This is, in a lot of ways, impressive. This is CrowdStrike going full “Hold my beer!” about people talking about what bad production deploy fuckups they made.
Applying updates is considered good practice. Auto-applying is the best you can do with the money provided. My critique here is the amount of money provided.
Also, you cannot pull a Boeing and let people die just because you cannot 100% avoid accidents. There are steps in between these two states.
I work at a different company in the same security space as cloudstrike, and we spend a lot of time considering stuff like “if this goes sideways, we need to make sure the hospitals can still get patient information”.
I’m a little more generous giving the downstream entities slack for trusting that their expensive upstream security vendor isn’t shipping them something entirely fucking broken.
Like, I can’t even imagine the procedureal fuck up that results in a bsod getting shipped like that. Even if you have auto updates enabled for our stuff, we’re still slow rolling it and making sure we see things being normal before we make it available to more customers. That’s after our testing and internal deployments.
I can’t put too much blame on our customers for trusting us when we spend a huge amount of energy convincing them we can be trusted to literally protect all their infrastructure and data.
Not who you asked, but did you ever hear of Valiant and their kernel level anti cheat.
This is not a 1:1 comparison but anticheat software running in the kernel has the ability to monitor all other processes due to its permission levels. It can monitor all scheduled tasks and infer from that information.
Drivers need similar access but for different reasons, they need access to os functionality a user would absolutely never be granted. This is because they interface directly with hardware and means when drivers crash, they generally don’t do it gracefully. Hence the BSOD loop and the need for booting windows without drivers (i.e. safe mode) and the deletion of the misconfiguration file.
Whatever CrowdStrike’s “features” are should already be core security features of the kernel itself, or be exposed/extracted into user space.
NT was supposed to be a micro kernel. That this tool injects itself into the kernel immediately compromises the kernel. Edit: I should point out that it seems that CS injects drivers into the Linux kernel too, it might just be that Linux handles a driver crash more elegantly.
No different to the gaming anti-cheat kernel crap.
Having a “security” tool immediately compromise your actual security is absurd.
I’d love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. netfilter.org
This isn’t one of the cases where we’re talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it’s just that only one got one.
Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.
I, too, work in a similar type of company, and can confirm from experience that Linux can get just as absolutely fucked up by a bad kernel module as windows.
And it’s not just changes to the module that can cause things to go wrong.
For example, the kernel released alongside the latest Ubuntu LTS included a change that conflicted with our module behaviour, so machines with that kernel or newer would panic on boot.
It was a super minor change, but when you’re deep in the weeds, it’s really easy for these things to be brittle. But that’s just an inherent consequence of the fact that this sort of stuff is intrinsically low-level interaction with the OS itself.
The kernel is responsible for managing hardware and general low-level system operations. Anything that wants to do those things needs to get itself into kernel mode one way or another.
The typical way you do this is called a “driver” and no one thinks about them as being kernel code. Things like graphics cards and the like.
Things that want to do actions like monitor network traffic or filesystem activity system wide or in a lower level capacity than the normal tools provide also need to be kernel level.
In a security context, that specifically would include things that want to monitor raw packets rather than the parsed content that assumes the packet is well formed in a way that a malicious one might not be.
Cloudstrike does the same thing on Linux, and the typical tools for network management or advanced security are also either compiled in or loadable kernel modules.
It’s easy to forget that ip/ebtables and selinux and friends are kernel level software frequently distributed as kernel modules, in the case of the firewalls, or compiled in with a special framework and not just user mode software.
I can put the blame to your customers. If I make a contract with a bank they are responsible for my money. I don’t care about their choice of infrastructure. They are responsible for this. They have to be sued for this. Same for hospitals. Same for everyone else. Why should they be exempt from punishment for not providing the one service they were trusted to provide? Am I expected to feel for them because they made the “sensible choice” of employing the cheapest tools?
This was a business decision to trust someone external. It should not be tolerated that they point their fingers elsewhere.
Can’t fault you for feeling that way. I definitely don’t think anyone should be exempt from responsibility, I meant blame in the more emotional “ugh, you jerk” sense.
If someone can’t fulfill their responsibilities because someone they depended on failed them, they’re still responsible for that failure to me, but I’m not blaming them if that makes any sense.
Power outage or not, the store owes me an ice cream cake and they need to make things even between us, but I’m not upset with them for the power outage.
You can be reasonable in your choice of words, but there are heads that need to roll. In this case it is not the one pushing the final button, but all those that created this system. Developers, Project Managers, Team Leaders, all the way up to the CEO. If the space to work in is so limited that the possibility of such pushes seems like a tolerable idea, then everything leading to this is broken. And people need to invest to make this right. Therefore there needs to be incentives, good and bad. To steer out of the current course there need to be very unfavorable incentives.
You can mock my argument by giving a ridiculous example. Once people die it will be too late. It’s why there was a time where people thought it to be a good idea to employ giant generators to keep the power in a hospital running even in case of a power outage. Or to have redundant systems in an airplane.
There is a need for adequate standards in the software world. Trusting businesses to create them will evidently kill people. Creating something like certificates for personal skills and products is severely lacking.
I wasn’t mocking your argument, I was agreeing with you and clarifying that my feeling was about who I’m most “irritated” with, not about responsibility or legal culpability.
My example was for simplicity, not mockery.
The power going out is the power companies fault, so I’m most mad at them. The store didn’t have a generator because they trusted the power company, so my cake got ruined. I’m still mad at them but less so because they weren’t the cause of the problem, even though they could have done more to prevent this from impacting me.
