CrowdStrike effectively bricked windows, Mac and Linux today.

Windows machines won’t boot, and Mac and Linux work is abandoned because all their users are on twitter making memes.

Incredible work.

  • Bappity
    link
    English
    76
    edit-2
    5 months ago

    cloudstrike crowdstrike should be sued into hell

    • @noisefree
      link
      125 months ago

      Time to rebrand as CloudShrike to prevent future fuckups.

    • @[email protected]
      link
      fedilink
      English
      15 months ago

      well maybe letting them pay compensation to all(!) victims (not just their customers) for all losses including lost time already would solve that problem.

      that would leave the decades-long unsolved problem of microsoft not beeing held liable for their buggy products (which is the reason for all security-products-as-a-workaround-to-compensate-that-crappy-os companies existance) open.

      why not in general hold companies liable for the damage they cause so they CAN develop beeing more cautious with what they do? i mean not ONLY cs should be sued to hell, but ALL of them should be sued until they are reasonable cautious with all possible damages they can cause (and already did in the past)

      • @tibi
        link
        75 months ago

        It’s not Microsoft’s fault a third party company wrote a kernel module that crashes the OS.

        Unlike the mobile world where apps are severely limited and sandboxed, the desktop is completely the opposite. Microsoft has tried many times to limit what programs can do, but encountered a lot of resistance and ultimately had to let it go.

        • Justin
          link
          fedilink
          English
          2
          edit-2
          5 months ago

          Windows requires that antuviruses run at kernel level, programs which are notoriously buggy and harmful. It is a design flaw to require users to implement mandatory security features in this way. (it is literally not possible to run windows 10 or 11 without an antivirus) Similar security programs on Linux do not run at kernel level, nor should they.

          Furthermore, every copy of Windows since Windows 7 requires that kernel modules are signed by Microsoft themselves. Microsoft personally signed off on this code that crashed millions of computers.

          • @tibi
            link
            65 months ago

            Antivirus software for Linux also has kernel access. You can’t intercept OS operations like opening files or launching executables without kernel access. And some of the companies I worked at also required antivirus software on Linux servers.

            You can absolutely run Windows without an anti-virus, it has plenty of security features built-in.

            It’s all a matter of trust. Do you trust your engineers to properly configure machines to be secure and not run exes from dubious sources, or do you trust a cybersecurity company to do it for you? Anti-virus software nowadays is more about restricting users from doing stupid shit.

          • @tibi
            link
            55 months ago

            Oh, and signed drivers aren’t about Microsoft validating and testing every driver. It’s about verifying that the driver comes from a trusted company and isn’t tampered with.

        • Justin
          link
          fedilink
          English
          -55 months ago

          If someone hands a toddler a gun and they shoot someone, who’s fault is it?

          • @surewhynotlem
            link
            155 months ago

            The only thing that can stop a toddler with a gun is a good toddler with a gun

          • @rockSlayer
            link
            125 months ago

            What if that someone is another toddler that found the gun in the street, and it got in the street because it fell off a truck? Your Honor, what if the toddler had murderous intent because they were denied a sucker?

          • @jedibob5
            link
            English
            55 months ago

            Is this implying that a publicly-traded corporation whose software is installed on millions of computers around the world has the same level of agency and responsibility as a preschooler?

            I mean, yes, Microsoft bears responsibility for blindly accepting whatever deployment package CrowdStrike gave it and immediately yeeting it out to 100% of customers via Windows Update without any kind of validation or incremental rollout, and should probably be sued for it. That still doesn’t negate the complete and catastrophic failures at every step of the development process on the part of CrowdStrike. It takes a lot of people to fuck up this bad.

            • @KazuyaDarklight
              link
              English
              105 months ago

              Windows didn’t do anything, this was an update applied by the Crowdstrike agent.

              • peopleproblems
                link
                45 months ago

                That’s the impressive part of all this. Microsoft didn’t do it. CloudStrike did it.

                Microsoft left something in a state that allowed CloudStrike to fuck up enough to brick systems.

                It’s why we spend a lot of time reviewing security analysis of our own software - if there’s a way to fuck everything up, it better not because we enabled it to get fucked.

            • Justin
              link
              fedilink
              English
              65 months ago

              Is this implying that a publicly-traded corporation whose software is installed on millions of computers around the world has the same level of agency and responsibility as a preschooler?

              When it comes to IT reliability and security, kinda, yeah.

              Windows AV and MDM is a bit of a horror show in the corporate space. I worked somewhere where developers weren’t allowed to use WSL because it was blocked by McAfee. We also had 3 different MDMs running and they were slow as balls even though they were modern 8 core laptops.