Agreed, but again these updates were done by the Crowdstrike software. Nothing to do with Microsoft or Windows.
In this case it was an update to the security component which is specifically designed to protect against exploits on the endpoint. You’d want your security system to be up to date to protect as much as possible against new exploits. So updating this every day is a normal thing. In a corporate environment you do not want you end users to be able to block or postpone security updates.
With Microsoft updates they get rolled out to different so called rings, which get bigger and bigger with each ring. This means every update is already in use by a smaller population, which reduces the chances of an update destroying the world like this greatly.
I absolutely expect vendors to push out new patterns automatically and as fast as possible.
But in this case, a new system driver was rolled out. And when updating system software, I absolutely expect security vendors to use a staged rollout like everyone else.
100% agreed, Crowdstrike fucked up with this one. I’m very interested to hear what went wrong. I assume they test their device drivers before deploying them to millions of customers, so something must have gone wrong between testing and deployment.
Something like this simply cannot happen and this will cost them customers. Your reputation is everything in the security business, you trust you security provider to protect your systems. If the trust is gone, they are gone.
One time years ago, Sophos provided an update the blocked every updater on the machine. Each computer had to be manually updated. They are still in business. My point is that this isnt the first and wont be the last time it happens.
Yeah, I mean Microsoft can release something like Windows 11 and still be in business, so I don’t expect a lot will change. But if you had any stocks in Crowdstrike, RIP.
We’ll probably never know. Given the impact of this fuck up, the most that crowdstrike will probably publish is a lawyer-corpo-talk how they did an oopsie doopsie, how complicated, unforseen, and absolutely unavoidable this issue has been, and how they are absolutely not responsible for it, but because they are such a great company and such good guys, they will implement measures that this absolutely, never ever again will happen.
If they admit any smallest wrongdoing whatsoever they will be piledrived by more lawyers than even they’d be able to handle. That’s a lot of CEO yachts in compensations if they will be held responsible.
I disagree. That Crowdstrike crashes is one thing; the issue here is that Windows suffers such a widespread crash, whether it is because of Crowdstrike or for any reason.
It’s not specific to Microsoft, but the general idea of letting proprietary software install whatever it wants whenever it wants directly into your kernel is a bad idea regardless. If the user had any control over this update process, organizations could do small scale testing themselves before unleashing the update on their entire userbase. If it were open source software, the code would be reviewed by many more eyes and tested independently by many more teams before release. The core issue is centralizing all trust on one organization, especially when that organization is a business and thus profit-driven above all else which could be an incentive to rush updates.
Agreed on both counts. This happened because Microsoft made adoption easy. And this will be fixed within a day. None of the fundamentals have shifted. Even though it’s stupid, this isn’t going to fundamentally shake anything up.
There will be no consequences for those who made this choice because going with the biggest suppliers is never wrong: they in theory have the highest reliability, and even if they don’t, then it’s not just your problem but everyone else’s too, can’t blame those responsible when the outage is akin to an “act of God”
It’s great to have alternatives. If it was all linux, and linux got hit, then it’d be the entire world in danger. Too bad M$ is just not good enough for it’s second most popular position.
Well, we got to see roughly something play out with the xz thing. In which case only redhat were going to be impacted because they were the only ones to patch ssh that way.
Most examples I can think of only end of affecting one slice or another of the Linux ecosystem. So a Linux based heterogenous market would likely be more diverse than this.
Of course, this was a relative nothing burger for companies that used windows but not crowdstrike. Including my own company. Well except a whole lot fewer emails from clients today compared to typical Fridays…
Illegal in some states I think. Fun fact when the term jaywalking was introduced, the term jay was a legitimate insult, meaning something like country bumpkin
I like how the image itself is ai generated for some reason (as if there weren’t enough images exactly like this you could use) but the bandaid is just poorly shopped onto it.
Because AI art is shit at this kind of thing. Not incapable of, just absurdly fiddly to get obedience from. It’ll get you 75% of the way there, and then you actually need to know how to edit an image, which is where it lets you down.
Go ahead and try generating images of a family during benediction wearing ear bandages and you’ll find it really struggles with getting that last part right because it’s not typical subject matter.
Depends. Since this is security software it probably has a kernel driver component. I think in linux a 3rd party kernel module could do the same. But the community would not accept closed source security software, especially not in the kernel.
My Debian system was bricked when it “upgraded” to systemd.
Required attaching a monitor to a normally headless server to fix. (Turns out systemd treats fstab differently and can hang booting if USB drive isn’t attached.)
Steam, a 3rd party program, has nuked the home directory of users who didn’t really do anything wrong.
Programs have huge abilities to bork systems, be it Windows or Linux…
I’ve seen RHEL completely crap itself due to a 3rd party update. Wasn’t that long ago fairly certain it was a McAfee update that took down a bunch of our Linux boxes. It happens.
lemmy.world
Hot