Culpability wise, I can only make demands of the store and hope that enough other people do so that they in turn demand answers from the power company.
There are actually a fair number of certifications, including ones from government agencies, relating to software development, deployment, and related practices. That so many organizations didn’t have the ones relating to protection from supply chain issues is distressing, to say nothing of it slipping through quality control in the first place.
Please, if you think we’re in a place in this thread where I’d be mocking you, re-read it with the understanding that I agree with you entirely on legal and structural issues, and at most just have a different opinion about where the balance of "fuck you"s go. I think I put more scorn towards the vendor because doing the thing is worse than failing to prevent the thing. Also, I work at a parallel company and so I’m more familiar with exactly how much you have to be fucking up for this to happen because I spent the last three days dealing with the more minor controls that prevent this from happening. Everyone has outages because you can’t prevent 100% of errors, but it’s on the vendor to build to the spec of their most sensitive customer and ensure that outages don’t keep a doctor from patient records.
I wasn’t mocking your argument, I was agreeing with you and clarifying that my feeling was about who I’m most “irritated” with, not about responsibility or legal culpability.
Okay, sorry for that. It happens to me sometimes to be mocked without me seeing prior cause for this. Thank you for clarifying that.
If a shop can’t sell me cakes, then it’s inconvenient. If a hospital is not able to keep people alive, that’s where things get intolerable. Them not having access to their PCs is a hospital thing. If they cannot use them they should not use them. If it’s a cost saving measure at the cost of people’s lives, then I want heads to roll. Literally, preferably.
For the icecream, yes. If I want icecream and the shop doesn’t have any because of a power grid failure, then I blame the power company more. The generator would be overkill, as it needs constant maintanance and checkups; immense running costs. This would not be justifiable for something like ice cream.
The hospital needs to be way more thorough with their supply chains. This discrepancy of responsibilities towards patients/customers is why I thought I was mocked, sorry again for that.
I called the certification processes “lacking” because they are very often out of date, if at all applied, like you said. The timeframe for product certifications needs to be drastically reduced for software products. I am aware that those checks need time the developers often don’t have, but that doesn’t matter. If that is a crucial issue, then they should stay the fuck away from critical infrastructure.
In my defense, the backend contracts change so often in early development the any just made sense at first…
Refactorings and changes are the prime reason to use TypeScript. You edit your data objects and get squigglies everywhere shit won’t work anymore. A godsend!
One job I worked at wouldn’t let us do this because it created too large of a QA impact (lol). We were only allowed to modify code in the smallest section possible so that testing could be isolated and go faster.
At another job they mandated that TypeScript wasn’t allowed because it “slowed down development”. It was soooo laughable. The number of bugs introduced that could have been readily caught was absurd, but management never put the two pieces together.
Typo’d property names when accessing was the biggest one. Assuming a property was one data type instead of another and not casting or handling it appropriately. Accidentally calling something like it’s a method when it isn’t.
I ran a bunch of plugins on my end to help with some of that, but many of the older or stubborn devs refused and would refuse anything but, like, vim with no add-ons.
I believe you don’t have to actually use (meaning “compile from”) typescript to profit from it. If you maul the compiler options hard enough, you might get it to analyze JavaScript and provide type checking.
In related news, I have had zero issues with my home network drive that is shared to the internet through FTP. Don’t use OneDrive unless there’s a really compelling reason to do so.
You most certainly are not, but for who it might concern: Never omit to protect this access with a VPN and/or even better ditch FTP and opt for secure protocols like SFTP.
My experience is exactly the opposite. I don’t work for a FAANG but I’ve been around the block a bit. Its always the junior devs that try and add new warnings etc to the code base. I always require warnings to be cleaned up even if that means disabling specific instances (but not the whole rule) because the rule is flagging a false negative.
That’s why I said false negative. The medical test is testing for the presence of a disease. So if they find the disease is considered a positive test (it found what it was looking for). For static analysis on code, its the opposite. Its testing if your code is free of issues that it can detect. If it finds no issues, then the test was positive. If does find issues, the test failed and each issue is a negative that contributed to the test failing.
You could say “A static analysis tool is testing for the for the presence of defects” or “a medical test is testing if your body is free of diseases that it can detect” to change how you’re looking at either of the tests in the previous comment.
By your logic it would be a positive for your code to have errors/warnings. And on the latter, that would appropriate if there was a test that determined if you are free from all known diseases (or at least those that it can detect).
Is it a positive to have pathogens that cause dengue/malaria in your blood? Yet we still say that someone tested positive for dengue if they have the virus.
Static analysis tools don’t test for all known issues either, no?
I’m not debating. It is not a matter of opinion. I’m doing you the courtesy of informing you how the entire rest of the world uses the term.
If action A looks for thing X, and it finds thing X, then the test is positive. If action A fails to find thing X, then the test is negative.
If action A claims to find thing X, but later confirmation determines that thing X is not really there, then this situation is called “false positive”.
If action A claims fails to find thing X, but later confirmation determines that thing X is actually there, then this situation is called “false negative”.
That thing X may subjectively be considered an unwanted outcome has **nothing ** to do with the terms used.
It boils down to desensitization/normalization. Warnings (and errors, of course, but tests as well) exist for a reason. If you don’t care about these gauge constructs are telling you, then they have no real diagnostic value. Getting into a place where you’re not looking at how your systems are actually running is generally a bad idea, especially in the long run.
programmer_humor
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.