There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

AlexWIWA ,

They struck the whole crowd for sure

AVincentInSpace ,

an operating system that allows third-party ring 0 access

Linux with eBPF:

https://i.imgflip.com/30r1af.png

witx ,

Yes. I’m no security expert, but ebpf always seemed a bit weird to me. But in the end much different is it from kernel drivers?

schnurrito ,

funny thing is I, and probably most people, had never even heard that there was something called “CrowdStrike” until Friday of last week

IndiBrony ,
@IndiBrony@lemmy.world avatar

I’m a Formula One fan. The Mercedes team are sponsored by them. You see their logo every time you see an on board shot of the cars.

I had no idea until this weekend.

https://lemmy.world/pictrs/image/ca0b1675-271e-4137-9ce8-1c4a20c3bc9d.jpeg

PrettyFlyForAFatGuy ,

I knew of falcond as the service that makes my work mac run slow.

Unfortunately, having a mac meant i didn’t get friday off unlike most of the rest of the company

NABDad ,

On Friday, as we were running around the hospital where we work trying to get every computer working again, we were following the work-around to rename the Crowdstrike folder under C:\Windows\system32\drivers to “bad-CrowdStrike”.

When my coworker was typing the rename command, instead of typing “cro TAB”, he started typing “clo TAB”. He’d ask me why it wasn’t finding it, and I’d point out the typo.

I started saying, it’s not “CloudStrike”, it’s “CrowdStrike”.

By the end of the day, we were both a little loopy. I started typing “CloudStrike”, and cursing him out for screwing with my head. By the end of the day I wasn’t sure what it was either.

CloudStrike

CrownStrike

ClownStrike

It occurred to us that CrowdStrike is an absolutely terrible name. It sounds like a terrorist attack. Of course, it felt like one on Friday.

LiveLM ,

ClownStrike

A fitting rename after such a pathetic and catastrophic failure, that’s for sure.

FrostyCaveman ,

CloudStrike

CrownStrike

ClownStrike

ClownStrife

SuckMyWang ,

So why is this considered a crowdstrike issue and not a Microsoft fuckup?

Tartas1995 ,

Basically, crowdstrike wrote bad code that run as a driver, windows doesn’t like bad code in their drivers. Kernel level code is generally expected to run properly. crowdstrike’s kernel level code was really bad. Embarrassingly bad.

If the host creates a playlist and everyone can add their favorite song to the playlist, the host won’t be blamed if you add “erika”. People rightfully think you are an ignorant weirdo or a bad person, not the host.

InfiniteFlow ,
@InfiniteFlow@lemmy.world avatar

OTOH, if you build a playlist manager for playlists everyone can add to, you make sure nothing anyone adds will break it…

Eheran ,

Except that the playlists are super complex and there is no way to make sure. Like building an engine and having to make sure that no 3rd party accessory will break it. Like the parented “sand injector”.

Tartas1995 ,

Well do you want to have Microsoft approving EVERY driver for windows? Rip 3rd party open source drivers for retro hardware

pHr34kY ,

What do you think WHQL is?

The problem with CrowdStrike’s solution is that they got csagent.sys driver signed by WHQL, and the driver will download p-code from the internet and execute it. This allows them to push out changes without waiting for Microsoft approval.

The biggest problem occurs when you don’t sanitize your inputs and someone accidentally uploads a blank file padded with zeroes. The driver dereferences a null value, and crashes your system. Hard.

Serinus ,

They were legally not allowed to as part of an agreement to not be s monopoly and allow competition.

wreckedcarzz ,
@wreckedcarzz@lemmy.world avatar

Windows: exists

Crowdstrike: stabs

You: why would Microsoft stab themselves?

fushuan ,

Windows: exists

Crowdstrike: exists

Windows: open belly, right here!

Crowdstrike: stabs

Crowdstrike released bad code into prod without giving it some hours of testing in local machines or whatever. Incredible fuckup, inimaginable. But, let’s not take blame out of Microsoft, if a driver is faulty the system should be resilient enough no to crap the bed on login. At least enough for IT to be able to remotely access the system and fix it. The manual work the IT world has had to do because it’s lost remote access to workstations is insane.

aptgetrekt ,

To be fair, kernel level access by third party software is kind of frowned upon in the Linux world. Ask any desktop Linux user how they feel about NVIDIA (the only third party kernel code an average Linux user will install) and their drivers randomly causing strange issues on their systems up to and including kernel panics compared to the experience on AMD where the driver is open and built into the kernel itself. For security software that needs low level visibility, there is eBPF, direct kernel level access isn’t needed (though I believe CrowdStrike uses it, and thay actually did CrowdStrike Debian and Rocky Linux systems some time back).

MacOS blocked the majority of kernel extensions a few years ago as well.

Windows is the only OS where it has been designed in a way where kernel level access is the rule rather than the exception. So design flaws are at least partially at fault here.

PrettyFlyForAFatGuy ,

I’m so glad i got rid of my nvidia card. Having to reinstall the divers and kernel-headers every time my kernel updated was getting old.

refurbishedrefurbisher ,

Same thing would happen on Linux if someone wrote a bad kernel module and integrated it into the OS. In fact, Crowdstrike did have a similar problem a few months ago on Linux.

I’m no fan of Microsoft, but this isn’t their fault.

witx ,

Can you explain why you think this is a Microsoft issue?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines