insane.
To be fair, kernel level access by third party software is kind of frowned upon in the Linux world. Ask any desktop Linux user how they feel about NVIDIA (the only third party kernel code an average Linux user will install) and their drivers randomly causing strange issues on their systems up to and including kernel panics compared to the experience on AMD where the driver is open and built into the kernel itself. For security software that needs low level visibility, there is eBPF, direct kernel level access isn’t needed (though I believe CrowdStrike uses it, and thay actually did CrowdStrike Debian and Rocky Linux systems some time back).
MacOS blocked the majority of kernel extensions a few years ago as well.
Windows is the only OS where it has been designed in a way where kernel level access is the rule rather than the exception. So design flaws are at least partially at fault here.
Heard from someone else (so take it with a grain of salt) that CrowdStrike and/or similar companies threatened Microsoft with an antitrust suit when Microsoft tried to force them to use an API instead of working directly with the kernel.
The opinion of Linux desktop users (or any users really) do not count in the enterprise world. Somehow, if management bought in on the Crowdstrike rootkit bandwagon, you’ll see it on corporate hardware. It doesn’t matter if it’s a bad plan; it doesn’t matter if it gives an American company a backdoor to all you infrastructure; if the CISO decides everyone gets it, everyone get it.
The only thing you can really do as a lowly employee is keep any such device away from any personal info or network as if it’s infected by malware (which I would argue is exactly what it is).
Same thing would happen on Linux if someone wrote a bad kernel module and integrated it into the OS. In fact, Crowdstrike did have a similar problem a few months ago on Linux.
I’m no fan of Microsoft, but this isn’t their fault.
That is true. The issue is that because there are so many permission escalation issues in windows, that many anti malware products must run as kernel drivers.
Doesn’t Microsoft allow crowdstrike to make updates? Being such a critical part of the OS it’s up to Microsoft to ensure their procedures are robust and being followed.
How do you implement that? How is it feasible that Microsoft tests all the third party drivers?
Don’t get me wrong I believe Microsoft is partly to blame for this problem as well but for making it so hard for system admins to go around the system and solve things (as compared to Linux where you can do anything). I think sys admins would have solved this much faster if they were using Linux systems
I was just probing your argument because I guessed it was the typical nonsense of Microsoft bad, Linux good, without a good explanation
I think if it’s going on every windows computer windows should have a process in place to prevent what happened from happening. Windows are for profit, they have the money to do it right but they got greedy. A staggered rollout would have prevented most of it and is a very simple thing to require. Also if it’s going on every windows computer or most I wouldn’t consider that a third party anymore even if that’s how they keep liabilities at arms length
It’s not, its just popular. Its not windows job to police what software you choose to run on it.
However Windows does actually have an optional certification program called WHQL for kernal level drivers. Getting this certification lets updates get posted via windows’ internal updater. It checks the driver calls apis correctly and doesn’t misbehave with interrupt handling among other tests. Crowdstrike driver did pass this, and in fact there was no bug with the driver, the bug was with the configuration file. The configuration file updates about once an hour (and it really needs to do that), and does so outside the windows update process, making windows powerless to control its rollout. whql certification takes a few days to run and configuration files aren’t really in scope.
Maybe don’t be a little baby who breaks things in a fit of rage. Next time you feel like taking your anger out on physical object, simply don’t. Breaking something, feeling bad about it, and learning from the experience is an important part of growing up.
Some people are not taught, by their parents, how to handle anger or frustration. I don’t think we should be calling them out for this, as people don’t learn that way.
Wow, Democrats nominate a prosecutor, and people’s thoughts on ACAB change all of a sudden and start down voting me on it. It’s like they forgot the first A means All.
To be clear she’s 4,000% less a bastard and than Donald Trump, that doesn’t mean ACAB stopped being true, I die on this hill.
That section wrh similar articles towards te bottom is dangerous. I just went on a 30 minute dive reading abstracts of recent research studies of autistic people and only stopped because I have to get to bed soon. I’ll be back for more tomorrow.
This is pretty much what I was wondering. How many of these classifications (such as autism) cross cultural/linguistic boundaries?
Obviously nitpicking one identifying characteristic (object personification) isn’t really valid to dismiss the diagnoses entirely. Perhaps it’s a valid diagnostic and Japanese culture is just more accepting of certain autistic personality traits, where American culture would suppress them. Identification of weird/unusual/possibly unhealthy behavior can be hard to separate from cultural norms.
I don’t have any specific examples off hand but HealthyGamer on YT is a psychiatrist with both a western medical degree and traditional training in India. He often compares the two, where they align, etc.
The answer is that you needed a different controller layout for different games so you would grab the handles that were needed essentially allowing for about 4 different options.
The problem was definitely when everyone started realizing if you had the buttons they wanted to program them to do something and you had to get weird with reaching between.
Strictly speaking, that question is invalid, as a rock has no genetic material. It’s like saying “You’re more similar in color to sand than to mathematics.”
lemmy.world
Active